Privacy Policy

Last updated: July 5, 2026 Developer: LPF Family Contact: [email protected] Website: https://lpf.family


This policy covers all apps published by LPF Family: Bright, Steer & Anchor, Contour, Closet, and Mimo. We wrote it in plain language because we know you’ll actually read it — and we respect that.


The Short Version


1. What Each App Collects

Contour (Photo to Connect-the-Dots)

DataCollected?Details
Photos you processNoAll image processing happens on your device. Photos are never uploaded or stored on our servers.
Account / loginNoNo account required.
Personal informationNoWe don’t ask for your name, email, or any identifying information.
Crash reports & diagnosticsNot currentlyContour does not currently include crash-reporting SDKs. If we add crash reporting (anonymous crash logs and basic device info), we will update this policy first.
Ad dataYesContour displays ads via Google AdMob. Google may collect or receive device identifiers, ad interaction data, and approximate location to serve and measure ads, subject to your device settings and Google’s policies. See Google’s privacy policy for details.

Child-directed ads: We configure AdMob to treat Contour ad requests as child-directed where required (COPPA). This limits behavioral advertising and related data use per Google’s child-directed settings. See the Children’s Privacy section.


Closet (Visual Closet Organizer)

DataCollected?Details
PhotosNoAll image processing happens on your device via WASM. Photos are stored locally in IndexedDB and never uploaded to our servers.
Account / loginNoNo account required. Closet is local-first, storing all data in IndexedDB on your device.
Personal informationNoWe don’t ask for your name, email, or any identifying information.
Voice dataNo (by us)Voice interaction is processed on-device and is not uploaded or stored on our servers.
Crash reports & diagnosticsNot currentlyCloset does not currently include crash-reporting or analytics SDKs. If we add crash reporting, we will update this policy first.

Mimo (Face Exercise Practice for Speech Therapy)

DataCollected?Details
Camera / face dataNoFace tracking runs entirely on your device (Apple ARKit). Camera frames and face data are processed in real time, never recorded, and never uploaded. We cannot see your child’s face.
Microphone / voice dataNoSound is analyzed on-device only (for example, to show a sound-level bar during voice exercises). Audio is never recorded or uploaded.
Practice historyNo (by us)Exercise progress, streaks, and rewards are stored locally on your device. Nothing is sent to our servers.
Account / loginNoNo account required.
Personal informationNoWe don’t ask for your name, email, or any identifying information.
AdsNoMimo contains no ads and no advertising SDKs.
Crash reports & diagnosticsNot currentlyMimo does not currently include crash-reporting or analytics SDKs. If we add crash reporting, we will update this policy first.

Steer & Anchor (Parent Coaching & Personal Development)

DataCollected?Details
Journal entriesNo (by us)Your journal data is stored only on your iPhone (local storage) or in your personal Apple iCloud account. It never touches our servers. We cannot read, access, or recover your journal entries.
AI provider dataDepends on your choiceIf you select OpenAI as your AI provider, the text you submit for reflection is sent to OpenAI’s API (using your own API key) and handled under OpenAI’s policies — it does not pass through our servers. Apple Intelligence and Ollama run on your own device/hardware, and the “None” option sends nothing anywhere.
Account / loginNoNo account required. Your settings and API keys stay on your device.
Personal informationNoWe don’t ask for your name, email, or any identifying information.
Crash reports & diagnosticsNot currentlySteer & Anchor does not currently include crash-reporting or analytics SDKs. If we add crash reporting, we will update this policy first.

