Privacy Policy
Who we are
yeswekanban is a small operation based in the United States. We run a product that helps parents pay their kids for structured learning work. This policy explains what data we collect when you use the product, what we do with it, and the choices you have.
We're writing this in plain language on purpose. If anything is unclear, email legal@yeswekanban.app and we'll explain.
What we collect
Account information
When you sign up we collect your email, your chosen username and display name, and a hashed copy of your password (we never see your plaintext password). If you set up a family account, we collect the same information for your kid, plus their age.
If you enable multi-factor authentication (MFA), we additionally store your authenticator enrollment (the TOTP secret or your email-OTP preference) and one-way hashes of any recovery codes you generate. We never see the codes in plaintext after the moment you save them.
Product activity
As you use the product we record the goals you set, the plans you generate, the work your kid logs (hours, completed tasks, uploaded artifacts), the invoices created, and the messages exchanged with our AI assistant (Kanbi).
Payment information
When you subscribe we collect billing email and the last four digits / brand of your payment method for receipts and display. We do not store full card numbers — those go straight to Stripe.
Technical metadata
On every request we receive your IP address, browser user-agent, and approximate geographic region (derived from IP). We record a short audit trail of sensitive actions (sign-ins, payment events, consent records, deletions) including the IP address at the time of the action.
Analytics
For signed-in account owners and anonymous landing-page visitors, we capture product usage events through PostHog (page views, button clicks, signup funnel steps). Kid sessions are explicitly excluded from analytics — we do not send kid events, identify any kid to PostHog, or record session replay on kid sessions. This is enforced server-side.
Why we collect it
- To provide the product — store your plans, log work, generate invoices, deliver AI conversations, render the dashboard.
- To bill you and produce receipts for subscriptions.
- To send transactional email — sign-in links, receipts, important account notices.
- To keep the product safe — detect abuse, debug errors, recover from incidents using the audit trail.
- To improve the product — anonymous usage analytics tell us which features matter (owners only, never kids).
- To comply with the law when we have to.
We do not use your data for advertising, we do not build profiles to sell, and we do not share data with data brokers.
Who we share with (sub-processors)
To run the product we rely on a small set of vendors. We share only what each vendor needs to do its job. We never sell your data. The same list appears in the parent-consent flow shown at signup — we keep them in sync.
- Supabase (United States) — Postgres database, authentication, and file storage. Holds your account, profile, plans, work logs, chat history, and uploaded artifacts.
- Vercel (United States) — application hosting and CDN. Serves the site and processes every request.
- Stripe (United States) — payment processing and bank linking via Plaid. Handles parent payments and any future kid payouts. Card data is collected by Stripe directly; we never see or store it.
- Anthropic (United States) — AI features (planning and tutoring conversations with Kanbi). User-supplied messages are sent to Anthropic for inference. Under our enterprise terms, Anthropic does not use these messages to train their models.
- Resend (United States) — transactional email delivery (sign-in links, receipts, notifications). Your email address and the message body transit Resend.
- PostHog (United States) — product analytics for account owners and anonymous visitors. Kids are excluded.
- Cloudflare (United States) — DNS and inbound email routing. Email you send to any address at our domain transits Cloudflare before being forwarded; the envelope, subject, and body are visible to Cloudflare in transit.
- Axiom (United States) — off-platform audit log retention. Receives a mirror of activity events (sign-ins, payment events, plan transitions, security-relevant actions) including the affected internal account / profile IDs, IP address, user agent, and event type. We use this so a successful attack on our primary database cannot also erase the forensic trail. Axiom does not receive chat content, plan goal text, kid display names, or financial details.
- Web push services(Apple Push Notification Service, Google Firebase Cloud Messaging, Mozilla Push Service — depends on your browser). If you enable push notifications, the notification title and body transit your browser-vendor's push service. We only send short status notices (e.g. "Week 1 complete") — never chat content or full plan text.
We'll update this list before adding a new sub-processor. Account owners who've enrolled a kid get an in-product re-consent prompt when the list materially changes.
