Back to Home

Privacy Policy

Last updated: Oct 28, 2025

This Privacy Policy describes how Zorath LLC ("Company", "we", "us", or "our") operates ChoreSpark and collects, uses, and protects your information when you use our service.

Data Controller: Zorath LLC acts as the data controller for personal information collected through ChoreSpark.

International Compliance: This policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), Children's Online Privacy Protection Act (COPPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and Australian Privacy Act 1988.

1. Information We Collect and Legal Basis

ChoreSpark collects information to provide and improve our family task management service. Below is a comprehensive list of data collected and the legal basis for processing under international privacy laws:

Personal Information (Legal Basis: Contract Performance)

  • Parent email addresses and names (required for account creation and communication)
  • Children's names and ages (required for age-appropriate features and COPPA compliance)
  • Payment information (processed by Stripe, not stored by us)
  • Account preferences and settings

Usage Data (Legal Basis: Legitimate Interest)

  • Quest completion and progress data (service functionality)
  • Photos submitted as task proof (stored temporarily for verification)
  • Login times and session duration (security and service improvement)
  • Device and browser information (compatibility and security)
  • IP addresses (security, fraud prevention, and geo-location)
  • Error logs and diagnostic data (service improvement)

Optional Information (Legal Basis: Consent)

  • Marketing preferences and newsletter subscriptions
  • Feedback and survey responses
  • Optional profile customizations

Information We Do NOT Collect

  • Social security numbers or government ID numbers
  • Biometric data or facial recognition
  • Location tracking (except general geo-location from IP)
  • Third-party account passwords
  • Financial account details (handled exclusively by payment processors)

2. How We Use Information and Data Principles

Data Processing Principles

Our data processing follows internationally recognized principles:

  • Lawfulness: All processing has a clear legal basis
  • Purpose Limitation: Data used only for specified, legitimate purposes
  • Data Minimization: We collect only necessary information
  • Accuracy: We maintain accurate and up-to-date records
  • Storage Limitation: Data retained only as long as necessary
  • Security: Appropriate technical and organizational measures
  • Accountability: We demonstrate compliance with privacy principles

Specific Uses of Your Information

We use collected information for these specific purposes:

Essential Service Functions (Legal Basis: Contract)

  • Provide access to ChoreSpark features and functionality
  • Track family progress and achievements
  • Process and manage quest submissions and approvals
  • Manage user accounts and authentication
  • Process payments and manage subscriptions
  • Provide customer support and technical assistance

Communication (Legal Basis: Contract + Legitimate Interest)

  • Send essential account and service notifications
  • Provide transaction confirmations and receipts
  • Deliver security alerts and system updates
  • Respond to support requests and inquiries

Service Improvement (Legal Basis: Legitimate Interest)

  • Analyze usage patterns to improve platform features
  • Identify and fix bugs and technical issues
  • Develop new features and quest packs
  • Conduct aggregate analytics (no individual identification)

Security and Legal Compliance (Legal Basis: Legal Obligation + Legitimate Interest)

  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations and regulatory requirements
  • Protect the rights, property, and safety of users
  • Enforce our Terms of Service and policies

Optional Features (Legal Basis: Consent)

  • Send marketing communications and newsletters (opt-in required)
  • Personalize user experience based on preferences
  • Conduct optional surveys and research studies

Purpose Changes: If we wish to use your information for purposes other than those listed above, we will seek your consent or ensure we have a legitimate legal basis, and update this policy accordingly.

