← FamiPoints

FamiPoints Privacy Policy

At FamiPoints we take your privacy — and especially your kids' privacy — seriously. This policy explains what data we process, why, with whom and for how long, in plain language and without small print.

1. Who is the data controller

Glenlake Soft SL (“we”), Spanish Tax ID (CIF) B13872437, registered at Calle Haya 9, 41927 Mairena del Aljarafe, Seville (Spain). General contact: hi@cronokids.com. Privacy contact: info@famipoints.com.

2. What FamiPoints is

FamiPoints is a “family arcade console” for chores and rewards: parents set up tasks, rewards and the family; kids complete the tasks to earn points. Kids don't create accounts: they are internal profiles inside the adult's account, protected by a parental PIN.

3. What data we process

  • Adult account (via FamiID): email, name, FamiID and, if you sign in with Google, the basic profile fields Google shares (name, email, avatar).
  • Child profiles: alias or first name, age or age band, avatar and PIN (hashed). We do not ask for surnames, address or phone number of minors.
  • Gameplay data: tasks created, points, streaks, rewards, pets, chests and “Friday count” events.
  • Fami ecosystem integrations: if you connect FamiEduca or another Fami app, we receive events such as “daily plan completed” linked to a child ID so we can award points automatically.
  • Minimal technical data: language, timezone, anonymous device identifier and security logs (truncated IP, errors).
  • We do NOT process: precise location, biometric data, payment data (there are no in-app payments), nor any advertising profile.

4. Why we use the data and legal basis

  • Providing the service (accounts, sync, points, rewards) — performance of a contract (GDPR art. 6.1.b).
  • Security and abuse prevention — legitimate interest (GDPR art. 6.1.f).
  • Legal compliance (responding to rights requests, authorities) — legal obligation (GDPR art. 6.1.c).
  • Product improvement via aggregated and anonymous statistics — legitimate interest, no individual profiling.

We do not sell data. We do not show ads. We do not use children's data for advertising profiling.

5. Children (COPPA, GDPR-K and child-protection compliance)

FamiPoints is designed for families. The main account must be opened by someone aged 13 or older (where local law requires a higher age — e.g. 14 in Spain and Italy, 16 in Germany — that age prevails). Children are always managed as profiles inside the adult's account, who acts as the parent/legal guardian and is responsible for the data they enter about them. Children's access is gated behind a parental PIN.

We commit that the application — including its SDKs, APIs and any advertising network — complies with all applicable laws and regulations protecting children, in particular the U.S. Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation (GDPR), including the enhanced protection for minors in art. 8 GDPR. Specifically:

  • We do not collect personal information from children under 13 without verifiable parental consent (verified through the adult account authenticated via FamiID).
  • We do not show any advertising (contextual or behavioural) inside FamiPoints, neither to adults nor to children.
  • We do not use advertising SDKs or APIs (AdMob, Meta Audience Network, Unity Ads, IronSource, AppLovin, etc.) nor analytics SDKs for advertising or profiling of minors.
  • We do not sell or share children's data with data brokers or third-party marketers.
  • No profiling, behavioural targeting or automated decisions are performed on minors.
  • We apply strict data minimisation: only alias/first name, age or age band, avatar and hashed PIN.
  • Parents/guardians can review, edit or delete their child's data and withdraw consent at any time by emailing info@famipoints.com.

6. Who we share data with (processors)

  • FamiID (famiid.com) — shared authentication and family management of the Fami ecosystem.
  • Google — only if you choose Google sign-in (OAuth).
  • Supabase — database and storage (EU).
  • Cloudflare — CDN, frontend hosting and network security.
  • Other Fami apps (e.g. FamiEduca, FamiCalendar) — only if you explicitly connect them.

They all act as data processors under GDPR-compliant agreements. We do not carry out international transfers outside frameworks with adequate safeguards (EU Standard Contractual Clauses where applicable).

7. How long we keep the data

  • While the account is active.
  • Up to 30 days after account deletion for backups and security logs, unless a longer legal retention period applies.

8. Your rights

You can exercise your rights of access, rectification, deletion, objection, restriction and portability at any time by writing to info@famipoints.com. If you believe we have not handled your request properly, you can lodge a complaint with the Spanish Data Protection Agency (aepd.es) or your local supervisory authority.

9. Cookies and local storage

We only use local storage and strictly necessary technical cookies to keep your session, language and game state. We do not use advertising cookies or third-party cookies for marketing.

10. Security

We encrypt communications (HTTPS), apply per-family access control (Row Level Security) and PINs are stored hashed. No system is perfect, so if you notice anything strange please email info@famipoints.com.

11. Changes

If we update this policy we will change the “Last updated” date and, if the changes are material, notify you inside the app.

Want to delete data?

Delete my account and all my dataDelete only some data

Last updated: 2026-06-19