Privacy Policy

You own your household's data. We use the minimum information needed to operate the Service and we do not sell it to advertisers or data brokers. Children's data, homeschool records, photographs of student work, and other sensitive content are stored in our infrastructure (Postgres on Railway, Cloudflare R2 for files) and accessible only to authorized members of your household and to recipients you intentionally share with (such as an evaluator you grant a tokenized link to).

You can export your data at any time from Settings → Data & Privacy. You can delete your household at any time from Settings → Danger zone; on deletion we remove your structured data and best-effort delete the associated files in object storage.

Account information — email address, display name, household name, role (parent / child), authentication credentials (or Auth0-provided identifier), timezone, configured homeschool state and academic year boundaries.

Household content you create — calendar events, chore configurations, list items, recipes, meal plans, journals, homeschool subjects, attendance entries, work samples (including uploaded photographs), reading log entries, standardized-test scores, transcripts, filings, compliance documents, and the financial / allowance records you opt to track.

Children's data — for each child added to your household, we collect display name, optional date of birth, optional grade level, the homeschool records you enter on their behalf, and (if the child has their own login) their authentication identifier. Children's data is supplied by the household administrator (parent) on the child's behalf. We do not knowingly collect personal information directly from children under 13.

Service-operational data — pages visited within the app, mutation timestamps, error reports, and IP address at request time. We use PostHog for product analytics on engagement and reliability; we configure PostHog to avoid capturing field-level homeschool record content.

Payment information — handled by Stripe. We do not store full card numbers; we keep a Stripe customer identifier and the subscription state.

• To operate the Service for you and your household — rendering screens, generating PDFs, syncing with calendar providers you authorize, computing compliance status, sending reminder notifications, etc.
• To process billing and respond to support requests.
• To detect, prevent, and respond to fraud, abuse, and security threats.
• To meet legal obligations, including responding to lawful requests for information.
• To improve the Service — diagnose bugs, prioritize features, measure reliability.

We do not use Your Content to train external machine-learning models, sell to advertisers, or share with data brokers. We do not show ads in the Service.

How Lightstead handles children's data.Lightstead is a household-management tool with a parent-managed account model. Children do not register for Lightstead themselves and cannot create accounts directly. A child becomes part of the Service only when a household administrator (parent or legal guardian) adds the child as a member of the household and configures the child's access. We operate as a mixed-audience app under the Children's Online Privacy Protection Act (COPPA, 16 CFR Part 312) and the Google Play Families Policy.

What we collect on a child.When a parent adds a child to the household, we collect: a display name (used in the family member list, chore assignments, and notifications); an optional email address (only if the parent invites the child to set up their own login); an optional grade level (homeschool tracking); the homeschool records the parent enters on the child's behalf (attendance, work samples, grades, reading logs, assessments); and, for child accounts that have their own login, an authentication identifier issued by our identity provider (Auth0). We do not collect a child's government identifier, phone number, address, biometric data, or precise location. EXIF metadata (including GPS coordinates) is stripped from work-sample photographs server-side before storage.

Parental consent.At the point a parent adds a child to the household, the parent affirms in the app that they are the child's parent or legal guardian and that they consent on the child's behalf to Lightstead's collection and use of the child's data as described in this policy. That acknowledgment is transmitted to the server (not just a client-side checkbox) and is recorded on the member record alongside the timestamp and the parent member ID. Without that acknowledgment, the server refuses to create the child member.

How children's data flows to third parties.Children's data is processed by the following third-party service providers in the course of operating the Service: Auth0 (if the child has a login — to issue and validate authentication tokens); Cloudflare R2 (to store work-sample photographs, after EXIF stripping); Sentry (crash and error reporting — opaque numeric member ID only; no email, display name, or homeschool content); and our hosting infrastructure(Railway / Postgres). Children's data is notshared with Stripe (which only processes adult-payer billing), PostHog (web-only and parent-only — see §6), Resend (transactional email; only ever sent to adult parent email or, with the parent's direction, the child's invited email), Google Calendar (parent accounts only), or any advertising, marketing, or data-broker partner. We do not use children's data for behavioral profiling or targeted advertising.

Parental review and deletion rights.The household administrator (parent) can review all data associated with each child member from Settings → Members at any time. The parent can delete an individual child without deleting the household, or delete the household entirely; in either case the child's grades, attendance, work samples, reading log entries, lesson completions, curriculum enrollments, evaluator-share tokens, standardized-test records, and diploma records are cascade-deleted (including soft-deleted rows under hard-delete semantics), and the associated files in object storage are best-effort removed. Brief retention in encrypted backups may apply for disaster-recovery purposes; backups expire on a rolling 30-day window. Backup data is not used for any other purpose.

Direct collection from children. We do not knowingly collect personal information directly from children under 13 outside of the parent-managed flow described above. If you believe a child has provided us personal information directly without parental authorization, contact us at support@lightsteads.com and we will delete the data.

