How Family Quests handles your family's data.
Family Quests is built for families. We collect what's necessary to run the app, separate parent and child data carefully, and use the microphone only in real-time for ear-training games — audio is never stored or sent to our servers.
This Privacy Policy explains how ASPECTLYTIC PTE. LTD. ("Aspectlytic," "we," "us") collects, uses, and protects information when you and your family use Family Quests (the "App") on iOS or the web. By using the App, you agree to the practices described here.
Family Quests is designed for families with children. Parents create the family account using their email address. Each child has their own account name (chosen by the parent) and password. The two account types are kept separate throughout the App — a child profile cannot do anything that requires parent-level permission, and a parent profile is what we look to for consent and account-level decisions.
01What we collect — parents
Account information
When a parent creates a family account, we collect the parent's email address and a password (stored as a salted hash — we never see your actual password). This is the minimum we need to give you an account that works across devices.
The email address is used as your login identifier and to send password-reset emails when you request them. We do not send marketing emails, newsletters, or product announcements to this address.
Family configuration
Information you choose to add about your family — child profile names, avatars, quest categories, reward settings, currency balances, and similar configuration — is stored on our servers so it syncs across devices.
Feedback you send us
If you submit feedback through the in-app feedback widget, the content of your feedback (and any screenshot or device metadata you choose to include) is collected so we can improve the App and respond to you. We use Userback as a sub-processor for this; see Section 5. The feedback widget is shown only to parent users — it is never visible to or accessible from a child profile.
02What we collect — children
Children do not have email addresses associated with their profiles. Each child's profile contains:
- An account name chosen by the parent (this is how the child signs in)
- A password (stored as a salted hash)
- Quests, rewards, currency balances, and progress within the App
- Activity within the App — see Section 3 below
Child profiles are created and managed by parents. Children cannot register accounts directly, cannot delete their own accounts, and cannot send feedback to us through the App. All account-level decisions affecting a child profile flow through the parent.
03Activity and progress data
As children use the App, we record activity data so the App can function and so parents can see meaningful progress. Specifically:
- Quest activity: when quests are submitted, completed, skipped, or expired; daily-quest streaks; shield/restore actions; shop purchases (in-app currency only — no real money).
- Game results: for each game session (multiplication, arithmetic, grammar, ear training, Bible reading, meal timer), we store the configuration and outcome — for example, question count, accuracy, total time, per-question timing and correctness. This is what powers the per-game stats shown to parents.
- Session presence: a coarse signal that a child opened the App (one record per child per hour at most). This drives the engagement summary shown in Insights.
This data is used for two purposes inside the App:
- The dashboard, which shows a child their current quests and a parent the historical completion grid
- The parent Insights page, which shows session counts, time-of-day patterns, and per-game performance for each child
Activity data stays on our servers and is not shared with any third party (including for advertising or analytics). We do not link it to data from other apps. We do not collect IP addresses, device fingerprints, or cross-app advertising identifiers as part of this data.
04Microphone
The App requests microphone access for the ear-training games, which listen for the notes you sing or play to score your pitch. Here's exactly what happens:
- Audio is captured and processed in memory on your device in real-time.
- The App analyses pitch on-device to score the round.
- Audio is discarded automatically when the round ends or you leave the screen.
- Audio is never written to disk, never uploaded to our servers, and never shared with any third party.
What we do save from an ear-training round is the result — for example, the target note, how close you sang to it, and whether you listened to the reference first. That's a small numeric record, not audio.
The microphone is requested via iOS's standard permission system. You can grant or deny it at any time in your device's Settings.
05Service providers we use
To run the App, we share limited data with the following sub-processors. Each is bound by their own terms and privacy obligations:
| Provider | What they receive | Purpose |
|---|---|---|
| Apple Inc. United States |
App distribution; if you opt in, crash reports you choose to share with developers via iOS settings | App distribution and platform services |
| Hetzner Online GmbH Germany / Finland |
All account, family configuration, and progress data, stored on servers we operate | Hosting infrastructure (acts on our instructions only) |
| Userback Pty Ltd Australia |
Feedback content submitted by parents (text, screenshots, basic device metadata) | Customer support and product improvement (parents only — never children) |
| Resend, Inc. United States |
Parent email addresses, used only to send password-reset emails when requested | Transactional email delivery |
| Cloudflare, Inc. United States (global edge network) |
Network metadata (IP address, request headers) routed in transit | DNS, traffic security, and performance |
We do not use advertising SDKs, marketing analytics services, or cross-app tracking tools. We do not sell your data, and there is no business model in which we would.
