Den

Privacy

What we keep, what we don’t.

We wrote this to be readable. If something is still unclear, write us at [email protected] and we’ll explain.

Effective May 10, 2026.

Four things we promise.

  • We never sell your data. Not your calendar, not your photos, not your family’s names. Not to advertisers, not to data brokers, not to anyone, ever.
  • We never train AI on your family. Voice transcripts, calendar events, chore notes, photos — none of it is used to train a model. Our voice provider is configured to do the same.
  • Account deletion is real. When you delete your family, we delete it. Photos, chores, lists, the whole row. Within 24 hours, usually within seconds.
  • Kids never get accounts. Children in your family are a name and a color. No email, no password, no kid data we have to protect because we don’t collect it in the first place.

What Den collects, and why

We collect the smallest amount of information that lets the product work. In plain terms:

  • Your Google account email and name, when you sign in with Google. That’s how Den knows who you are between visits.
  • A token to read your Google calendars (and write events you create in Den). The token is encrypted at rest. We use it to fetch events when the wall or your phone asks for them, and to push events you add back to Google.
  • Your family details — name, timezone, optional location for weather, the names and colors of family members, and any chores or shopping-list items you create.
  • Photos you upload (on the Plus and Lifetime tiers). Stored in Den’s private storage with access rules so only your family can see them.
  • Wall display metadata — the device you paired, a label you choose for it, and when it last checked in. So the “is the wall online?” indicator works.
  • Push-notification subscriptions, if you opt into chore reminders. Stored per device.
  • Billing info, if you upgrade. Stripe handles your card. We store a Stripe customer ID and the state of your subscription — never your card number.

What Den deliberately does not collect

  • A copy of your calendar. Google is the source of truth. We pass events through on request and don’t persist them on our side. If you delete an event in Google, it’s gone — we don’t have a stale copy.
  • Voice transcripts. When you speak to Den, your voice is converted to text in your browser (or by our voice provider for browsers that can’t do it themselves), then sent to a language model that turns the words into a structured event or chore. The transcript is processed and discarded — not stored, not associated with your family, not used for training.
  • Third-party analytics. No Google Analytics. No Sentry, Datadog, Mixpanel, PostHog. No Facebook or TikTok pixel. The only thing that watches what happens in Den is Den.
  • Information about your kids beyond a name and color. No email, no birthdate, no school, no location data tied to a child. Kid actions on the wall (“Tommy marked the trash chore done”) are recorded against the family, not against an account.

Who else sees this information

Den runs on a small set of services. We picked them because each does one thing well and treats data carefully. None of them get more than they need.

  • Supabase hosts the database, auth, file storage, and realtime updates that power Den. Your data lives in their US data centers.
  • Google provides sign-in and the Calendar API. Standard OAuth: you grant Den read/write access, you can revoke it any time from your Google account.
  • Google’s Gemini service parses voice into structured events. We’ve enabled the option that prevents your inputs from being used to train Google’s models.
  • Anthropic provides a backup voice-parse model behind a feature flag. Used only when our primary provider has an outage. Same no-training posture.
  • Stripe handles payment for Plus and Lifetime customers. Den never sees your card number.
  • Netlify serves Den from US data centers.

We don’t share data with anyone outside this list. We don’t buy ads or targeting data. We don’t do affiliate kickbacks based on what your family is up to.

How long we keep things

While your family is active, we keep your information so the product works. When you delete your family, we cascade through and remove the row from the database, the files from storage, and the calendar webhook subscriptions from Google. We cancel your Stripe subscription as part of the same step.

Backups are kept for up to 30 days for disaster recovery. After that, deleted data is gone from backups too.

Voice transcripts and calendar events are not stored, so there’s nothing to delete on those.

What you can do

  • See your data. Open Den. The app is your data — the family, members, chores, lists, and photos you see are everything we have on you.
  • Disconnect a Google account. Settings → Google accounts → remove. We delete the stored token immediately. (You can also revoke from Google’s side at any time.)
  • Delete your family. Settings → Delete family. Type the family name to confirm. We cascade and you’re gone, usually within seconds.
  • Ask us anything. [email protected] reads to a human. We answer.

If you’re in the EU or California and want a formal data export or rectification request, write us at the same address. We’ll honor it.

Children

Den is designed so children don’t need accounts. A child in your family is a name and a color — nothing more. There is no kid email, no kid login, no kid password. When a child marks a chore done on the wall, that’s an action by the wall display (which is paired to your family), not by an account belonging to the child.

This means Den isn’t subject to COPPA or GDPR-K provisioning rules in the way kid-facing apps are. The legal exposure exists for kid users, and we don’t have any. If you’d like a child to grow into a parent-style account one day — an older teen who wants their own login — that becomes possible when they have their own Google account. Until then, the family does the typing.

Cookies and similar

Den uses cookies for one thing: keeping you signed in. There’s no analytics cookie, no advertising cookie, no “personalization” cookie. The wall display also uses local storage to keep its pairing token so it survives a Wi-Fi blip. That’s the entire list.

Where Den runs

Today, Den’s servers are in the United States. We’ve built the system expecting EU replication later — the moment we cross the threshold where it makes sense, we’ll stand up an EU instance and let European families pick it. Until then, if you sign up from outside the US, your data is processed and stored in the US.

When this changes

Privacy policies don’t change often, but they do change. If we make a material change — new third party, new data category, anything that meaningfully affects what we hold — we’ll send an email to family parents at least two weeks before it takes effect, with a plain-English summary of what changed and why.

Contact

For anything privacy-related — questions, deletion requests, complaints, or just to say hello — we read [email protected]. If you’d rather use the regular support inbox, [email protected] works too — we route privacy questions to the same desk.

The data controller for Den is Starbright Lab LLC, a Florida limited liability company. We answer formal data-access, correction, and deletion requests at the email above.

See also: Terms of Service.