Privacy Policy
Last updated: February 12, 2026
Summary: Family Tapestry stores your family tree data locally on your device by default. Optional cloud features (accounts, sync, and collaboration) require an email and password. We collect only what is necessary to provide these services. We never sell your data or use advertising trackers.
1. Introduction
Family Tapestry ("we", "our", or "the app") is a family tree builder application developed by Octopye Digital Designs. This privacy policy explains how we collect, use, and protect information when you use our mobile app and web editor.
By using Family Tapestry, you agree to the practices described in this policy. If you do not agree, please do not use the app.
2. Age Requirement
Family Tapestry requires users to be 13 years of age or older to create an account, in compliance with COPPA (Children's Online Privacy Protection Act) and similar regulations. We verify age during account registration and do not knowingly collect personal information from children under 13.
The app's local-only mode (without an account) can be used by anyone under parental supervision, as no personal data is transmitted.
3. Information We Collect
3a. Local-Only Mode (No Account)
When you use Family Tapestry without creating an account, all data stays on your device. We do not collect, transmit, or store any information. This includes:
- Family names, mottos, and member details
- Photos added to family member profiles
- Avatar selections and app preferences
- Canvas layouts and designs
- Gamification progress
3b. Cloud Account Features
When you create an account for cloud sync and collaboration, we collect:
- Email address: Used for authentication, two-factor verification codes, and collaboration invitations
- Display name: Shown to collaborators you invite
- Date of birth: Used solely to verify you meet the minimum age requirement (13+). We store only the date, not the time
- Password: Stored as a secure hash using bcrypt. We never store or have access to your plain-text password
- Family tree data: Family names, member details, relationships, and canvas layouts you choose to sync to the cloud
3c. Two-Factor Authentication (2FA)
We use email-based two-factor authentication for account security. When you log in, a temporary verification code is sent to your email address. These codes expire after 10 minutes and are deleted after use.
4. How We Use Your Information
We use collected information exclusively to:
- Authenticate your identity and secure your account
- Sync your family tree data between your devices
- Enable collaboration with people you invite by email
- Send two-factor verification codes
- Send collaboration invitation emails on your behalf
- Process voluntary feedback submissions
We do not:
- Sell or share your data with third parties
- Use your data for advertising or marketing
- Use analytics or advertising trackers
- Track your location
- Profile your behaviour
5. Collaboration and Sharing
When you invite someone to collaborate on your family tree:
- An invitation email is sent to the address you provide
- The invitee must have or create their own account to accept
- You control the permissions (view-only or edit access)
- You can remove collaborators at any time
- Collaborators can see the family tree data you have shared but cannot access your account or other family trees
6. Camera and Photo Library Access
The app requests access to your device's camera and photo library so you can add photos to family member profiles:
- Camera: Used only when you choose to take a new photo for a portrait
- Photo Library: Used only when you choose to select an existing photo
In local-only mode, photos are stored on your device and never uploaded. In cloud mode, photos included in your family data may be synced to our servers as part of your family tree.
7. Data Storage and Security
- Local data is stored using your device's secure storage and is protected by your device's own security features
- Cloud data is stored on secure, hosted PostgreSQL databases
- Passwords are hashed with bcrypt before storage
- Sessions are managed with secure, HTTP-only cookies and authentication tokens
- Emails are sent through Resend, a trusted email delivery service
8. Data Retention
- Local data: Remains on your device until you delete it or uninstall the app
- Cloud data: Retained as long as your account is active. You can delete your family data at any time through the app
- 2FA codes: Expire after 10 minutes and are automatically cleared
- Session data: Expires after 30 days of inactivity
9. Your Rights
You have full control over your data:
- Access: View all your data within the app at any time
- Delete: Use "Reset All Data" in Settings to erase local data. Contact us to delete your cloud account and all associated data
- Portability: Your local data lives on your device under your control
- Withdraw consent: You can stop using cloud features at any time and continue in local-only mode
10. Third-Party Services
We use the following third-party services:
- Resend: For sending verification codes and invitation emails. Subject to Resend's Privacy Policy
- Google Play Store / Apple App Store: For app distribution. Subject to their respective privacy policies
- Expo: For development builds and testing. No user data is shared with Expo in the production app
11. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this privacy policy or wish to exercise your data rights, contact us:
Email: [email protected]
Website: familytapestry.octopye.com