06What we don't collect
- We do not collect children's email addresses, real names, dates of birth, or photos.
- We do not access your contacts, calendar, photos, or location.
- We do not record, store, or transmit microphone audio.
- We do not use third-party advertising, marketing analytics, or cross-app tracking SDKs.
- We do not link Family Quests data with data from other apps for advertising or profiling purposes.
07How we use your information
- To create and maintain your family account and child profiles.
- To run the App's quests, games, and reward features.
- To show parents progress and insights about how their children are using the App.
- To synchronise quests, rewards, and progress across your family's devices.
- To respond to feedback and support requests.
- To send password-reset emails when a parent requests one.
- To detect and prevent abuse, fraud, and security incidents.
- To comply with legal obligations.
We do not use your information for advertising, profiling, or automated decisions that produce legal effects.
08How we keep parent and child data separate
Family Quests is structured so that parent and child accounts have different abilities by design:
- Children cannot register accounts. All child profiles are created by a parent inside the App.
- The feedback widget appears only on parent screens. Children never see it; the underlying SDK is not even initialised when a child profile is signed in.
- Account deletion is parent-initiated only. A child profile cannot delete the family account.
- Email and password-reset are parent-only flows. Children sign in with an account name and password the parent set; they have no email address on file.
This separation is enforced in code, not just by convention.
09Where data is stored and how long we keep it
Account, family, and progress data is stored on servers we operate, hosted by Hetzner in Finland. Data is encrypted in transit (TLS) and at rest. Data may be processed in jurisdictions outside Singapore — including the European Union (Hetzner) and the United States (Resend, Cloudflare, Userback) — depending on the location of our infrastructure providers. Where transfers occur, we rely on appropriate safeguards permitted under applicable law.
Retention
- Microphone audio: Held only in device memory during a round. Discarded when the round ends. Never persisted.
- Account, family, and progress data: Kept while your family account is active.
- Activity and game-result data: Kept while your family account is active so historical progress views remain meaningful for parents.
- Feedback submissions: Kept by us and Userback for up to 24 months for product improvement, then deleted or anonymised.
- Password-reset tokens: Single-use, expire after one hour, then deleted.
- Server logs: Kept for up to 90 days for security and debugging, then deleted.
- After account deletion: All family, parent, and child data is removed within 30 days, including profiles, progress, activity history, and feedback associated with the family.
10Your rights
You can exercise the following rights regarding your data. For child accounts, these rights are exercised by the parent on the child's behalf.
Access and correction
Most of your family's data is visible to you in the App — child profiles, progress, settings, currency balances, game results, and Insights. You can edit these directly through the App's Manage screen. If you want a complete copy of the data we hold about your family, or you need help correcting something you cannot reach in the App, email us at support@aspectlytic.com and we will help.
Deletion
You can delete your family account and all associated data from inside the App: Manage → Delete Account (parent only). Deletion is permanent and cannot be undone. If you cannot sign in to delete your account, see the box below.
Portability and objection
You can request your data in a machine-readable format, or object to certain processing activities, by emailing us. We will respond within 30 days.
If you are in the European Economic Area, the United Kingdom, or California, you may have additional rights under the GDPR, UK GDPR, or CCPA respectively. Contact us and we will honour them. If you are in Singapore, you have rights under the Personal Data Protection Act (PDPA), including the right to withdraw consent and the right to request access and correction; the same contact applies.
11Security
We use industry-standard measures to protect your data: TLS encryption for data in transit, encryption at rest for stored data, hashed passwords, hashed reset tokens, access controls on our infrastructure, and regular security reviews. No system is perfectly secure, but we take this seriously and will notify you and the relevant authorities if a material breach affects your account.
12Children's privacy
Family Quests is intended for use by families. Children use the App through profiles created and managed by their parents — we do not knowingly collect personal data directly from children, and the App does not provide a path for children to register accounts, submit feedback, or otherwise interact with us outside the parent-managed context.
Parents are responsible for the child profiles they create and the information they choose to put into them. If you believe we have inadvertently collected personal data from a child outside this parent-managed flow, please contact us and we will delete it.
For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA) framework: we collect only information necessary for the App to function, do not enable behavioural advertising directed at children, and rely on parental consent (granted when the parent creates the family account) for the limited data we process about children.
13Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify parents within the App or by email before the changes take effect. The "Last updated" date at the top reflects the most recent revision.