Family Mission Privacy Policy

We collect only the data necessary for the AI Assistant to operate (data minimisation principle):

We store the content of conversations to give you access to history and to continue threads. Conversations are linked to your account and child profile. Legal basis: GDPR art. 6(1)(b).

Assistant response ratings (👍/👎): If you mark an assistant response as helpful or unhelpful, we store that rating with the message ID. The rating can be changed or removed at any time by clicking again. If you submit a rating, you authorise us to review the entire context of that conversation (including earlier messages in that session) solely to improve the quality of assistant responses. No conversation content is passed to third parties for this purpose; the review is performed exclusively by the Family Mission team. Legal basis: GDPR art. 6(1)(f) (legitimate interest – service improvement).

Full card processing (card number, CVV, 3-D Secure authentication data) is performed exclusively by our payment provider — Stripe Payments Europe, Limited. We do not store or process card numbers. On our side we store:

• the provider's customer and transaction identifier (Stripe customer ID and the payment / session ID),
• the reference that lets us charge subsequent periods automatically (a payment-method identifier attached to the Stripe customer) — used exclusively for automatic charges of subsequent subscription periods (see point 2.4a),
• the amount, date and status of each transaction (success / failed / refunded), refund history,
• subscription status (active, trialing, cancelled, expired) and dates of billing-period boundaries.

Legal basis: GDPR art. 6(1)(b) (contract performance) and art. 6(1)(c) (legal obligation — accounting records under the Polish Accounting Act).

After the first successful payment, we retain the reference that allows automatic charges, returned by Stripe (a payment-method identifier attached to the Stripe customer). This reference:

• is used exclusively for automatic charges for subsequent subscription periods (and for refunds and one-off top-ups on plan change),
• does not allow reconstruction of the card number or use outside our Stripe integration,
• is deleted on subscription cancellation + 24 months, or immediately upon your request to rodo@misjarodzina.ai.

Legal basis: GDPR art. 6(1)(b) (contract performance — recurring billing). You can cancel your subscription in account settings at any time — the reference will then no longer be used for new charges.

We automatically record IP addresses, browser type, and session identifiers for security and diagnostics. Logs are kept for up to 12 months. Legal basis: GDPR art. 6(1)(f) (legitimate interest – system security).

To measure how users use the Service, we use Vercel Web Analytics. The tool does not use cookies and does not create persistent identifiers that allow users to be tracked across sessions. The information collected includes: URL of the visited page, referrer, device and browser type, and a short-lived identifier generated from a hashed IP address (rotated daily). On that basis we produce only aggregated traffic statistics – they do not allow identification of a natural person. Legal basis: GDPR art. 6(1)(f) (legitimate interest – evaluation and improvement of the Service).

• Purpose: PostgreSQL database hosting (accounts, child profiles, conversation history), Supabase Auth (authentication), pgvector (knowledge-base vectors).
• Transferred data: all user data and child-profile data stored in the Service.
• Location: Frankfurt (EU, region eu-central-1). The direct data transfer takes place entirely within the EU.

• Purpose: generation of AI Assistant responses.
• Transferred data: message content with children's names anonymised, child's age (expressed as a range, not a date of birth).
• Model training: Anthropic does not use data submitted via the API to train its models.
• Retention on the Anthropic side: up to 30 days for security and abuse-detection purposes, per Anthropic's privacy policy.
• Location: USA. The transfer is based on the EU Standard Contractual Clauses (SCC) approved by the European Commission.

• Purpose: creation of vector representations of user queries to retrieve relevant fragments of the knowledge base (RAG). This data is not used by OpenAI to generate responses visible to the user.
• Transferred data: message content after children's names are anonymised.
• Model training: OpenAI does not use data submitted via the API to train its models.
• Location: USA. The transfer is based on SCC.

• Purpose: hosting the user interface of the Service and collecting aggregated traffic statistics (Vercel Web Analytics).
• Transferred data: HTTP request metadata (IP address, user-agent, URL, referrer) necessary to deliver content. In the Analytics layer the IP address is one-way hashed and is not stored in clear form.
• Cookies: Vercel Web Analytics does not use cookies or browser fingerprinting.
• Location: USA. The transfer is based on EU Standard Contractual Clauses (SCC) and a Data Processing Addendum with Vercel Inc.

• Purpose: hosting the backend application (FastAPI) handling all requests from the user interface – including messages to the AI Assistant, conversation history storage and PDF generation.
• Transferred data: HTTP request metadata (IP, user-agent) and API request content. Children's names are anonymised before reaching the AI models, but application code running on the Render infrastructure operates on pre-anonymisation data.
• Location: USA (the Frankfurt region is unavailable in the production plan). Transfer based on EU Standard Contractual Clauses (SCC) and a Data Processing Addendum with Render Services, Inc.

