Funily Privacy Policy

⚠️ DRAFT 2026-05-26 — REQUIRES LEGAL REVIEW before publishing.
Grounded in the actual data scope (data-safety-mapping.md). [[...]] placeholders must be filled by: data controller, contact, hosting region, retention periods. This is NOT legal advice. English mirror of the Polish policy.

Last updated: [[DATE]]
Data controller: [[LEGAL ENTITY / PERSON, ADDRESS]]
Privacy contact: [[privacy email, e.g. privacy@funily.app]]

1. Who we are

Funily is a family web and mobile (Android) app where children's chores and routines become quests, points, and a parent-approved RPG. The app is directed to families with children. Child accounts are usually created and managed by a parent/guardian. A child may also create an account independently (solo mode) — such an account only accesses the game layer (Realms), we collect minimal data (email is optional), and family features, rewards, and any payments remain locked until a parent/guardian joins via an invite code. Once they join, the parent/guardian takes control of the child's account.

2. Data we collect

CategoryDataFrom
AccountEmail (mostly parents; usually none for children), username, password (hashed)Parent, child
Family relationshipsParent–child link, family membershipParent
Device identifiersDevice ID (Android ID), push token (FCM)Device
App activityQuests, completions, rewards, points, XP, character class/level, duels, bosses, leaderboard timesParent, child
User contentQuest/reward titles & descriptions (free text)Parent, child
TechnicalTimestamps (login, activity)System

We do not collect: location, contacts, photos, microphone, health data, browsing history, biometrics, or payment data (until billing launches — this policy will be updated then).

3. Why we process data (purposes & bases)

4. Who we share data with

We do not sell data and do not share it for advertising. We use processors solely to provide the service:

[[If data is processed outside the EEA, describe the transfer mechanism, e.g. SCCs.]]

5. Advertising & tracking

Funily contains no advertising or analytics SDKs and does not track users across apps. We do not perform advertising profiling, and never toward children.

6. Retention

[[Define retention per category. Currently data is kept until account deletion — see section 8.]]

7. Your rights

You have the right to access, rectify, erase, restrict, port, and object. A parent may exercise these rights on a child's behalf. To exercise them, contact [[privacy email]] or use the in-app controls.

8. Account & data deletion

A parent can delete a single child or the whole account/family in the app or at funily.app/usun-konto/ (no app install required). After password re-authentication and explicit confirmation, the data is permanently erased. A machine-readable JSON family export is available before deletion.

9. Security

All traffic is encrypted (HTTPS/TLS). Passwords are stored hashed. [[Describe additional measures: backups, access control.]]

10. Children

Funily is built for families. A child's account is usually set up and controlled by a parent/guardian, who consents to processing the child's data and may review, export, or delete it at any time. A child may also use a solo account (game layer only): we then collect the minimum data (usually no email), show no ads or purchases, and once a parent/guardian joins via an invite code they take full control of the child's account. [[legal review needed: parental-consent mechanism for solo accounts]]

11. Changes

We will announce material changes in-app or by email. The last-updated date appears at the top.

12. Contact

[[Data controller, address, privacy email. If a DPO is appointed — DPO details.]]