Privacy Policy
Last Updated: May 30, 2026 Effective Date: May 30, 2026
Genesis Labs ("we," "us," or "our") operates the Shprd application (the "Service"), a faith-centered family operating system. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.
By using Shprd, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
- Name, email address, and password
- Family role (parent, child, guardian)
- Profile photos (optional)
- Authentication data from third-party sign-in providers (Google, GitHub)
1.2 Family & Household Data
- Family member names, ages, and roles
- Family structure and relationships
- Family settings and preferences
1.3 Application Usage Data
- Bible Study Activity: Reading history, bookmarks, highlights, annotations, reading plan progress, word study notes
- Tasks & Chores: Task assignments, completion records, chore rotations, recurring schedules
- Calendar: Events, schedules, reminders, and Google Calendar sync data
- Points & Rewards: Point balances, earning history, reward redemptions, achievement progress
- Health & Wellness: Health protocols, exercise logs, meal plans (if subscribed to applicable tier)
- Faith & Values: Values assessments, devotional preferences, church integration settings
- Learning & Education: Homeschool progress, learning assessments, curriculum data (if subscribed to applicable tier)
- Emergency Preparedness: Emergency contacts, safety plans, preparedness checklists (if subscribed to applicable tier)
1.4 Children's Information
We collect the following information about children under 13 only with verified parental consent (see Section 8):
- First name and age
- Task/chore assignments and completions
- Points earned and rewards redeemed
- Reading plan progress
- Achievement badges
We do not collect from children: email addresses, precise geolocation, photos (unless parent-uploaded), or any information beyond what is necessary for the child's use of family features.
1.5 Payment Information
- Billing name and email
- Subscription tier and status
- Payment history and invoice records
We do not store credit card numbers, bank account details, or other financial instrument data. All payment processing is handled by Stripe, Inc. (see Section 4).
1.6 Technical & Usage Data
- Device type, browser, and operating system
- IP address (anonymized for analytics)
- Pages visited and features used
- Error logs and performance data
- Cookies and similar technologies (see Section 6)
1.7 Early-Access & Waitlist Information
If you request a pilot invite or join the early-access waitlist before creating an account, we may collect:
- Name and email address
- Household type and selected product goals
- Pilot timing preference and referral source
- Free-text household need or product-fit notes you choose to provide
- Contact consent timestamp and the consent language shown when you submitted the form
- Optional product research opt-in
Please do not include private child, medical, financial, or other sensitive details in early-access free-text fields.
2. How We Use Your Information
We use your information to:
- Provide the Service: Operate family scheduling, Bible study, task management, rewards, and all Shprd features
- Personalize Experience: Customize content, recommendations, and feature access based on your family's preferences and subscription tier
- Process Payments: Manage subscriptions, send receipts, and handle billing through Stripe
- Communicate: Send account notifications, billing alerts, feature updates, and support responses
- Improve the Service: Analyze usage patterns (in aggregate) to improve features, fix bugs, and develop new functionality
- Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
- Comply with Law: Meet legal obligations, respond to lawful requests, and protect our rights
We do not:
- Sell your personal information to third parties
- Use your data for third-party advertising
- Share your family's private data with other Shprd families
- Use children's data for marketing purposes
- Build advertising profiles from your usage
3. AI Features & Data Processing
Shprd includes AI-powered features (such as Shprd AI). When you use AI features:
- Your prompts and relevant context are sent to third-party AI providers (Anthropic, OpenAI) for processing
- AI providers process your data according to their own privacy policies and data processing agreements
- We do not use your AI interactions to train AI models
- AI feature availability and usage limits vary by subscription tier
- Children's data is not sent to AI providers without parental consent
4. Third-Party Services
We share information with the following third-party service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, name, subscription details |
| Convex | Backend database & real-time sync | All application data (encrypted at rest) |
| Cloudflare | Hosting & security | IP address, request data |
| Resend | Transactional email | Email address, name |
| Calendar sync (optional) | Calendar events, when user connects Google Calendar | |
| Tremendous | Charitable donation redemptions | Donation amount, selected charity (no child PII) |
| Anthropic / OpenAI | AI features (Shprd AI) | User prompts and relevant context |
Each provider is bound by their own privacy policies and our data processing agreements. We require all providers to maintain appropriate security measures.
We do not share your data with:
- Data brokers
- Advertising networks
- Social media platforms (unless you explicitly connect an account)
- Any third party for their own marketing purposes
Google User Data and API Services
When you choose to connect your Google account, Shprd requests access to your Google Calendar using the following OAuth scopes:
https://www.googleapis.com/auth/calendar.readonly— to read your calendar events so they can be displayed alongside your family's tasks, routines, and plans inside Shprd.https://www.googleapis.com/auth/calendar.events— to create, update, and delete events on your behalf so that scheduling you do in Shprd stays in sync with your Google Calendar.
We request the narrowest scopes needed to provide calendar synchronization, and we access your Google Calendar data only to deliver that feature. Connecting Google Calendar is optional, and you can disconnect it at any time in your settings, which revokes Shprd's access.