• Purpose: DNS for the Service domains, the CDN/proxy layer protecting against abuse, and storage of generated PDF files (Cloudflare R2 Object Storage).
• Transferred data: HTTP request metadata (IP, user-agent, URL) when the proxy is active, and the contents of generated materials (PDF files).
• Cookies: when the proxy layer is active, Cloudflare may set a technical cookie __cf_bm used exclusively for bot protection. The cookie is technically necessary and is not used for profiling or advertising.
• Location: Cloudflare's global network; PDF files stored in the EU region. Transfer based on SCC and a DPA with Cloudflare, Inc.

• Purpose (Gmail / Workspace): hosting the kontakt@misjarodzina.ai and rodo@misjarodzina.ai mailboxes that receive correspondence from Users exercising the right of contact with the controller (including requests under GDPR art. 15–22).
• Purpose (OAuth): optional user authentication via the “Sign in with Google” flow. You can opt out of this sign-in method — email/password registration is also available.
• Transferred data: email correspondence (content, headers, attachments) reaching our Workspace mailboxes; on OAuth login — email address and Google account identifier. No child profile data or AI Assistant conversation content is passed to Google.
• Location: Workspace Data Region set to Europe → mailbox storage in the EEA. OAuth — global. Transfer based on the SCC included in the Google Workspace Data Processing Addendum and Google LLC's certification under the EU-US Data Privacy Framework.

• Purpose: delivery of authentication emails (registration confirmation, password reset, magic link) as an external SMTP provider for Supabase Auth.
• Transferred data: the User's email address and the content of the message generated from Supabase Auth templates. Conversation content and child profile data are not passed to Resend.
• Retention on the Resend side: sending metadata (logs) – up to 30 days.
• Location: USA. Transfer based on SCC and a DPA with Resend, Inc.

• Purpose: handling Premium / Premium+ subscription payments (payment gateway), automatic charging of subsequent periods and refund handling.
• Transferred data: email address, first name, amount and transaction identifier, payment description (e.g. „Premium — monthly”). Full card processing (card number, CVV, 3-D Secure) is performed solely by Stripe — we do not store card numbers. The reference that allows automatic charges of subsequent periods (a payment-method identifier attached to the Stripe customer) is stored on our side (see point 2.4a).
• Location: Ireland (EEA) — Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, D02 H210, Ireland, company number 513174.
• Processor relationship / transfer basis: data is processed in the EU/EEA under the Stripe Services Agreement and Stripe's separate Data Processing Agreement (DPA), in accordance with Stripe's Privacy Policy.
• Status: active — paid plans are live. Stripe's terms and privacy policy are available at stripe.com/legal.

• Purpose: issuing and posting invoices, archiving accounting documents per art. 74 of the Polish Accounting Act (after paid plans go live).
• Transferred data: invoice-buyer data — first and last name or company name, address, NIP (if provided), invoice number and amount. Child profile data and conversation content are not passed on.
• Location: Poland (EEA) — inFakt Sp. z o.o., ul. Szlak 49, 31-153 Kraków, NIP 9452121681, KRS 0000325203.
• inFakt sub-processors: Google Ireland, Microsoft Ireland, Amazon Web Services (USA + Luxembourg) — transfers to the USA are protected by SCC and DPF on inFakt's side.

We promote the service through Google Ads — campaigns appear in Google Search and across Google's display network outside of misjarodzina.ai. We do not place any ads on the site itself (no Google AdSense, no Meta Pixel) and we do not collect data for remarketing or conversion-measurement purposes.

When you click our ad and land on the site, the URL may contain a ?gclid=... parameter — that is an identifier assigned by Google for click attribution on the Google Ads side. We do not use this parameter on our side (no conversion tag), we do not store it and do not link it to your account.

Google Ads is not a data processor acting on our behalf — that's a B2B relationship between the controller and Google as an advertising platform.

The Service uses only technically necessary and functional (first-party) cookies. We do not use analytical, advertising, or third-party tracking cookies. The traffic measurement tool we use (Vercel Web Analytics, described in points 2.6 and 4.4) also does not write any cookies. Below is the full list of cookies used in the Service:

Local Storage (technology related to cookies): the cookie_notice_dismissed key (boolean value) remembers that you dismissed the information banner so we don't show it again. The value does not identify the user.

The cookies above are either technically necessary to provide the service you've requested (sign-in, session persistence) or functional — they remember your preferences (chosen language, selected child profile) and are set only in response to your actions in the Service. They are first-party cookies that are not used for tracking. Under art. 173(3) of the Polish Telecommunications Act and recital 25 of the ePrivacy Directive, the use of technically necessary cookies does not require your consent – we are only required to inform you of their use, which we hereby do.

You can remove or block cookies in your browser settings. Note that blocking the above cookies will prevent sign-in to the Service.

Instructions for popular browsers:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions