Privacy Policy
This policy explains what personal data Roost collects, how we use it, and the choices you have. We try to keep it short and clear. If anything's unclear, email support@roostonline.co.uk and we'll explain.
Who runs Roost
Roost is operated by Nathan Imhasly ("we", "us"), based in the United Kingdom. We are the data controller for the personal data described in this policy. You can contact us any time at support@roostonline.co.uk.
Data we collect
To make Roost work, we store the following:
- Account info — your email and a hashed password (never the password in plain text).
- Family content — the family name, profiles you create, kanban cards, comments, photos you attach, chat messages, voice notes, calendar events, meals, shopping list items, chores, pocket-money balances and transactions, and contacts you add.
- Subscription state — whether your trial / subscription is active, and an opaque customer ID from RevenueCat (for verifying purchases). We do not see your card details.
- Diagnostic logs — short-lived server logs (request IDs, timestamps, error stacks) used to fix bugs.
Roost does not use third-party analytics, ad networks, or trackers.
What we don't collect
- Location data.
- Contacts on your phone (we only store contacts you type in to Roost yourself).
- Browsing history outside Roost.
- Anything from the camera or microphone unless you explicitly attach a photo or record a voice note inside the app.
How we use it
- To run the app — show your family their boards, sync between devices, deliver notifications.
- To support you — if you email us, we may look at your data to help diagnose a problem.
- To bill you — verify your subscription with Apple's App Store and RevenueCat.
We do not sell your data. We do not advertise inside Roost. We do not share data with third parties except the processors listed below.
Processors we use
Some companies process data on our behalf. We've picked them for security and privacy:
- Supabase — database, authentication, file storage. Hosted in the EU. supabase.com/privacy
- Apple — App Store billing and authentication. apple.com/legal/privacy
- RevenueCat — subscription management. revenuecat.com/privacy
- Resend — transactional email (e.g. weekly recap if you opt in). resend.com/legal/privacy-policy
- Anthropic — when you ask for AI meal ideas, we send your dietary preferences and the meal slot to Anthropic's API. We do not send any names, photos, or other identifying content. anthropic.com/legal/privacy
Your choices and rights
Under UK GDPR you have the right to:
- See your data — email us and we'll send you a copy.
- Correct anything inaccurate.
- Delete your account and everything in it. Email support@roostonline.co.uk with the subject "Delete my account" and we'll process it within 30 days.
- Export your data (in JSON).
- Object to a particular use.
- Complain to the UK ICO at ico.org.uk.
Children's privacy
Roost is built for families, so children's data gets extra care. We design and run Roost in line with UK GDPR and the ICO's Children's Code (the Age Appropriate Design Code), with the child's best interests as the starting point.
What children's data we hold
A child's profile contains only what their parent or guardian chooses to enter: a name or nickname, an optional age, an optional avatar or photo, and the family content they take part in — tasks and chores, chat messages and voice notes, calendar events, shopping items, and pocket-money balances. We collect nothing from children beyond this, and nothing in the background.
Parents stay in control
- Only an adult (18+) can create a Roost account and family. Children take part through a profile their parent creates, or an invite their parent sends.
- The parent who runs the family can view, edit, and remove any child profile and its content at any time, from Settings → Family members in the app.
- A family is a closed, private space. Only invited members can see its content — there is no public sharing, no discovery, and no contact from anyone outside the family.
How the Children's Code shapes Roost
- High privacy by default — everything is family-only. Photos and voice notes live in a private storage bucket protected by row-level security; nothing a child posts can be seen outside the family.
- Data minimisation — we store only what a parent enters. Age and photo are optional; a nickname works fine.
- No ads, no profiling, no tracking — Roost shows no advertising, builds no behavioural profiles, and uses no third-party analytics or trackers, for children or anyone else.
- No selling, no AI training — children's data is never sold and never used to train AI. The meal-ideas feature sends only dietary preferences and a meal slot to Anthropic — never names, photos, messages, or any other family content.
- No location — we don't collect geolocation from anyone, including children.
- No nudges — we don't use design tricks to push children (or adults) into sharing more than they need to.
Children's rights
Every right listed above applies to children's data too. A parent can exercise them on their child's behalf — view, correct, export, or delete a child's profile and content from the app, or by emailing us. A child, or anyone concerned about a child's data, can also email support@roostonline.co.uk directly. If you believe a child has created an account without parental consent, tell us and we will delete it.
Security
Data is encrypted in transit (TLS) and at rest. Passwords are hashed (bcrypt). Photos and voice notes are stored in a private bucket with row-level security — only members of the same family can access them.
Retention
We keep your data while your account is active. When a parent removes a child's profile, that profile and its content are deleted with it. If you cancel and don't sign in for 12 months, we'll send a reminder email and then delete your account. You can request immediate deletion at any time.
Changes
If we update this policy materially, we'll email account holders before the change takes effect. Day-to-day clarifications will just appear here with the "Last updated" date refreshed.
Contact
Email support@roostonline.co.uk.