Limited Use disclosure. Shprd's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google Calendar data for advertising, we do not sell Google user data, and we do not transfer or share it with third parties except as necessary to provide and improve the calendar-sync feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you. We do not use Google user data to train generalized or third-party AI/ML models.
5. Data Storage & Security
5.1 Where We Store Data
Your data is stored with the cloud infrastructure providers we use to operate Shprd.
5.2 Security Measures
We implement industry-standard security measures including:
- Encryption at rest and in transit (TLS 1.2+)
- Database replication across multiple availability zones
- Regular automated backups with 99.999999999% durability
- Access controls and authentication for all administrative systems
- Regular security audits and vulnerability assessments
5.3 Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and in-app notification, as required by applicable law.
6. Cookies & Tracking Technologies
Shprd uses the following cookies and similar technologies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session / 30 days |
| Functional | User preferences, language, theme settings | 1 year |
| Analytics | Aggregated usage statistics (no personal tracking) | 90 days |
We do not use:
- Third-party advertising cookies
- Cross-site tracking pixels
- Fingerprinting technologies
You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.
7. Data Retention
We retain your data as follows:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account + 30 days after deletion |
| Billing records | 7 years (legal/tax requirement) |
| Application logs | 90 days |
| Anonymized analytics | Indefinitely |
| Children's data | Deleted within 30 days of parental request or account deletion |
| Early-access and waitlist records | Retained while evaluating pilot access and deleted or archived when no longer needed |
Account Deletion
You may request deletion of your account and associated data at any time by contacting privacy@shprd.us. Upon request:
- Personal data is deleted within 30 days
- Billing records are retained as required by law
- Anonymized, aggregated data may be retained
- All children's data associated with the account is deleted
8. Children's Privacy
Shprd is designed for family use, including features for children. We take children's privacy seriously and are building our practices in alignment with the Children's Online Privacy Protection Act (COPPA). Our current COPPA implementation status is detailed in our compliance documentation. Contact us at privacy@shprd.us with questions about our children's privacy practices.
8.1 Parental Consent Required
- A parent or legal guardian must create the family account
- Children under 13 cannot create their own accounts
- Parents must provide verifiable consent before a child's profile is created
- Parents control all settings for children's accounts
8.2 Parental Rights
Parents and guardians have the right to:
- Review all information collected from their child
- Delete their child's information at any time
- Refuse further collection of their child's information
- Control which features their child can access
To exercise these rights, contact privacy@shprd.us.
8.3 What We Collect from Children
We collect only the minimum information necessary for children to use family features:
- First name (for display within the family)
- Age or age range (for age-appropriate content)
- Task completions and point balances (for the reward system)
- Reading plan progress (for Bible study features)
8.4 What We Do NOT Collect from Children
- Email addresses or contact information
- Precise geolocation
- Photos or videos (unless parent-uploaded on the child's behalf)
- Social media accounts
- Any information beyond what is listed in Section 8.3
8.5 Third-Party Access to Children's Data
We do not disclose children's personal information to third parties except:
- Service providers necessary to operate the Service (see Section 4), under strict data processing agreements
- When required by law or to protect the safety of a child
Children's data is not sent to AI providers without explicit parental consent. We do not send children's data to advertising networks.
8.6 Data Security for Children
Children's data receives the same security protections as all user data (see Section 5), plus:
- Children's profiles are only accessible to parents/guardians within the same family account
- Children's data is never visible to other Shprd families
- Children's data is deleted within 30 days of parental request
9. Your Privacy Rights
9.1 All Users
Regardless of your location, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data in a portable format
- Withdraw consent for optional data processing
- Opt out of non-essential communications
9.2 California Residents (CCPA/CPRA)
If you are a California resident, you additionally have the right to:
- Know what personal information is collected, used, and shared
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
To exercise your California privacy rights, contact privacy@shprd.us or submit a request through your account settings.
9.3 European Economic Area Residents (GDPR)
If you are in the EEA, our legal bases for processing are:
- Contract performance: Processing necessary to provide the Service
- Legitimate interests: Improving the Service, ensuring security
- Consent: Optional features, marketing communications
- Legal obligation: Tax and financial record-keeping
You have additional rights to data portability, restriction of processing, and lodging complaints with your supervisory authority.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you via email and/or in-app notification
- Continued use of the Service after notification constitutes acceptance of the updated policy
For material changes affecting children's data, we will obtain renewed parental consent where required.
11. Contact Us
If you have questions about this Privacy Policy, your data, or your privacy rights:
Genesis Labs Email: privacy@shprd.us
For COPPA-related inquiries (children's privacy), please include "COPPA Request" in the subject line.
For California privacy requests, please include "CCPA Request" in the subject line.
12. Governing Law
This Privacy Policy is governed by the laws of the State of Illinois, United States. Any disputes arising from this policy shall be resolved in the state or federal courts located in Illinois.