Security & Privacy First
Your data is encrypted, region-resident, and under your control. We design for privacy from the ground up.
Data Residency
Data is stored in your selected region. No cross-region transfers without consent.
Encryption by Default
Your information is locked with strong, industry‑standard protection — both when it’s stored and when it’s sent.
Privacy Controls
Granular consent, data export/erasure, telemetry opt-in, and clear visibility into usage.
Data Minimization
We only ask for what’s necessary and keep it only as long as needed. You’re in control of your information.
Data Residency
Data is stored in the user’s selected region. The default region is ap-southeast-2. Cross-region data transfer is avoided by design and only performed with explicit user control (for example, when joining a family group with a different region setting).
Encryption
We use AWS KMS for key management and per-user Data Encryption Keys (DEKs). All sensitive data is encrypted at rest (DynamoDB, S3) and in transit (TLS). Keys are rotated and access is governed by least-privilege IAM policies.
Privacy Controls
Users can manage consent scopes, export their data, request erasure, and opt-in to telemetry. We never store PII in frontend storage and we validate inputs client and server-side. See our privacy policy for full details.
Data Minimization
We collect only what is necessary to deliver the service. Collection is progressive, purpose-bound, and retention is limited. Our frontend follows strict PII minimization: no PII in localStorage, sessionStorage, or non-httpOnly cookies.