Privacy Policy

Last updated: 2026-06-10

1. Who We Are

Fill Aurelio is a mobile application that helps families track children's chores and savings goals. It is accompanied by a marketing website at fillaurelio.com. Both are operated by:

Berry Farm — the registered trade name (toiminimi) of a Finnish private trader (sole proprietorship), Business ID 3614418-8, registered in the Trade Register maintained by the Finnish Patent and Registration Office (PRH).

Contact: legal@fillaurelio.com

For the purposes of the EU General Data Protection Regulation (GDPR), Berry Farm is the data controller for all personal data described in this policy.

2. Scope of This Policy

This privacy policy covers two separate data collection tracks:

  • App data — personal data collected when you create a family account in the Fill Aurelio mobile app and use its features (chores, books, goals, earnings).
  • Website data — personal data collected when you submit your email address on the marketing website at fillaurelio.com to receive a free printable chore chart and periodic newsletter emails.

These are separate systems. Submitting your email on the website does not create an app account. Deleting your app account does not unsubscribe you from the newsletter. The two data sets are managed by different service providers (see Sections 6 and 7) and are never linked or cross-referenced.

Where a section below applies to only one track, it is labelled accordingly. Where a section applies to both, it is unified.

3. What Data We Collect

We collect only the data necessary to provide each service. We collect no data for advertising, profiling, or purposes beyond what is described here.

3.1 App data

Account data

  • Email address (one per family, used for sign-in)
  • Password (hashed by Supabase Auth — we never see or store plaintext passwords)

Profile data

  • Profile name (parent or child name, as entered by the parent)
  • Avatar emoji selection
  • Profile role (parent or child)
  • Optional PIN (stored as a SHA-256 hash — we never see or store the actual PIN)

Activity data

  • Family name
  • Chore definitions (name and emoji, created by parents)
  • Chore log entries (which child completed which chore on which date)
  • Book log entries (book title, date, which child logged it)
  • Savings goals (title, target amount, start date, completion date)
  • Earning settings (family-specific parameters for the earning formula)

Subscription data

  • Subscription entitlement status (active, trial, or expired) and the associated account identifier, used to determine which features are available (see Sections 7.3 and 11)

Diagnostic data

  • Crash and error reports generated automatically if the app encounters a fault — including the technical error, a stack trace, and limited technical context such as app version, operating-system version, and device model (see Section 7.5). These reports are configured to exclude directly identifying personal data, and we do not collect your IP address through this channel.

3.2 Website data

Newsletter subscription

  • Email address only (submitted voluntarily via the signup form on fillaurelio.com)
  • Subscription timestamp (recorded by our newsletter provider — see Section 7.2)
  • IP address and HTTP referrer at the moment of subscription (recorded by our newsletter provider as standard metadata; not collected or used by us)

Website usage measurement

  • Aggregate, privacy-friendly usage statistics (such as page views and referring sites) collected by our analytics provider (see Section 7.6). This measurement is cookieless, does not use device or advertising identifiers, and does not build a profile of individual visitors.

No name, no postal address, and no phone number is collected through the website form. The form sets no cookies.

3.3 Data we do NOT collect (either track)

  • Location data
  • Advertising identifiers
  • Behavioural tracking or cross-site tracking
  • Photos or media files
  • Contacts or calendar data
  • Health or biometric data
  • Data from other apps on your device

The limited technical context attached to crash reports (Section 3.1) and the aggregate website measurement (Section 3.2) are the only diagnostic or analytics data we process, and neither is used to track or profile you across services.

4. How We Use Your Data

4.1 App data

We use app data solely to provide the Fill Aurelio service:

  • Account data — to authenticate you and secure your family's account
  • Profile data — to identify family members within the app
  • Activity data — to calculate earnings, display progress toward savings goals, and show history
  • Subscription data — to determine which features are available to your account
  • Diagnostic data — to detect, diagnose, and fix crashes and errors so we can keep the app stable and secure

We do not use app data for marketing, profiling, automated decision-making, or any purpose beyond delivering the app's core functionality and keeping it working reliably.

