ENFR

Privacy policy

What we know, plainly.

Effective June 8, 2026

EarnSprout is built and operated by Fabien Mukungu (a sole proprietor based in Toronto, Canada). It runs the EarnSprout mobile application and website at https://earnsprouts.com (the "Service"). This Privacy Policy explains what the Service collects, how the data is used, and the choices you have. By using the Service, you agree to the practices described here.

1.

Who runs EarnSprout

EarnSprout is a Christian family app for parents and their children, built by one person — Fabien Mukungu — in Toronto. The privacy of every user (especially minors) is taken seriously. Questions about this policy may be sent to privacy@earnsprouts.com.

2.

Children's privacy (COPPA)

EarnSprout is designed for use by parents on behalf of their children. Children under 13 do not create accounts directly. Parents (account holders) create child profiles within the app. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent.

A child profile may contain: a first name or nickname, age, an optional avatar/photo, an optional kid PIN (stored hashed, like a password), performance data (chore completions, points, streaks, badges, level), allowance and jar balances (save/spend/give) with their transaction history, and any faith content the child or parent records on the child's behalf (prayer entries, gratitude notes, memory verses, weekly reflection answers, and optional voice recordings on family reflections). All of this data is tied to the parent's account and is never shared with third parties for advertising.

If you believe personal information from a child under 13 has been inadvertently collected without consent, please contact privacy@earnsprouts.com and it will be deleted promptly.

3.

Information we collect

a) Information you provide

  • Account registration: Name, email address, password (stored hashed), optional family name, language preference.
  • Child profiles: Child's first name or nickname, age, optional avatar photo, optional kid PIN (stored hashed), color theme, faith-mode preference, verse difficulty.
  • Chores & routines: Titles, descriptions, schedules, and completion photos that you or your child upload as proof.
  • Allowance & jars: Per-child money balances (save/spend/give), allowance transaction history, and cashout requests.
  • Faith content: Prayer entries, prayer requests, gratitude notes, memory verses, weekly reflection answers, encouragement messages, and optional voice recordings on family reflections. Children may author this content under their own profile.
  • Premium Plus services: If you book a concierge call, we store your timezone, preferred times, topics, free-text notes, the call link, and any post-call survey response.
  • Payment information: Handled entirely by Stripe. EarnSprout stores only your Stripe customer ID and subscription status — never raw card numbers.
  • Referral codes: If you share or use a referral link.
  • Support correspondence: Emails you send to the support address.

b) Information collected automatically

  • Device identifiers: Push notification token (Expo) for sending approval alerts and reminders.
  • Usage data: App interactions (feature usage, screen views) for product improvement.
  • Crash & error logs: Stack traces and error reports via Sentry.
  • Log data: IP addresses, request timestamps, and HTTP response codes retained for security.

c) Media uploads

Photos (chore proof, avatars) and audio recordings (optional voice notes attached to family reflections) are stored securely via Cloudinary. These uploads are never used for training AI models or for any purpose other than displaying or playing them back within your family's account.

4.

How your information is used

  • Provide and improve the EarnSprout Service.
  • Process payments and manage subscriptions through Stripe.
  • Send push notifications and email summaries you have opted into.
  • Generate weekly family reports and analytics visible only to you.
  • Detect fraud, abuse, and unauthorized access.
  • Respond to support requests.
  • Comply with legal obligations.

Your personal information is never sold. Your data is never used for advertising.

5.

Legal bases for processing

EarnSprout is operated from Canada and is built to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy laws including Quebec's Law 25 and BC PIPA. Personal information is processed only on these bases:

  • Consent: You provide express or implied consent when you create an account, opt into emails, or submit content.
  • Contract performance: Processing necessary to provide the Service you signed up for.
  • Legitimate interests: Security monitoring, fraud prevention, and service improvement, balanced against your privacy rights.
  • Legal obligation: Compliance with Canadian laws and lawful requests.

For users in the European Economic Area, the United Kingdom, and Switzerland, the same bases apply under the GDPR/UK GDPR.

6.

Sharing your information

Your data is shared only with the following processors:

  • Stripe — payment processing. Stripe's privacy policy governs the data they collect.
  • Resend — transactional email delivery (verification, password reset, weekly recaps).
  • Cloudinary — media storage for uploaded images.
  • Expo (Push Notifications) — to deliver push notifications to your devices.
  • Sentry — error monitoring (stack traces and error logs for debugging).
  • Neon — managed Postgres hosting for the production database.
  • Render — application hosting for the API + web app.
  • Co-parents you invite — when you invite a co-parent or grandparent, they see your family's chore, routine, and child data.
  • Legal requirements — if required by law, court order, or to protect EarnSprout's rights and safety.
  • Business transfers — in the event of a sale or acquisition, data may transfer to the successor.
7.

Data retention

Account data is kept for as long as your account is active. When you delete your account, personal information is deleted within 30 days, except where retention is required by law or for fraud prevention (up to 7 years for financial records). Anonymized, aggregated data may be retained indefinitely for product analytics.

Trial abuse prevention. To prevent the same person from repeatedly creating accounts to extend their free trial, EarnSprout keeps a one-way cryptographic hash (SHA-256) of the email address used for each trial. This hash is irreversible — your email cannot be recovered from it. If you wish to have your trial-history hash removed, contact privacy@earnsprouts.com.

8.

Security

EarnSprout uses standard safeguards: HTTPS/TLS for all data in transit, hashed passwords (bcrypt), and environment-variable secrets management. Production database access is limited to the founder. No system is perfectly secure; if you discover a vulnerability, please disclose it responsibly to privacy@earnsprouts.com.

9.

Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Port your data to another service.
  • Object to or restrict certain processing.
  • Withdraw consent for marketing and push notifications at any time.
  • Lodge a complaint with a data protection authority.

To exercise any of these rights, email privacy@earnsprouts.com. We respond within 30 days.

10.

Cookies & tracking

The EarnSprout website uses cookies only for authentication session management (via NextAuth.js) and to remember your preferences. No third-party advertising cookies or cross-site tracking technologies are used. The mobile app uses secure device storage (Expo SecureStore) rather than browser cookies.

11.

International data transfers

EarnSprout is operated from Toronto, Canada and is built to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25. If you are located outside Canada, your data will be transferred to and processed in Canada and may also be processed by the third-party services listed in Section 6 (most of which operate from the United States). For transfers from the EEA/UK, Standard Contractual Clauses are used with sub-processors that have them available.

12.

Changes to this policy

This policy may be updated as the app evolves. Material changes will be communicated by email to the address on your account or by a prominent notice in the app at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

13.

Contact

For privacy-related questions, data requests, or concerns:

Fabien Mukungu — EarnSprout founder & privacy contact
Email: privacy@earnsprouts.com
Website: https://earnsprouts.com