Privacy Policy

Version privacy-v1.0 · Last updated April 24, 2026

Who we are

Ark Family ("Ark", "we", "us") is the data controller for personal data processed through the Ark Family Operating System at arkfamily.vercel.app. Our contact for privacy matters is privacy@arkfamily.app.

What we collect

  • Account data: email, password hash, country.
  • Household data: family name, timezone, locale.
  • Member profiles: display name, role (admin / parent / kid), color, date of birth for kids.
  • Activity data: chores, completions, rewards, behaviors, events, token ledger, messages.
  • Conversational AI data: your prompts + Ark's replies, plus a short-lived memory store the assistant uses for context.
  • Operational data: IP address, user-agent, timestamps of consent events (for audit).

Why we collect it (lawful basis)

Under UK / EU GDPR our lawful bases are: (a) contract, to provide the Ark service you signed up for; (b) legitimate interest, for basic security and fraud prevention; and (c) consent, for marketing emails and for processing any data about your children.

Under PIPEDA (Canada) and the LFPDPPP (Mexico) we rely on knowledgeable consent given at account creation. You may withdraw consent at any time using the flows at /delete-data.

Children

Ark is designed for families. We only allow a verified parent or legal guardian to create a child profile, and we require explicit parental consent at the time the profile is created. For US users we comply with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506). For UK users we follow the ICO Age Appropriate Design Code.

We never sell or share children's personal data. Kids cannot sign up directly — only a parent account can add them. A parent may delete a child profile at any time from Settings, which removes all data about that child permanently within 30 days.

AI processing

Ark uses Anthropic's Claude API to power conversational onboarding and the family assistant. Prompts you send to Ark are transmitted to Anthropic for inference and are not used by Anthropic to train models. We send the minimum data required — family first names and chore/reward titles for context — and never send passwords, emails, or full dates of birth.

Your rights

Under UK GDPR, PIPEDA, and LFPDPPP you have the right to:

  • Access the data we hold about you.
  • Receive a copy in a portable format — /delete-data has a one-click export.
  • Ask us to correct inaccurate data.
  • Ask us to delete your data (right to be forgotten, Art. 17 GDPR).
  • Object to processing based on legitimate interest.
  • Withdraw consent for marketing at any time.

To exercise any of these rights, email privacy@arkfamily.app or use the tools at /delete-data. We respond within 30 days.

Data retention

Active household data is retained while the account exists. On deletion request we hard-delete within 30 days. We keep anonymized operational logs (no personal data) for up to 12 months for security and debugging. Consent records are retained for 7 years for audit.

International transfers

Our infrastructure is hosted by Vercel (USA) and Supabase (USA). Transfers from the UK and EU rely on the UK IDTA / EU Standard Contractual Clauses. Anthropic (USA) processes AI requests under the same safeguards.

Complaints

If you believe we have mishandled your data, please contact us first. You also have the right to lodge a complaint with your local supervisory authority: the ICO (UK), Office of the Privacy Commissioner (Canada), INAI (Mexico), or your State Attorney General (US).

Privacy Policy — Ark