Withkin Privacy Policy

Last updated: April 22, 2026

Withkin is a private app for a single family. This policy explains what we collect, what we don't, and how you can get your data out or delete it. It's written to be read, not skimmed past.

What Withkin collects

• Your email address. Used only to sign you in and to send invites you explicitly create. Stored by our authentication provider (Supabase).
• What you write and upload. Wins, journal entries, goals, photos you attach. Stored in our database and object storage (Supabase). Photos are compressed on device before upload.
• Your family's structure. The names, avatars, and roles of the members you add (including kids). Kids do not have their own accounts — an adult in the family manages them.
• Basic device info. App version, operating system, whether the app crashed. Used to fix bugs. Handled by Sentry.
• Anonymous usage events. Which screens opened, which actions were taken (for example, "a win was logged"), without the content of those actions. Handled by PostHog. We never send the text of a win, a journal entry, a goal title, or a family member's name to PostHog.

What Withkin does not collect

• We do not collect contacts, location, advertising identifiers, browsing history, or anything from outside the app.
• We do not sell data to anyone. We do not run ads.
• We do not share the content of your wins, journal, goals, or photos with any third party other than the infrastructure providers listed below, and only as necessary to run the app.

Who sees your content

• Wins, goals, family metadata: visible to other members of your family inside the app. That's the point of the app. They are not visible to anyone outside your family.
• Journal entries and journal photos: visible only to you. No other family member can see them. Our database has row-level security rules that enforce this at the server side, not just the app.
• Kids' accounts: kids do not have independent accounts. An adult in the family acts on their behalf.

Third parties that help run the app

• Supabase — database, authentication, file storage. Our primary backend.
• Sentry — crash reporting.
• PostHog — anonymous usage events (never content).
• Resend — transactional email, used only to deliver invite emails you explicitly send.
• Apple / Google — app delivery, subscription handling when you subscribe.

Each of these providers has their own privacy terms. We send them only what they need to do their job.

Children

Withkin is designed to be used by families, including kids. Kids do not create their own accounts; an adult in the family adds and manages them. We do not send marketing email to kids. We do not share kids' information with advertisers. If you are a kid's parent or legal guardian and want that kid's profile and associated content removed, follow the deletion steps below.

Data deletion

You can ask for your account and all associated data to be deleted. Email privacy@withkin.family with the email address you signed up with, and we will:

1. Confirm the request from that email within one business day.
2. Delete your auth record, your journal entries, your uploaded photos, and your membership in any family. Where deletion would remove context from other members (for example, a win you logged about someone else), we will anonymize rather than delete, unless you request full removal, in which case we will remove the entries.
3. Confirm completion in writing.

Turnaround is within 30 days.

You can also delete individual journal entries and wins from the app at any time — see how to delete specific data or how to delete your whole account.

Data export

Email privacy@withkin.family from your sign-in address and we will send back a machine-readable export (JSON) of your wins, journal, goals, and family metadata within 30 days.

Where data is stored

Our Supabase project is hosted in the United States. If you use the app from elsewhere, your data is transferred to and processed in the US.

Changes to this policy

If we materially change what we collect or who we share it with, we will note it in the app before the change takes effect.

Contact

Withkin is run by Joseph Floyd.

• Privacy and deletion requests: privacy@withkin.family
• General contact: hello@withkin.family
• Postal address available on request.