3. Children's Privacy (COPPA Compliance)

ChoreSpark is designed for family use with parental supervision:

  • Parents must create and manage all children's accounts
  • We do not knowingly collect personal information directly from children under 13
  • Parents control all data shared about their children
  • Parents can request deletion of their child's data at any time

4. Data Storage and Security

We implement industry-standard security measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • Regular security audits and monitoring
  • Limited employee access to personal data

5. Information Sharing

We do not sell or rent personal information. We may share data only in these limited circumstances:

  • With your explicit consent
  • To comply with legal requirements
  • With service providers who assist in platform operations
  • To protect the safety and rights of users

6. Your Privacy Rights Worldwide

Your privacy rights vary by jurisdiction. We honor the highest applicable standard for all users:

Universal Rights (Available to All Users)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in machine-readable format
  • Communication Control: Opt out of non-essential communications

EU/UK GDPR Rights

  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict: Limit processing in certain circumstances
  • Right to Withdraw Consent: Withdraw consent for optional features
  • Right to Complain: File complaints with your local Data Protection Authority
  • Right to Information: Receive clear information about processing
  • Automated Decision Making: Opt out of automated profiling (we don't use automated decision-making)

California CCPA/CPRA Rights

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion (subject to legal exceptions)
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit use of sensitive personal information

Canadian PIPEDA Rights

  • Right to Access: Access personal information we hold
  • Right to Correction: Request correction of errors
  • Right to Withdraw Consent: Withdraw consent (may affect service availability)
  • Right to Complain: File complaints with Privacy Commissioner of Canada

Australian Privacy Act Rights

  • Right to Access: Request access to personal information
  • Right to Correction: Request correction of inaccurate information
  • Right to Complain: Lodge complaints with Office of Australian Information Commissioner
  • Right to Anonymity: Deal with us anonymously where practicable

How to Exercise Your Rights

To exercise any of these rights:

  • Use the privacy controls in your account settings
  • Contact our Data Protection Officer through the in-app help system
  • Send requests marked "Privacy Request" for priority handling
  • Include sufficient information to verify your identity
  • Specify which rights you wish to exercise

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law). Complex requests may require up to 90 days with notification.

7. Cookies and Tracking

ChoreSpark uses essential cookies for authentication and platform functionality. We do not use third-party tracking cookies or advertising networks.

8. Data Retention and Deletion

We retain personal information as follows:

  • Account data: Retained while account is active plus 90 days after closure
  • Quest and progress data: Retained for 2 years after account closure for analytics
  • Photos: Deleted within 30 days of account closure or upon request
  • Payment information: Retained per financial regulations (typically 7 years)
  • Support communications: Retained for 3 years for quality assurance

You may request immediate deletion of personal data, subject to legal retention requirements.

9. International Data Transfers

ChoreSpark operates globally, which requires transferring your data across international borders. We ensure all transfers comply with applicable privacy laws:

Primary Data Locations

  • United States: Primary servers and databases (Supabase/PostgreSQL)
  • Global CDN: Vercel edge locations worldwide for performance
  • Payment Processing: Stripe (global infrastructure with local processing)
  • Email Service: Resend (US-based with global delivery)

Transfer Safeguards

For transfers outside your country, we implement:

  • EU Transfers: Standard Contractual Clauses (SCCs) approved by European Commission
  • UK Transfers: UK International Data Transfer Agreement (IDTA)
  • Swiss Transfers: Swiss-approved Standard Contractual Clauses
  • Canadian Transfers: Adequacy determinations where applicable, contracts otherwise
  • Other Countries: Adequacy decisions or appropriate safeguards as required

Data Localization

Where required by local laws, we implement data localization:

  • Russia: Data localization requirements (currently, ChoreSpark is not available in Russia)
  • China: Data localization requirements (ChoreSpark is not available in China)
  • India: Critical personal data localization for Indian residents when required

Your Rights: You have the right to obtain information about safeguards relating to transfers of your personal data and, where applicable, obtain a copy of the safeguards.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information (subject to legal exceptions)
  • Right to opt-out of sale of personal information (we don't sell personal info)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information

To exercise these rights, contact us through our support system with proof of California residency.

11. Third-Party Services

We use trusted third-party services that may access your data:

  • Stripe: Payment processing (PCI DSS compliant)
  • Supabase: Database hosting with encryption
  • Vercel: Application hosting and delivery
  • Resend: Transactional email delivery

These services operate under their own privacy policies and security standards. We ensure all partners meet our data protection requirements.

