Privacy Policy
Effective Date: January 23, 2026
Allhands ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Allhands web application at joinallhands.com (the "Service").
1. Overview and Key Principles
Our Core Commitment: Your family's behavioral data is yours. We do not use it to train AI models, sell it to third parties, or share it with anyone you haven't explicitly invited to your household.
Key Principles:
- Data Ownership: You own all incident logs, notes, and family information you create
- Household Privacy: Only you and people you invite can access your data
- No AI Training: We never use your incidents to train machine learning models
- No Data Sales: We do not sell, rent, or share your data with third parties
- Export & Delete: You can export all data as PDF and permanently delete your account at any time
2. Information We Collect
2.1 Information You Provide
When you use Allhands, you provide:
- Account Information: Email address, password (hashed), display name
- Incident Data: Date, time, child name, location, duration, trigger, resolution, notes
- Child Profiles: Names and optional photos
- Custom Options: Your customized locations, triggers, and resolutions
- Household Information: Household members you invite and their roles
2.2 Information We Do NOT Collect
- Location data (GPS/geolocation)
- Device identifiers beyond standard web analytics
- Contacts or address book information
- Browsing history outside the Allhands app
- Social media profiles or connections
- Medical records or protected health information (PHI)
2.3 Automatically Collected Information
We collect minimal technical information necessary to operate the Service:
- Browser type and version (for compatibility)
- IP address (for security and fraud prevention)
- Session data (to keep you logged in)
- Error logs (to fix technical issues)
3. How We Use Your Information
We use your information solely to:
- Provide the Service: Store and display your incident logs, generate insights, enable exports
- Enable Collaboration: Share data with household members you invite
- Authenticate Access: Verify your identity and manage account security
- Improve Performance: Fix bugs, improve loading times, optimize user experience
- Communicate: Send account-related emails (password resets, important updates)
We do NOT: Use your data for advertising, train AI/machine learning models, analyze your incidents for research purposes, share aggregate statistics, or sell/rent your data to third parties.
4. Data Storage and Security
4.1 Where Your Data Is Stored
Allhands uses Google Firebase (Google Cloud Platform) for data storage and hosting:
- U.S.-based servers: Your data is stored in Google Cloud data centers in the United States
- Enterprise infrastructure: Built on the same secure infrastructure that powers Gmail and Google Drive
- Certifications: Google Cloud is SOC 2, SOC 3, ISO 27001, and HIPAA-eligible certified
Firebase Privacy & Security: https://firebase.google.com/support/privacy
4.2 Security Measures
- Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Encryption at rest: Data stored in Firebase is encrypted using AES-256
- Password hashing: Passwords are hashed using bcrypt; we never store plaintext passwords
- Access controls: Firebase security rules enforce household-level data isolation
- Session management: Login sessions expire automatically and require re-authentication
4.3 Who Can Access Your Data
- You: Full access to all your household data
- Invited household members: People you explicitly invite via invitation code
- Allhands (us): We CANNOT access your incident logs—they're stored in your private database partition
- Google/Firebase: Google provides infrastructure but does not access or analyze your content
5. Data Sharing and Disclosure
5.1 Household Sharing (Your Choice)
You control who can see your data by generating invitation codes. When someone accepts your invitation, they gain access to all incidents logged by anyone in the household.
5.2 We Do NOT Share Your Data With:
- Advertisers or marketing companies
- Data brokers or analytics firms
- Researchers or academic institutions
- AI training companies
- Other Allhands users (your data is household-private)
5.3 Legal Obligations
We may disclose information if required by law, court order, subpoena, or legal process, or to protect the rights, property, or safety of Allhands, our users, or others. We will notify you of any such requests unless prohibited by law.
6. Your Rights and Choices
6.1 Access and Export
You can export all your incident data as PDF at any time via Settings > Data & Exports.
6.2 Correction and Deletion
- Edit incidents: Modify any logged incident directly in the app
- Delete incidents: Remove individual incidents permanently
- Delete account: Settings > Account > Delete Account permanently removes all data
6.3 Account Deletion Process
When you delete your account:
- All incidents you logged are permanently deleted
- All child profiles and photos are permanently deleted
- All custom options are permanently deleted
- If you own a household, the entire household and all member connections are deleted
- Your account is immediately removed from our authentication system
- No backups are retained — deletion is permanent and irreversible
7. Children's Privacy
Allhands is designed for use by parents and legal guardians (18+). We do not knowingly collect personal information from children under 13. The Service is COPPA-compliant: children's names and photos are entered by parents/guardians for tracking purposes only and are never shared outside the household.
8. Cookies and Tracking
Essential Cookies: We use session cookies to keep you logged in and maintain app functionality. These are required for the Service to work.
No Tracking Cookies: We do not use advertising cookies, analytics cookies (Google Analytics, etc.), or cross-site tracking.
9. International Users
Allhands is operated in the United States. If you access the Service from outside the U.S., your data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We provide the same privacy protections to all users regardless of location.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will:
- Notify you via email at least 30 days before changes take effect
- Update the "Effective Date" at the top of this policy
- Give you the option to export your data and delete your account before changes apply
Important: We will never retroactively apply new data-use policies to data collected under this policy.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
Email: privacy@joinallhands.com
Website: joinallhands.com