Privacy Policy

Last updated: 2026-04-12

Last updated: 12 April 2026.

Tidywell ("we", "us", "our") respects your privacy. This policy explains what data we collect, why we collect it, and what you can do about it. It covers the Tidywell mobile application on iOS and Android and the marketing website at tidywell-app.com.

If you'd rather not read the legal version, here's the plain-English summary: we store the minimum data needed to run the app, we never sell anything, you can use Tidywell without an account, and you can delete everything in two taps.

1. Who we are

Tidywell is operated by a UK-based sole trader. For privacy requests, contact us at tidywell-app@zohomail.eu.

2. What data we collect

2.1 When you use the app without an account (anonymous mode)

Tidywell works without an account. In anonymous mode, your household data — rooms, tasks, completions, virtual home state, settings — is stored locally on your device. It is not transmitted to our servers. We do not see it.

We do collect anonymous usage data via our analytics provider (see §4) and a RevenueCat anonymous identifier used to track whether you have an active subscription.

2.2 When you create an account

Creating an account sends your household data to our backend (Supabase, hosted in the EU) so it can sync across devices and be shared with household members. We store:

  • Your email address (and hashed password if you use email/password sign-in)
  • Your Apple or Google account identifier if you use social sign-in
  • Household data: rooms, tasks, completions, virtual home state, streaks, coins, photo attachments
  • Settings: notification preferences, vacation mode, kids mode toggles
  • Subscription status and RevenueCat identifier

We do not store payment card data. Payments are processed by Apple (App Store) or Google (Play Store) and we only receive a receipt and subscription status.

2.3 Photos you attach to tasks

Photos (before/after cleaning shots) are stored on your device by default. If you're signed in, they are uploaded to Supabase Storage under a private, access-controlled path visible only to you and household members you've invited. Free accounts store up to 10 photos for 7 days; premium accounts store up to 50 photos for 35 days. After that, the oldest photos are automatically deleted.

2.4 AI task breakdown (optional)

When you use the AI task breakdown feature, the task name you entered is sent to OpenAI's API to generate the breakdown. This is the only time your task data leaves our infrastructure. We do not send any other household data to OpenAI. OpenAI does not train on this data per their API terms. You can avoid this feature entirely — it is opt-in per task.

2.5 Notifications

When you enable notifications, we store a push token (APNs on iOS, FCM on Android) so we can deliver reminders. The notification content is computed on your device wherever possible.

2.6 Website analytics

The Tidywell website uses privacy-first analytics (Plausible and Vercel Analytics) that do not set cookies, do not track you across sites, and do not collect personally identifiable information. We see aggregate page-view counts and referrers.

3. Why we collect it

We collect data only to:

  • Run the app's core features (chore tracking, sharing, sync, reminders)
  • Verify your subscription status
  • Respond to support requests
  • Detect and prevent abuse
  • Understand which features are used so we can improve the app

We do not use your data for advertising. We do not sell it. We do not share it with third-party marketers.

4. Third-party services

  • Supabase (backend, EU-hosted) — authentication, database, realtime sync, storage
  • RevenueCat — subscription management and entitlement checks
  • OpenAI — AI task breakdown only, opt-in per use
  • Apple and Google — payment processing, push notifications, sign-in
  • Plausible and Vercel Analytics — website analytics (cookieless, privacy-first)

Each provider is bound by their own privacy and data-processing terms. We have Data Processing Agreements in place where required.

5. Kids mode and COPPA

Tidywell has a kids mode for children under 13. When kids mode is enabled:

  • Parents create kid profiles inside their own account
  • Kids do not sign in separately — they use the parent's account in a restricted view
  • No direct data collection from kids occurs
  • No messaging, no public social features, no advertising
  • Parental consent is implicit via account setup

We have designed kids mode to comply with COPPA (US), UK Children's Code, and GDPR-K. If you are a parent and want us to remove any kid profile data, email tidywell-app@zohomail.eu.

6. Your rights

Depending on where you live, you have rights under GDPR, UK GDPR, CCPA, or equivalent laws:

  • Access — request a copy of all data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — delete your account and all associated data in-app (Settings → Account → Delete Account) or by emailing us
  • Portability — export your data as JSON
  • Object — object to processing (note: this may disable core app functionality)
  • Withdraw consent — for any processing based on consent

To exercise any right, email tidywell-app@zohomail.eu. We respond within 30 days.

7. Data retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion
  • Photos: per-tier limits (free 10/7d, premium 50/35d), then auto-deleted
  • Analytics: aggregated, no individual retention
  • Support emails: retained for 2 years for legal record

8. Security

  • All data in transit is encrypted with TLS 1.2+
  • Data at rest is encrypted at the Supabase layer
  • Row-level security (RLS) policies ensure you can only access your own and your household's data
  • Passwords are hashed with bcrypt (handled by Supabase Auth)
  • We perform regular security reviews

No system is perfect. If you believe you've found a security issue, email security@tidywell-app.com.

9. International transfers

Our backend is in the EU. Some third parties (RevenueCat, OpenAI, Apple, Google) are US-based and may process data in the US under Standard Contractual Clauses or equivalent mechanisms.

10. Children under 13

Except for the parent-managed kids mode described in §5, Tidywell is not intended for children under 13 and we do not knowingly collect data from them.

11. Changes to this policy

We may update this policy. Material changes will be notified in-app. The "Last updated" date above always reflects the current version.

12. Contact

Privacy questions: tidywell-app@zohomail.eu Security issues: security@tidywell-app.com Postal: available on request