12. Data Breach Response

Breach Detection and Response

We maintain comprehensive data breach response procedures:

  • Detection: 24/7 monitoring systems and immediate incident alerts
  • Assessment: Risk evaluation within 24 hours of detection
  • Containment: Immediate steps to prevent further unauthorized access
  • Investigation: Forensic analysis to determine scope and cause
  • Remediation: Security improvements to prevent recurrence

Notification Procedures

In case of a personal data breach, we will:

  • Regulatory Notification: Notify relevant authorities within 72 hours (GDPR, state AGs, etc.)
  • User Notification: Notify affected users within 72 hours unless breach poses no risk
  • Public Disclosure: Post security notices on our website if required by law
  • Media Notification: Issue press releases for significant breaches affecting large numbers of users

Information Provided

Breach notifications will include:

  • Description of what happened and when it was discovered
  • Types of personal information involved
  • Steps we have taken to address the breach
  • Steps you can take to protect yourself
  • Contact information for questions and assistance
  • Whether law enforcement has been notified

Preventive Measures

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication for administrative access
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response team and documented procedures

13. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notifications or email at least 30 days before taking effect. Continued use after changes constitutes acceptance of the updated policy.

14. Automated Decision Making and Profiling

No Automated Decision Making: ChoreSpark does not use automated decision-making systems or profiling that would significantly affect you. All decisions about your account, subscription, or service access are made by humans.

Algorithm Use: We use basic algorithms for:

  • Quest recommendation based on child's age (human oversight required)
  • Progress tracking and XP calculations (transparent mathematical formulas)
  • Fraud detection (human review for all positive matches)
  • Technical performance optimization (no personal impact)

You have the right to request human intervention in any automated processing that affects you.

15. Sensitive Personal Information

ChoreSpark minimizes collection of sensitive personal information:

We DO Collect (with explicit consent):

  • Children's ages (for age-appropriate features and COPPA compliance)
  • Photos submitted for quest verification (deleted after approval/rejection)

We DO NOT Collect:

  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Political opinions
  • Health or medical information
  • Sexual orientation or preferences
  • Biometric or genetic data
  • Criminal history or background

California Residents: You have the right to limit our use and disclosure of sensitive personal information. Contact us to exercise this right.

16. Data Protection Authorities

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

Key Regulators

  • EU: Your local Data Protection Authority or European Data Protection Board (edpb.europa.eu)
  • UK: Information Commissioner's Office (ico.org.uk)
  • Canada: Privacy Commissioner of Canada (priv.gc.ca)
  • Australia: Office of the Australian Information Commissioner (oaic.gov.au)
  • California: California Privacy Protection Agency (cppa.ca.gov)
  • Switzerland: Federal Data Protection and Information Commissioner (edoeb.admin.ch)

We encourage you to contact us first to resolve any privacy concerns, but you have the right to go directly to your local regulator.

17. Contact and Data Protection Officer

For privacy-related questions, to exercise your rights, or to contact our Data Protection Officer:

Contact Methods

  • Fastest: In-app help system (mark as "Privacy Request")
  • Support Portal: Submit through knowledge base with privacy category
  • Urgent Privacy Matters: Mark requests as "urgent" for priority handling within 24 hours

Data Protection Officer

Our Data Protection Officer is available to handle privacy complaints and questions that require specialized privacy expertise. The DPO can be reached through our support system with requests marked "DPO Review Required".

Legal Entity and Registration

  • Data Controller: Zorath LLC
  • Jurisdiction: Delaware, United States
  • Business Registration: Delaware Limited Liability Company
  • EU Representative: Available upon request for EU residents
  • UK Representative: Available upon request for UK residents

Privacy Policy Effective Date: Oct 28, 2025
Last Updated: Oct 28, 2025
Version: 2.0 (Worldwide Compliance Update)
Data Controller: Zorath LLC
Next Scheduled Review: Oct 28, 2026