Sign Up Sign In

Privacy Notice

This notice explains what personal data Operating System processes, why it is processed, how long it is kept, and which rights users and family members can exercise.

1. Controller and Contact

For privacy questions, rights requests, or security concerns, contact chrisahammerschmidt@gmail.com.

This notice applies to account holders, invited family members, and other people whose information is intentionally stored in the service by authorized users.

For workspace data, the account holder or workspace admin deciding what to store and share is typically responsible for making sure they have authority to process that data.

2. Data We Process

  • Account identity and security data, such as name, email address, login metadata, MFA state, and signup IP.
  • Family workspace data, such as memberships, roles, permissions, comments, notifications, and audit logs.
  • User-created records, such as contacts, calendars, reminders, goals, documents, financial information, care records, and governance notes.
  • Imported or synchronized data from connected providers such as Google, CalDAV, CardDAV, or ICS feeds when enabled by the user.

3. Why We Process Data

  • To provide accounts, authentication, collaboration, and family workspace access.
  • To store, display, and synchronize the records that users intentionally create or connect.
  • To secure the service, prevent abuse, investigate incidents, and enforce access controls.
  • To provide support, operational diagnostics, backups, and service reliability.

4. Legal Bases

  • Contract: to create accounts, operate workspaces, and provide the collaboration, planning, sync, and storage features requested by users.
  • Legitimate interests: to secure the service, prevent abuse, investigate incidents, maintain logs, improve reliability, and support users.
  • Legal obligations: where retention, disclosure, or compliance handling is required by law.
  • User instructions and choices: where users choose to connect providers, import data, or store optional categories of personal data.

5. Sharing

Data is shared within the product according to workspace membership, sharing grants, role settings, and per-record visibility controls.

We may also rely on subprocessors and service providers that process data on our behalf, such as hosting providers, managed databases and storage providers, transactional email providers, and analytics or monitoring providers where enabled.

Connected providers such as Google or external CalDAV/CardDAV/ICS sources process data under their own terms when you choose to connect them.

6. International Transfers

Some subprocessors or connected services may process data outside the country where you use the product. Where that happens, we expect transfers to rely on an adequacy decision, standard contractual clauses, or another lawful transfer mechanism where required.

7. Retention

  • Account and active workspace records are retained while the account or workspace remains active.
  • Shared workspace records may remain after a user leaves where they are part of the continuing household or workspace record, subject to access controls.
  • Security logs, audit records, and abuse-review data may be retained for a limited period needed to investigate incidents, enforce rules, and protect the service.
  • Temporary export archives and similar generated files are retained only for short operational windows and then deleted automatically.
  • Some records may be retained longer where needed to resolve disputes or comply with legal obligations.

8. Your Rights and Controls

  • Access, correction, deletion, and export requests can be initiated through the Privacy & Data area.
  • Only platform superadmins process formal privacy operations.
  • Users can leave family workspaces, request account deletion, and download exports subject to operational and security safeguards.

Open Data Rights Policy

9. Children and Family Data

The service is intended for adults and authorized account holders. Users may store data about children and dependents only where they have an appropriate right, responsibility, or lawful basis to do so.

Sensitive medical, legal, care-related, or child-related records should be shared only with the minimum necessary people.

10. Sensitive Data

The service may process sensitive or special-category data, such as health, care, legal, family, or child-related records, only because users choose to store, organize, or share that information through the product.

Users are responsible for deciding whether they have an appropriate lawful basis to store or share that data and for applying the strictest sharing settings appropriate to the situation.

11. Changes to This Notice

We may update this notice as the product and legal posture evolve. Material changes should be reflected on this page and, where appropriate, communicated in-product or by email.