Myeiyo
Draft for legal review. This policy reflects how we operate today. It hasn't been finalized by counsel and may change before public launch.

Privacy at Myeiyo

Last updated: May 1, 2026

Myeiyo is a chores-and-rewards platform for families. We built it because we wanted a tool we'd actually use ourselves. That includes how it handles privacy. This policy describes what we collect, what we use it for, and just as importantly — what we never do.

If something here is unclear, or if you want us to delete data we hold about your family, email us at hello@myeiyo.app. We answer.

The short version

  • Parents authenticate with Google. Kids never sign up — they access via a single-use magic link only the parent can regenerate.
  • We collect what we need to run the service: account info, chores, photos kids submit as proof, and a ledger of who did what.
  • We never sell your data, share it with advertisers, embed tracking pixels, or train AI on your photos.
  • Photos auto-delete 30 days after a reward is earned. Parents can delete sooner anytime.
  • You can delete your family's data at any time. After a 30-day grace, every record is permanently removed.

What we collect

From parents

  • Your name and email address (from Google when you sign in)
  • Your Google account identifier (to recognize you on return visits)
  • The actions you take in the app: which kids you add, which rewards you start, which submissions you approve or send back
  • Hashed (not stored as plaintext) IP address and browser identifier on mutating actions, for an audit trail

From kids

  • The first name a parent enters when adding the kid
  • An optional age band (5–7, 8–10, 11–13, or 14+) — used to filter age-appropriate chore suggestions
  • Wishes (titles + optional product links) the kid adds to their list
  • Photos the kid uploads as chore proof, plus optional text notes
  • A record of which chores were submitted, approved, or sent back, and when

We do not collect a kid's email, phone number, location, contacts, or any device identifiers. Kids never have a Myeiyo account in the traditional sense — they access the app via a single-use magic link the parent generates and shares.

How we use what we collect

Only to run the service. Specifically:

  • To let you sign in (Google identity)
  • To show your family's rewards, chores, and history
  • To send transactional emails (a chore was submitted, a reward was earned, a parent invited another parent) via Resend
  • To store and serve photo proof while a reward is in progress
  • To provide an audit trail (the "Activity" feed) so all parents in a family see what's happened
  • To detect abuse, spam, or technical problems

What we don't do

This is the part we care most about getting right.

  • We don't sell your data. To anyone. For any reason.
  • We don't share your data with advertisers or marketing platforms.
  • We don't embed tracking pixels or third-party analytics scripts that fingerprint you across the web.
  • We don't use your photos, kid names, or behavioral data to train AI models.
  • We don't profile kids for ads. There are no ads in Myeiyo, period.
  • We don't track kids across other websites or apps.

Children's privacy (COPPA)

We collect personal information from kids under 13 (photos, names, age band, behavioral data on chores). The Children's Online Privacy Protection Act (COPPA) requires verifiable parental consent for this. Here's how we handle it:

  • Verifiable consent. A parent or legal guardian creates the family by signing in with Google. They generate the kid's magic link and share it. The act of generating that link and inviting the kid to use Myeiyo is the consent.
  • Right to review. Parents can see every photo, submission, and ledger entry their kid has made — anytime, in the dashboard.
  • Right to delete. Parents can delete any individual photo, drop a reward, or delete the family entirely. After a 30-day grace window, family deletion is permanent across the database, photo storage, and audit logs.
  • Right to refuse further collection. A parent can revoke a kid's magic link at any time, which immediately cuts off the kid's access.
  • No behavioral advertising. We never use a kid's data for marketing, profiling, or external analytics.
  • No third-party data sharing. Kid data is shared only with our infrastructure providers (Cloudflare for hosting and storage; Resend for transactional email — and only in cases where a parent's email address is the recipient).

If you believe a kid's data is in Myeiyo without proper consent, email hello@myeiyo.app and we'll delete it.

How long we keep things

  • Photos — 30 days after the reward they belong to is earned. Parents can delete sooner. Once deleted from our object storage, gone for good.
  • Family data — kept while the family is active. After a parent schedules deletion, retained 30 days for cancellation, then permanently removed.
  • Audit log entries — kept while the family exists. Permanently removed when the family is deleted.
  • Backups — Cloudflare runs platform-level backups for resilience. Backups roll off on a standard cycle and are not separately recoverable on user request.

Where your data lives

  • Cloudflare — hosts the application, the database (D1), the photo storage (R2), and session/token state (KV). Cloudflare is contractually a data processor; they don't access your content.
  • Google — verifies your identity at sign-in. We receive your Google account email and a stable identifier. We do not request any other Google data.
  • Resend — sends transactional email. They see the email address and message content for emails we send (e.g., "Anna submitted Empty dishwasher — review here").

We don't use any other third-party services that touch your data.

Security

  • All connections use HTTPS.
  • Sessions and magic-link tokens are stored as SHA-256 hashes, not plaintext. A leak of our database wouldn't reveal usable tokens.
  • Photo URLs are signed with HMAC, expire in 5 minutes, and are minted server-side per page load. They're never embedded in emails.
  • Magic links are single-use. The first redemption mints a session cookie; subsequent attempts to use the same link fail.
  • IP addresses and browser identifiers stored in the audit log are HMAC-hashed, not raw.

Cookies

We use two cookies, both first-party (no cross-site tracking):

  • Session cookie — set after sign-in or magic-link redemption. Identifies your session for the next 30 days. HttpOnly, Secure, SameSite=Lax. Required for the app to work.
  • OAuth state cookie — set briefly during Google sign-in to prevent cross-site request forgery. 10-minute lifetime. Removed automatically after sign-in completes.

We don't use third-party cookies. We don't use analytics cookies. We don't use marketing cookies.

Your rights

  • Access — see everything we hold about your family in the dashboard.
  • Correct — edit kid names, age bands, wish details, and chore titles directly.
  • Delete — remove a photo, drop a reward, or delete the entire family. Family deletion has a 30-day grace; after that, gone permanently.
  • Export — we're building a one-click export feature. In the meantime, email us and we'll generate one for you.
  • Withdraw consent — sign out, regenerate a kid's magic link, or delete the family at any time.

If you're in California, the EU, or another jurisdiction with specific privacy rights, those apply too. Email us if you want us to action a specific request and we'll respond within 30 days.

Changes to this policy

If we change anything material — what we collect, how we use it, who we share with — we'll email every parent with an active family before the changes take effect. Minor edits (typos, clarifications) we'll just update with a new "last updated" date.

Contact

Privacy questions, data requests, or concerns: hello@myeiyo.app.

Back to home