Kids under 13 and parental rights (COPPA)
The Children's Online Privacy Protection Act (COPPA) sets rules for how online services handle data from kids under 13. yeswekanban is 13-and-up at this time. We do not knowingly collect data from kids under 13.
Even for kids 13 and older, we treat kid accounts more carefully than adult accounts. Here's how:
- Only a parent or legal guardian can create a kid account. The parent creates and owns the account, agrees to a parent-consent text at signup, and stays the contact of record. Kids cannot sign themselves up.
- We collect the minimum. From a kid we hold: their display name, age, the goals they set, the work they log, the messages they exchange with our AI assistant, and the invoices they generate. We do not ask kids for phone numbers, location, photos beyond optional work artifacts they choose to upload, or social media handles.
- Kids are excluded from analytics and session replay. PostHog never sees a kid event. Our server-side identify call uses only the parent owner's ID.
- Kids' conversations are not used to train external AI models.Anthropic processes them under enterprise terms that prohibit training. We don't train our own model either.
- Parents can review, correct, or delete a kid's data anytime. Go to Settings: you can rename the kid, change their settings, archive them, or delete the entire account.
- Parents can withdraw consent at any time. Withdrawing consent pauses the kid's account, blocks further AI conversations, and lets you delete the account on your schedule.
If you're a kid reading this:ask your parent if you have a question about your account. Your parent set it up and they're the one we'll talk to about your data.
If you believe a kid under 13 has somehow created an account or submitted personal information, email legal@yeswekanban.app and we will delete the account and the associated data promptly.
Your rights
- Access.You can see your account's data in the product. Account owners can download a JSON copy on demand from Settings → Privacy — multi-factor verification required, limited to one export per hour. The export includes the data we hold about your account but not password hashes, multi-factor authentication secrets, recovery codes, third-party billing identifiers (Stripe customer / subscription / payment IDs), GitHub access tokens, or our internal operational risk assessments.
- Correction.Edit your profile, your kid's profile, plans, and work logs from within the app. Email us if something doesn't have an in-app edit affordance and you want it changed.
- Deletion. Delete your account anytime from Settings → Delete account. This cascades to your kid profiles, plans, logged work, chat history, and uploaded artifacts; it also cancels your Stripe subscription and removes your auth user. Residual copies in encrypted infrastructure backups age out within 30 days (see How long we keep data, below).
- Export. See Access above — the same Settings → Privacy download satisfies both your right of access and your right to data portability.
- Complain.If we've mishandled your data, tell us at legal@yeswekanban.app and we'll fix it.
International users and transfers
yeswekanban is a US-based service. Our vendors are US-based. If you're using the product from outside the United States, your data will be processed in the United States. We are not currently set up to provide GDPR-specific or other region-specific guarantees beyond what is described in this policy. If that's a problem for you, please don't use the product.
How long we keep data
- Account data stays as long as your account exists. Delete the account and we delete the data.
- After deletion, residual copies in encrypted infrastructure backups managed by our database provider age out according to that provider's standard retention schedule (typically within 30 days). After that they are unrecoverable.
- Audit logs (sign-ins, payment events, consent records) we keep for up to 13 months for fraud and dispute resolution, then prune.
- Striperetains payment records on its own schedule for tax and dispute purposes (typically 7 years for financial records); we cannot delete those out of Stripe's systems.
- Emailwe've sent you stays in Resend's sending logs per Resend's retention policy.
Security
We use industry-standard practices: TLS in transit, encryption at rest for database and storage, password hashing via Supabase Auth, MFA available for owners, row-level security policies in the database that prevent one family's data from being read by another. If you find a vulnerability, our security policy explains how to report it.
We're a small team. We don't hold SOC 2, ISO 27001, or HIPAA certifications and we don't claim to. If you need a service with those, this isn't the right product for you yet.
Changes to this policy
When we materially change this policy (adding a sub-processor, changing a data practice, expanding retention) we'll email account owners with the new effective date, and re-prompt parent-consent in the app for family accounts. Minor edits (wording, formatting, fixing typos) we'll just update the Last updated date at the top.
Contact
For any privacy question, request, or complaint, email legal@yeswekanban.app. We're a small team — we may take a few business days to reply, but we read everything.