Bright (Family Schedule, Tasks & Rules)

DataCollected?Details
Photos & text you uploadYesTask images, child profiles, house rules content, and other media you add are stored on our servers (Cloudflare infrastructure) so the app functions. This content is associated with your household and is not shared outside it.
Children’s names & profilesOnly what you enterAny child-related information a parent chooses to include in schedules, tasks, rules, or photos is stored on our servers as part of that content. We store only what you provide — no data is inferred or enriched.
Account / loginYesParents sign in with email + password, Sign in with Apple, or Sign in with Google, handled by our authentication provider (Supabase). We store your email address and authentication tokens; passwords are stored only as secure hashes by Supabase.
Device pairing (TV)YesIf you pair a TV, we store a device token and device name (e.g., “Living Room Apple TV”) to keep it connected to your household. Your IP address may be used transiently for rate limiting and abuse prevention.
Subscription statusYesIf you subscribe, our entitlement service and RevenueCat process your app-store subscription status linked to your account ID. We never see your payment details — Apple handles those.
Crash reports & diagnosticsNot currentlyBright does not currently include crash-reporting SDKs. Our infrastructure provider (Cloudflare) keeps operational request logs to run the service. If we add crash reporting, we will update this policy first.
AnalyticsNot currentlyNo analytics scripts run in the app or admin portal today. If we add privacy-friendly analytics (e.g., Cloudflare Web Analytics), we will update this policy first.

2. What We Do NOT Do


3. Third-Party Services

We use a small number of third-party services to run our apps:

ServiceUsed inPurposeWhat they receive
Google AdMobContour onlyDisplay adsMay collect device identifiers, ad interactions, approximate location, and other signals per Google policies and your device settings
SupabaseBrightAccount authenticationYour email address, hashed password (if you use password sign-in), and sign-in events. Supabase processes this on our instructions to provide login.
RevenueCatBright (subscriptions)Subscription managementAn account identifier and your app-store subscription status. Never your payment details — those stay with Apple.
CloudflareBright, this websiteHosting & storageOperational data necessary to deliver the service (e.g., requests to our servers). This may include IP address for security and abuse prevention. Where supported, we minimize or truncate IP data.
Apple iCloudSteer & AnchorJournal syncYour journal data under Apple’s privacy policy, not ours
OpenAISteer & Anchor (only if you choose it)Optional AI providerThe text you submit for AI reflection, sent directly from your device with your own API key. Governed by OpenAI’s policies. Choose Apple Intelligence, Ollama, or “None” to keep everything on-device.
SentryNone yetCrash reporting (planned)Not currently integrated in any app. If we enable it, it would receive crash logs + basic device/app info, and we will update this policy first.

We do not use Facebook SDK, Google Analytics, Firebase Analytics, or any other tracking/advertising SDK beyond what’s listed above.


4. Children’s Privacy (COPPA Compliance)

Our apps are designed for families with children, including children under 13. We take this seriously.

AdMob and children (Contour): We configure AdMob requests as child-directed where required to reduce behavioral advertising and comply with COPPA. See Google’s child-directed treatment settings: https://support.google.com/admob/answer/7562142

If you believe we have inadvertently collected personal information from a child without appropriate consent, contact us at [email protected] and we will delete it.


5. Data Storage & Security

Crash report retention: If we enable crash reporting in the future, crash reports will be retained for 90 days and then automatically deleted.


6. Data Retention & Deletion


7. Your Rights

Depending on where you live, you may have rights to:

To exercise these rights, email [email protected]. We may need to verify your identity before fulfilling your request.

If you are in California (CCPA/CPRA), Israel (Protection of Privacy Law), Mexico (LFPDPPP), or another jurisdiction with specific privacy laws, additional rights may apply. We do not discriminate against anyone for exercising privacy rights.


8. Regional Availability

Our apps are currently available in Israel, Mexico, the United States, and Canada. We do not currently target or market to users in the European Economic Area (EEA), the United Kingdom, or Switzerland.

If we expand to those regions in the future, we will update this policy to include full GDPR/UK GDPR compliance details (data controller info, legal bases, international transfer safeguards, and supervisory authority complaint rights).


9. Changes to This Policy

If we make material changes, we will update the “Last updated” date and notify you through the app and/or our website. We will never quietly reduce your privacy protections.


10. Contact Us

Questions about this privacy policy?

LPF Family [email protected] https://lpf.family


This privacy policy was written to be read by real people — not just lawyers. If anything is unclear, email us and we’ll explain it in plain language.