Legal basis (GDPR Art. 6): Performance of a contract — processing of account, profile, activity, and subscription data is necessary to provide the service you signed up for. Diagnostic data is processed on the basis of our legitimate interest in maintaining the security, stability, and proper functioning of the app (Art. 6(1)(f)), using a minimal, PII-reduced data set.

4.2 Website data

We use email addresses submitted through the website signup form to:

  • Deliver the free printable chore chart PDF via a welcome email
  • Send periodic newsletter emails with chore motivation tips and Fill Aurelio product updates

We use aggregate website measurement (Section 3.2) only to understand overall site traffic and improve the website.

Legal basis (GDPR Art. 6): Consent for newsletter subscription. The signup form includes a GDPR consent checkbox that is unchecked by default. Submitting the form requires you to actively check the consent box. You can withdraw consent at any time via the unsubscribe link included in every email, or by emailing support@fillaurelio.com. Aggregate, cookieless website measurement is carried out on the basis of our legitimate interest in understanding and improving site traffic (Art. 6(1)(f)).

We do not use newsletter email addresses for any other purpose. We do not sell, rent, or share them with advertisers or other third parties.

5. Children's Data

This section applies to the app only. The website newsletter is directed at adults (parents and prospective customers); children are not expected to submit their email addresses through the website.

Fill Aurelio is designed for use by families with children. We take children's data protection seriously.

How children's data is handled

  • Parents create all accounts. A parent creates the family account and adds child profiles. Children do not create their own accounts or provide their own email addresses.
  • Children's data is minimal. We store only the child's first name (or nickname), an emoji avatar, chore/book log entries, and savings goal progress. No email, no date of birth, no photos.
  • Parental consent is built into the design. Because a parent must create the account, add child profiles, and configure the app before any child can use it, parental consent is inherent in the setup process.
  • Children cannot share data externally. The app has no social features, no messaging, no public profiles, and no way for a child to share data outside the family.
  • Diagnostic data is technical. Crash and error reports (Section 3.1) capture technical fault information, not children's personal data, and are not linked to individual child profiles.

Applicable law

Under the Finnish Data Protection Act (1050/2018) implementing GDPR Article 8, the age at which a child can independently consent to data processing by information society services is 13 years. For children under 13, parental consent is required — which our app design ensures by requiring parent-initiated account creation.

6. Where Your Data Is Stored

6.1 App data — Ireland (EU)

App data is stored on Supabase, a cloud database platform. Our Supabase project is hosted in Ireland (EU), so your app data remains within the European Economic Area and is subject to EU data protection law.

Supabase uses encryption in transit (TLS) and at rest. For more information, see Supabase's security documentation.

6.2 Website newsletter data — United States (with SCCs)

Newsletter subscription data is processed by Buttondown, a US-based email newsletter service (see Section 7.2 for full processor details). Buttondown stores subscriber data on AWS infrastructure in the United States.

International transfer mechanism: The transfer of newsletter subscriber data to the United States is governed by the EU Standard Contractual Clauses (SCCs), incorporated into Buttondown's Data Processing Agreement. This transfer mechanism is recognised under GDPR Article 46 as a valid safeguard for transfers of personal data outside the EEA.

6.3 Subscription data — United States (with SCCs)

Subscription entitlement data is processed by RevenueCat, a US-based subscription-management service (see Section 7.3). The transfer of this data to the United States is governed by the EU Standard Contractual Clauses (SCCs) incorporated into RevenueCat's Data Processing Agreement, a valid safeguard under GDPR Article 46.

6.4 Diagnostic data — European Union (Frankfurt)

Crash and error reports are processed by Sentry (see Section 7.5) in its European Union data region, hosted in Frankfurt, Germany, so diagnostic data remains within the EEA. Sentry, Inc. is a US-based company; the data itself is stored in the EU region.

7. Data Sharing and Processors

We do not sell your data. We do not share your data with advertisers.

The only third parties that process your data on our behalf are the service providers listed below, each acting as a data processor under GDPR.

