Privacy
Plain version. The longer policy will land before Family Agreements opens to people who pay. We will not bury a change to this page inside an update notice.
What we collect
When you start an account: your name, your email address, and a password we never see — we keep only a one-way hash of it. If you sign in with a magic link, we record the link request so we can rate-limit abuse.
When you use the product (Phase 02 onward): the text of the agreements you author, the household members you invite, and the state of work you and they do together. That content is yours. It lives behind row-level isolation in our database — your household's rows are not visible to other households, and not visible to us except during incident response, with a log entry for every access.
What we don't collect
No third-party analytics. No fingerprinting. No social-login pixels. No advertising trackers — Family Agreements does not run ads and will not in any version of the future we can imagine. We don't store IP addresses against your account; the auth path logs them transiently for abuse prevention and rotates them out.
Who we share with
Operational vendors only: email delivery (Resend), payment processing (Phase 04), error monitoring (Sentry — scrubbed of request bodies, cookies, and auth headers). No data brokers. No marketing partners. No analytics resale.
Your access
You can read everything we hold about you at any time. You can ask for it as a file. You can delete your account; the rows go with it. Write to privacy@agree.johnnatoli.me.
If something changes
Significant changes to what we collect or how we share it will be announced in-product and by email. We will not roll a substantive change into a typo-fix patch. We will give you at least thirty days to read it.