Effective May 14, 2026

Xtra Hands is a chore-and-allowance app for households with members, run by Xtra Hands (“we,” “us”). This page explains what we collect, how we use it, and what we will never do with it. We tried to write it the way we would want to read it.

What we collect from parents.

When you create a household account, we collect:

• Your email address and a hashed password, or — if you choose to sign in with Google — the Google account identifier and email Google shares with us.
• Your display name, household name, and timezone.
• A subscription identifier tied to your Apple or Google purchase, plus the tier you bought. Your card details go to Apple or Google when you subscribe in the app and never reach our servers — we do not see your card number, last-four digits, or billing address.
• Server logs needed to keep the service running: IP address, browser type, request timestamps, and crash diagnostics.

What we collect from members.

Member records are created by a parent and are intentionally minimal. Members do not register, do not provide an email, and cannot be billed. For each member the parent adds, we store:

• A first name or nickname (your choice — many parents use just an initial or a chosen handle).
• A 4–6 digit PIN, stored only as a one-way hash. We cannot recover or display it; if a member forgets, the parent resets it.
• A push token for the member’s device, used solely to deliver chore reminders to that device.
• Chore completions, ledger balance, and earnings/expense entries — the data the app needs to do its job.

We do not collect a member’s real name, school, location beyond timezone, photos, contacts, or any browsing data outside the app.

How we use what we collect.

We use household and member data only to run the service: to display chores and ledger balances to the right people, to deliver push reminders, to bill the parent for the subscription, and to keep the app secure and working. We use parent email addresses to send transactional emails — receipts, password resets, and major service announcements. We do not send marketing emails to members. We do not send marketing emails to parents that they did not opt into.

What we do not do.

• We do not sell your data — to anyone, ever.
• We do not show ads in the app, on the parent web admin, or on the member surface. Not now, not later.
• We do not run ad-network pixels (no Google Ads, no Meta/Facebook Pixel, no LinkedIn Insight, no TikTok Pixel).
• We do not run behavioral remarketing or share data with data brokers.
• We do not profit when a member spends. The only revenue model is the parent’s subscription.

Cookies and analytics.

We use a small number of essential cookies to keep you signed in, prevent CSRF attacks, and remember your cookie-consent choice. These are required for the service to work.

We may use Google Analytics (or a privacy-respecting alternative) to count page views and understand which features parents actually use. If we do, it is gated behind your cookie-consent choice — you can decline and the app still works. We share aggregate counts only; nothing that could identify you or your members leaves our infrastructure.

Payments.

Subscriptions are sold inside our mobile apps via the Apple App Store (iOS) and Google Play Store (Android). When you subscribe in the app, your payment details go directly to Apple or Google — they never touch our servers. We receive a subscription identifier and the tier you bought; we never see your card number, last-four digits, or billing address. Apple’s and Google’s privacy practices govern the data they collect from you in this flow: Apple, Google Play.

Members’s privacy and parental control.

Xtra Hands is designed to be used by members, but only inside a household that a verified parent has set up. Under U.S. COPPA and similar regimes, a member record is created with parental consent (the parent agrees to these terms when they create the account and add the member).

Parents control everything for their members:

• Adding, renaming, or removing a member record.
• Resetting a forgotten PIN.
• Revoking a paired device.
• Requesting a copy or deletion of any of the member’s data.
• Deleting the household entirely (which deletes every member record permanently).

We do not knowingly collect personal information from a member outside of a parent-verified household. If you believe we have, contact us at the address below and we will delete it.

Your rights.

Wherever you live, you can:

• Access and download a copy of the data we hold about you and your household.
• Correct anything that is inaccurate.
• Delete your household, which permanently removes the parent account, every member record, every chore, and every ledger entry.
• Object to processing or withdraw consent for analytics at any time.

Most of these are self-serve in the dashboard. For the rest, email us — we will respond within 30 days.

Data retention.

We keep your household data for as long as the account is active. After you delete the household, we wipe the records from our primary database immediately and from encrypted backups within 30 days. We may retain billing records longer where tax law requires it.

Security.

We hash passwords and member PINs with industry-standard one-way functions. Traffic is served over HTTPS. Database access is locked down to production infrastructure. No system is perfectly secure, but we treat your data the way we treat our own family’s.

International users.

Our infrastructure is in the United States. By using Xtra Hands from outside the U.S., you agree that your data is transferred to and processed in the U.S. We honor data-subject requests under GDPR and equivalent laws — see “Your rights” above.

Changes to this policy.

If we change this policy in a way that materially affects how we handle your data, we will email parents at least 30 days before the change takes effect and update the “Effective” date at the top.

Contact.

Questions, concerns, or data requests: support@xtrahands.app.