The Homeschool module accepts photographs of student work (work samples). To protect children's location privacy, the Service strips EXIF metadata (including GPS coordinates, camera serial numbers, and capture device fingerprints) from uploaded JPEG and PNG images server-side after upload. This is belt-and-suspenders behind a client-side strip on the mobile app.

HEIC and WebP uploads are not currently strip-able server-side; the mobile client converts HEIC to JPEG before upload to preserve the strip pipeline. Direct web HEIC uploads (uncommon) are stored as uploaded.

We share information only as follows:

• With members of your household — the people you have invited to the household account, per the role + Family Mode permissions you configured.
• At your direction — when you generate an evaluator-share link, send a transcript PDF to a college, mail an inspection packet to a district, or use any other in-app feature that produces output for a third party.
• With service providers — Stripe (billing), Auth0 (authentication, optional), PostHog (web app product analytics only — not used in mobile), Sentry (error reporting; opaque member ID only — no email or display name for child sessions), Cloudflare R2 (file storage), Resend (transactional email delivery — welcome, trial reminders, household invites), Google Calendar API (optional two-way calendar sync; parent accounts only), Expo Push Notification Service (mobile push notifications, if you opt in), Railway (hosting infrastructure), Postgres (database). Each is bound by their own privacy + security commitments. We do not transmit child email addresses to Stripe, PostHog, Sentry, or Google Calendar.
• When required by law — to comply with a subpoena, court order, or other legal process.
• In a business transfer — if Lightstead is acquired or merges, we will notify you and give you reasonable opportunity to delete your account before any data transfer.

We do not sell personal information. We do not share data for cross-context behavioral advertising.

We use commercially reasonable security measures — TLS in transit, encrypted backups, IAM-scoped service credentials, server-enforced authorization on every API request, parent-only enforcement for sensitive flows, tokenized share links with revocation controls, and the EXIF strip described above. No system is perfectly secure; we encourage you to use a strong unique password, enable two-factor where available, and revoke share tokens when no longer needed.

We retain Your Content while your household account is active. You can delete your account at any time — there is no waiting period and no manual review.

How to delete your account (web or mobile):

• Open Lightstead (web at app.lightsteads.com or the mobile app).
• Sign in as a parent (account deletion is parent-only).
• Navigate to Settings → Data & Privacy → Full household export first if you want a copy of your records (recommended — required by many states for homeschool families).
• Navigate to Settings → Danger zone → Delete household.
• Confirm by typing your household name. The deletion is immediate.

What happens when you delete your account:

• Deleted immediately: all members (parent + children), calendar events, chore assignments and history, list items, recipes and meal plans, journal entries, homeschool subjects / attendance / assignments / grades / reading log / standardized tests / work samples / lesson logs, formation records, economy ledger and reward catalog, family wall notes, and your subscription / billing connection to Stripe.
• Best-effort deleted within 7 days: uploaded photos, PDFs, and other files in object storage (Cloudflare R2).
• Retained briefly in encrypted backups: daily encrypted backups retained for up to 30 days for disaster recovery; they automatically expire and are then unrecoverable. We do not restore from backups for any reason other than a household-wide outage.
• Retained for legal/financial compliance: Stripe transaction records (we keep the customer ID + invoice metadata; full card data was never stored by us). These are retained per Stripe's policy and applicable financial-records law.

If you cannot sign in to delete your account — for example, you've forgotten your email or your account was managed by a former co-parent — email privacy@lightsteads.com from any address you can prove ownership of. We will verify your identity and complete the deletion within 7 business days at no cost. See the dedicated Account Deletion page for the full form and identity-verification details.

State homeschool retention reminder: several states require households to preserve homeschool records (attendance, grades, work samples) for multiple years after instruction ends — Pennsylvania, New York, and others. Deletion does not pause those obligations. The account-delete flow surfaces the requirement and offers a one-click export before proceeding.

You may access, export, correct, or delete information about your household at any time. Most rights are self-service through the Settings area:

• Access / export — Settings → Data & Privacy → Full household export.
• Correction — every screen that displays a record allows editing or removal.
• Deletion — Settings → Danger zone → Delete household. Step-by-step instructions on the Account Deletion page and in §8 above.
• Revocation of share tokens — Homeschool → Evaluator share / Inspection packet.

California residents have additional rights under the CCPA / CPRA. Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have additional rights including access, deletion, correction, and opt-out of certain data uses. Email privacy@lightsteads.comfor assistance with any state-specific privacy request.

Lightstead operates from the United States. If you access the Service from outside the United States, your data is transferred to and processed in the United States. If you are in a jurisdiction with strict data- export rules (the EU/EEA, the United Kingdom, others), use of the Service constitutes your consent to that transfer.

We may update this Privacy Policy as our practices or applicable law change. We aim to surface material changes in-app (e.g., via a banner or settings notice) before they take effect. The current effective date is shown at the top of this page; we recommend checking back periodically. If you have a registered account, we will use the email associated with that account to notify you of changes that affect how your data is handled.

Privacy questions: privacy@lightsteads.com. General support: support@lightsteads.com.