7.1 App data processor — Supabase

  • Company: Supabase, Inc.
  • Role: Data processor (database and authentication provider)
  • Hosting location: Ireland (EU)
  • GDPR compliance: GDPR compliant; Data Processing Agreement available through Supabase
  • Sub-processors: Documented at supabase.com/privacy

7.2 Website newsletter processor — Buttondown

  • Company: Buttondown, LLC
  • Address: 406 W Franklin St. #201, Richmond, VA 23221, United States
  • Role: Data processor (newsletter delivery)
  • Hosting location: United States (AWS infrastructure)
  • GDPR compliance: Self-certified GDPR compliant. Data Processing Agreement available at buttondown.com/legal/data-processing-agreement.
  • International transfer mechanism: EU Standard Contractual Clauses (SCCs)
  • Sub-processors: Current list maintained at buttondown.com/legal/subprocessors.
  • Data stored by Buttondown: Email address, IP address and referrer metadata at time of subscription, subscription timestamp
  • Data selling: Buttondown does not sell data to third parties and does not use subscriber data for advertising

7.3 Subscription processor — RevenueCat

  • Company: RevenueCat, Inc.
  • Role: Data processor (subscription receipt validation and entitlement-state storage)
  • Hosting location: United States
  • Data processed: Account identifier (your Supabase user ID), App Store / TestFlight purchase receipts, and subscription entitlement state. RevenueCat does not receive or store raw payment instruments (card numbers, bank details) — those are handled by Apple (see Section 11).
  • International transfer mechanism: EU Standard Contractual Clauses (SCCs) incorporated into RevenueCat's Data Processing Agreement, a valid safeguard under GDPR Article 46
  • GDPR compliance: RevenueCat acts only as a processor under its DPA and our documented instructions. See revenuecat.com/privacy.
  • Retention: RevenueCat retains subscription data in accordance with its own data-retention policy and our processor agreement — including retaining subscriber records after a subscription ends to maintain historical integrity, and as necessary to comply with legal obligations and resolve disputes. Deletion requests are honoured. See RevenueCat's privacy policy for its current retention statement.

7.4 Email processor — Google Workspace

When you email one of our published addresses (for example support@fillaurelio.com), your message is received and stored in our mailbox so that we can read and reply to it.

  • Company: Google. For users in the EEA, the relevant contracting entity is Google Ireland Limited, and the service operates under Google's Cloud Data Processing Addendum.
  • Role: Data processor (email mailbox hosting via Google Workspace)
  • Data processed: The content and metadata of any email you send to our published addresses, which may include any personal data you choose to include in your message.
  • International transfer mechanism: Google processes email data on its global infrastructure; any transfer of personal data outside the EEA is governed by the EU Standard Contractual Clauses (SCCs) incorporated into Google's Cloud Data Processing Addendum, a valid safeguard under GDPR Article 46.

7.5 Error monitoring processor — Sentry

  • Company: Sentry, Inc. (US-based company)
  • Data region: European Union — hosted in Frankfurt, Germany. Error data is stored within the EEA; only the processor entity is US-based.
  • Role: Data processor (error and crash monitoring)
  • Data processed: Automatically generated error events — the technical error, stack trace, and limited request/technical context (such as app version, OS version, and device model). We have configured Sentry to scrub personal data and to disable collection of IP addresses. An account identifier may appear if it is incidentally present in an error's technical context.
  • International transfer mechanism: Storage is in Sentry's EU region; where any processor access involves a transfer outside the EEA, it is governed by EU Standard Contractual Clauses (SCCs) under GDPR Article 46.
  • Retention: Error events are retained according to Sentry's published data-retention schedule (error events are retained for up to 90 days on our plan tier). See docs.sentry.io/security-legal-pii/security/data-retention-periods.

7.6 Website analytics processor — Vercel

  • Company: Vercel, Inc.
  • Role: Data processor (aggregate, privacy-friendly website analytics)
  • Data processed: Aggregate website usage statistics (such as page views and referrers). The analytics are cookieless and do not use device or advertising identifiers; we do not receive data that identifies individual visitors.
  • Scope: Website only. The mobile app contains no analytics.

8. Data Retention

8.1 App data

App data is retained for as long as you have an active Fill Aurelio account. When you delete your account (see Section 9), all associated data is permanently deleted.

