Privacy Policy
Last updated: 11 May 2026
1. Who we are
Family Activity Finder is operated by CeeKay Apps. You can reach us at hello@ceekayapps.com.
This policy applies to the Family Activity Finder website, Progressive Web App, and iOS app.
2. Summary
In plain English: we collect the minimum needed to run the service, we do not sell data, we do not use data for advertising, and we do not track you across other apps or websites. You can delete your account from inside the app at any time.
3. What data we collect
3.1 Account information
- Email address (used to sign in via one-time passcode and to send support replies).
- A unique account identifier (a UUID generated by our authentication provider).
3.2 Subscription and payment information
- On iOS, subscription status is managed by Apple StoreKit. We receive a record from Apple confirming whether your subscription is active, including the product purchased, the period it covers, and the renewal status. We do not see your card details, your Apple ID password, or any other Apple account information.
- We store this subscription record in our database to decide whether to show Premium features in the app.
3.3 Search inputs
- The UK postcode you enter for each activity search.
- The age ranges you select for each search (for example 3-5, 6-9).
- The number of searches you make per hour, used to enforce fair-use limits.
- Postcodes are processed to generate activity suggestions. They are not stored permanently on your profile unless you explicitly save a search; even then, only the most recent search is retained.
3.4 Diagnostic data
- If the app crashes or has a performance issue, anonymised crash reports and performance metrics are sent to Sentry. These reports contain technical details such as stack traces, device type, operating system version, and timestamps.
- They do not contain your email, account identifier, or any other personal information; we actively strip this data before sending.
3.5 Analytics (with your consent)
- If you accept analytics cookies, we use Google Analytics 4 to understand how the app is used in aggregate. We record events such as searches performed, features used, and pages visited.
- We do not pass your account identifier or email to Google Analytics.
-
We do not allow Google Analytics to use this data for advertising.
The Google Consent Mode flags
ad_storage,ad_user_data, andad_personalizationare permanently denied in our configuration. - If you decline analytics cookies, none of this data is collected.
3.6 What we do NOT collect
- We do not collect or store your precise device location (GPS).
- We do not access your contacts, photos, calendar, or other device data.
- We do not collect information about children. Age ranges entered for searches refer to your children's ages for activity recommendations; we do not link these to identifiable individuals.
- We do not use the Apple Identifier for Advertisers (IDFA).
- We do not load advertising scripts.
4. How we use your data
- To run the service: process your searches, return activity suggestions, manage your subscription, and provide customer support.
- To enforce fair-use limits: count searches per hour against your plan's allowance.
- To improve the app: in aggregate analytics (with your consent) and through anonymised crash reports.
- To meet our legal obligations: respond to lawful requests, and retain financial records for accounting and tax purposes.
5. Third parties that process your data
5.1 Supabase (authentication and database)
- Data shared: your email, account identifier, profile data, search history, subscription record.
- Purpose: account management and data storage.
- Based in: United States and European Union, depending on region.
- Privacy policy: supabase.com/privacy
5.2 OpenAI (activity suggestion generation)
- Data shared: the UK postcode and age range you enter for each search, sent to the GPT-4o model to generate activity suggestions.
- Purpose: generate the list of activities returned to you.
- Based in: United States.
- OpenAI does not use API inputs to train its models by default, and we use the API in this default configuration.
- Privacy policy: openai.com/policies/privacy-policy
5.3 Apple (subscription processing on iOS)
- Data shared: subscription transactions, processed entirely by Apple.
- Purpose: process and verify in-app purchases on iOS.
- Privacy policy: apple.com/legal/privacy
5.4 Google (analytics, with your consent only)
- Data shared: anonymised usage events, no account identifier.
- Purpose: aggregate product analytics.
- Based in: United States.
- Privacy policy: policies.google.com/privacy
5.5 Sentry (anonymised crash reports)
- Data shared: stack traces, device type, OS version, anonymised. No email, no account identifier.
- Purpose: identify and fix crashes and performance issues.
- Based in: United States.
- Privacy policy: sentry.io/privacy
5.6 Postcodes.io (postcode geocoding)
- Data shared: the UK postcode you enter.
- Purpose: convert postcode to approximate coordinates for activity search.
- Based in: United Kingdom.
- Privacy policy: postcodes.io/about
5.7 Open-Meteo (weather information)
- Data shared: approximate coordinates derived from your postcode.
- Purpose: return weather information to help with activity recommendations.
- Based in: Germany.
- Privacy policy: open-meteo.com/en/terms
5.8 Railway and Cloudflare (hosting and content delivery)
- Data shared: standard server access logs (IP address, request timestamp, requested URL).
- Purpose: deliver the app and protect against abuse.
- Based in: United States.
- Railway privacy policy: railway.com/legal/privacy
- Cloudflare privacy policy: cloudflare.com/privacypolicy
6. How long we keep your data
- Active accounts: as long as your account exists.
- After account deletion: account data is deleted from our live database immediately. Encrypted database backups are retained for up to 30 days for disaster recovery purposes only. After 30 days, all personal data is purged from backups.
- Anonymised analytics data: retained according to Google Analytics 4 default retention (14 months).
- Anonymised crash reports: retained according to Sentry default retention (90 days).
- Financial records relating to subscriptions are retained for six years to meet UK tax law requirements.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and personal data. You can do this from inside the app: Account menu, then Delete Account.
- Object to processing or restrict how we use your data.
- Receive a copy of your data in a portable format.
- Withdraw consent for analytics at any time by clearing your cookies or changing your consent preference.
- Complain to the UK Information Commissioner's Office at ico.org.uk.
To exercise any of these rights, contact hello@ceekayapps.com.
Important note about your Apple subscription: deleting your Family Activity Finder account does NOT cancel your Apple subscription. You must manage Apple subscriptions through your iPhone Settings (Apple ID, then Subscriptions) or at apps.apple.com/account/subscriptions.
8. Children
- Family Activity Finder is intended for use by parents, guardians, and other adults arranging activities for children.
- We do not knowingly collect personal information from anyone under the age of 13.
- Age ranges entered into the search form refer to the ages of the children you are planning activities for, not the age of the account holder.
- If you believe a child under 13 has provided personal information, please contact hello@ceekayapps.com and we will delete it.
9. Cookies and similar technologies
- We use a small number of cookies and similar technologies.
- Essential cookies: required for the app to function, for example authentication and security. These cannot be switched off.
- Analytics cookies: used only if you accept them via the cookie consent banner. You can change your preference at any time by clearing your browser's cookies and revisiting the site.
10. International transfers
- Some of our service providers are based outside the United Kingdom and the European Economic Area.
- Where data is transferred outside the UK, we rely on the safeguards required by UK GDPR, including the UK International Data Transfer Agreement and the EU Standard Contractual Clauses.
11. Changes to this policy
- We may update this policy from time to time. When we do, we will update the "Last updated" date at the top.
- If we make significant changes, we will notify you by email or via a notice in the app.
12. Contact
For any questions about this policy or how we handle your data, email hello@ceekayapps.com.