Privacy Policy
Effective May 16, 2026 · Last updated May 16, 2026
The short version
We connect to your Gmail (read-only) so we can build your daily brief and answer questions in the Ask chat. We do not sell your data, train models on it, or share it with marketers. You can revoke access and delete your account at any time.
If you ever want everything wiped, email service@parentscircleapp.com and we'll delete your row within 48 hours.
Who we are
Parents Circle is a personal project operated by an individual developer (a parent of two). Contact: service@parentscircleapp.com. We are based in the United States.
What we collect, and why
From Google, when you sign in
- Your Google account email and name — to identify you and address you in the brief.
- Your Google profile picture URL — currently unused on the dashboard; stored only because Google returns it.
- An OAuth refresh token — so we can fetch your Gmail each morning without making you re-sign-in. Tokens are encrypted at rest (Fernet / AES-128 with HMAC) using a key stored separately from the database.
From your Gmail, on demand
We use the gmail.readonly scope to fetch a rolling window of recent messages (24 hours to 30 days, your choice). To find what's parent-relevant, we have to read everything in that window — bank statements, work email, personal messages, the lot — because there's no reliable way to know in advance which emails are about your kids. We read message subjects, senders, plain-text bodies, and timestamps in order to:
- Classify each message (junk vs. parent-relevant). Bank statements, marketing, and most personal mail get filtered out at this stage and aren't processed further.
- Extract action items, deadlines, dates, and locations from the parent-relevant ones.
- Draft suggested replies when an item looks like it needs one.
- Answer your questions in the Ask chat, grounded in the last 14 days of email.
Classification and extraction are done by Google's Gemini API. That means the contents of every email in your window — yes, including your bank statement — is sent to Gemini for the classifier to decide it's junk. Gemini API inputs are not used to train models (per Google's enterprise terms), but the data does transit Google's API.
We do not store the raw email content in our database. Emails are fetched from Google, processed in memory, and discarded after the brief is sent or your chat reply is generated.
If you want certain senders to never be touched at all, add them to your skip list in Settings. We filter those at the Gmail search level — they're never fetched, never seen by our pipeline, and never sent to Gemini.
One more nuance worth being honest about: the Ask chat saves the conversation (your messages and the assistant's replies) so you can scroll back through history. Replies may quote or summarize specific emails. To that extent, summaries of email content do live in our database inside chat_messages. You can delete this history by emailing us.
That you give us directly
- Settings — your timezone, delivery hour, lookback window, and any extra recipients you've added.
- Feedback — when you click 👍 / 👎 / ✏️ in a brief and optionally type a note.
- Chat messages — see above.
- Waitlist note — if you signed up via the request-access form, the optional note you wrote.
That we infer automatically
- Server access logs (IP, request path, status code, timestamp) kept by our hosting provider for ~7 days for operations and abuse handling.
- Application logs (errors, scheduler activity). These may include your email address. Retained ~30 days.
How we use your data
We use your data only to:
- Generate and send your daily brief to your email and any extra recipients you've configured.
- Power the Ask chat.
- Keep your account working (refresh tokens, send reauth emails when needed).
- Improve the service — e.g., reading your feedback notes to fix prompt-engineering problems.
- Respond to your support requests.
We do not:
- Sell your data.
- Share it with advertisers, data brokers, or marketers.
- Use it to train generative AI models.
- Use it for any purpose other than the ones listed above.
This complies with Google's API Services User Data Policy, including the Limited Use requirements for restricted Gmail scopes.
Who sees your data (third parties we use)
For Parents Circle to work, your data flows through a small number of vendors. Each is bound by their own privacy terms.
- Google (Gmail API) — we read your mail directly from Google. Google is the source, not a processor of our data.
- Google Gemini API — we send extracted message text to Gemini to classify, summarize, and draft. Google's enterprise API terms apply; per Google's policy, Gemini API inputs are not used to train models.
- Resend — sends your brief and our service emails. Receives the recipient email address and message body.
- Railway — application hosting. Has access to logs and the database at the infrastructure level.
- Cloudflare — DNS only (no traffic proxy). Sees DNS queries for parentscircle.app.
We do not transfer your data outside of these processors. We do not use analytics or tracking pixels.
Security
- OAuth refresh tokens are encrypted at rest with a key separate from the database.
- All web traffic is served over HTTPS (TLS 1.2+).
- Session cookies are HttpOnly, Secure, and SameSite=Lax.
- All state-changing requests require a per-session CSRF token.
- Briefs include one-click unsubscribe headers (RFC 8058 compliant).
We are a small operation and do not claim SOC 2 or other formal certifications during the private beta.
Retention
- Account data — kept as long as your account is active.
- Chat history — kept as long as your account is active. You can request deletion at any time.
- Feedback — kept indefinitely (used to improve the service); fully anonymizable on request.
- Server / application logs — see above (7 / 30 days).
- Email content — never stored in our database. Held in memory only during processing.
Your rights and choices
- Revoke our access to your Gmail — instant, no involvement from us. Go to myaccount.google.com/permissions, find Parents Circle, click Remove Access.
- Stop the daily brief — click the Unsubscribe link in any brief, or hit Resubscribe / Unsubscribe in Settings.
- Delete your data — email service@parentscircleapp.com. We delete your row, your chat history, and your feedback within 48 hours.
- Access or correct your data — email us; we'll send you what we have or update it.
- EU / UK / California residents — you have the rights granted by GDPR / UK GDPR / CCPA, including access, correction, deletion, restriction, portability, and objection. Email us to exercise any of them.
Children
Parents Circle is built for parents, about their family's logistics. It is not intended for use by children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we have, please email us and we will delete it.
Changes to this policy
If we make material changes, we'll update the "Last updated" date at the top and email signed-in users at least 14 days before the change takes effect.
Contact
Questions, requests, or concerns: service@parentscircleapp.com.
← Back to home