Completed savings goals and historical chore/book entries are retained within your account as part of the service — they form your family's history. You can request deletion at any time.

8.2 Subscription data

Subscription entitlement data held by RevenueCat is retained in accordance with RevenueCat's retention policy and our processor agreement (see Section 7.3). Deletion requests are honoured.

8.3 Diagnostic data

Crash and error reports are retained by Sentry according to its published retention schedule (up to 90 days for error events on our plan tier; see Section 7.5).

8.4 Website data

Newsletter subscription data is retained for the duration of your subscription. When you unsubscribe (via the unsubscribe link in any email, or by emailing support@fillaurelio.com), your email address and associated metadata are deleted from Buttondown's systems. Deletion requests are honoured immediately upon receipt. Aggregate website measurement (Section 3.2) is not tied to an identifiable individual and is retained only in aggregate form.

9. Your Rights Under GDPR

The rights below apply equally to app users and website newsletter subscribers. The contact point for exercising any of these rights is legal@fillaurelio.com.

  • Right of access — You can request a copy of all data we hold about you (app account and/or newsletter subscription).
  • Right to rectification — App users: parents can edit profile names, avatars, and correct historical entries directly in the app. Newsletter subscribers: email us to correct your address.
  • Right to erasure ("right to be forgotten")

- App: Delete your entire family account and all associated data from within the app (Settings → Delete account). Deletion is immediate and permanent.
- Newsletter: Use the unsubscribe link in any email, or email support@fillaurelio.com.

  • Right to restrict processing — Contact us at legal@fillaurelio.com.
  • Right to data portability — You can request your data in a machine-readable format. Contact us at legal@fillaurelio.com.
  • Right to object — Since we process app data to provide the service, process diagnostic data on the basis of legitimate interest, and process newsletter data with your consent, this right is effectively exercised by deleting your account, objecting to diagnostic processing, or unsubscribing.
  • Right to withdraw consent — For the newsletter (the only consent-based processing), withdraw at any time via the unsubscribe link or by emailing us. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint — You can file a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): tietosuoja.fi, or with the data protection authority in your country of residence.

10. Data Security

We implement the following security measures:

  • All data transmitted between the app, the website, and our service providers is encrypted with TLS
  • Passwords are hashed using industry-standard algorithms (by Supabase Auth)
  • PINs are hashed with SHA-256 before storage
  • Row-level security (RLS) policies ensure families can only access their own data
  • No app data is stored on your device beyond your authentication session and language preference
  • The website does not set tracking cookies
  • We conduct security audits of our database access policies

11. Subscription and Payments

This section applies to the app only.

If you subscribe to Fill Aurelio, payment is processed entirely by Apple through the App Store. We do not receive, process, or store any payment instrument — no card numbers, no billing addresses, no payment tokens. Apple handles all payment data under its own privacy policy.

We use RevenueCat (Section 7.3) to validate App Store purchase receipts and to store your subscription entitlement state (active, trial, or expired). RevenueCat receives a purchase receipt and your account identifier — not your payment details. We in turn receive only your subscription entitlement state from RevenueCat, which we use to determine which features are available to your account.

12. Cookies and Tracking

12.1 Website

The fillaurelio.com marketing website does not set tracking cookies and does not use advertising or cross-site tracking. We use cookieless, aggregate analytics (Section 7.6) to measure overall site traffic; this does not set cookies and does not identify individual visitors. The email signup form sets no cookies.

12.2 App

The Fill Aurelio mobile app does not use cookies. It stores only an authentication session and your language preference locally on your device.

12.3 If this changes

If we ever introduce cookies or additional tracking on either the website or the app, we will update this policy and — where required by law — seek your consent before the change takes effect.

13. Changes to This Policy

We may update this privacy policy to reflect changes in the app, the website, or applicable law. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically.

14. Contact

For any privacy-related questions or to exercise your rights:

Email: legal@fillaurelio.com

You may also contact the Finnish Data Protection Ombudsman:
Tietosuojavaltuutetun toimisto
Lintulahdenkuja 4, 00530 Helsinki
tietosuoja.fi