Resilient Kids
Notify me at launch

Privacy Policy

Effective date: April 21, 2026 Last updated: May 4, 2026

1. Who we are

Resilient Kids (“Resilient Kids,” “we,” “us,” or “our”) operates the website at resilient.kids and a mobile application that delivers weekly, age-timed, evidence-informed guidance for adult caregivers raising children. This Privacy Policy covers both the website and the app, and explains what information we collect, how we use it, who we share it with, and what choices you have.

  • Legal entity: Resilient Kids LLC (a Delaware limited liability company)
  • Contact: research@resilient.kids
  • Address: 2810 N Church St #769322, Wilmington, DE 19802, USA

If you do not agree with this policy, please do not use the website or app.

2. Who the app is for

Resilient Kids is intended for adult caregivers (18 years or older). The app is not directed to children, and children may not create accounts or use the service directly. Parents and other caregivers may, at their discretion, enter limited information about a specific child in their household — see Section 4 for how we handle that.

3. What information we collect

3.1 Information you provide directly

  • Account information — your email address, display name, and (if you create a password-based account) a hashed password. If you sign in with Apple or Google, we receive the email address and user identifier those providers share with us.
  • Household information — a household name, one caregiving role per member (owner, collaborator, or viewer), and invite codes you generate or enter.
  • Child information you enter — the child’s first name (or nickname) and date of birth, which we use to compute the current week of guidance to show you. You are not required to use the child’s legal name or exact birthdate; you may use a nickname and an approximate date.
  • Phone number — only if you opt in to receive SMS notifications. The number is collected solely to deliver the SMS messages you have asked for. We do not share your number with any third party for that party’s own marketing, and your number is not used for marketing by us. See Section 3.5 below for the full SMS data flow and Section 9 for opt-out.
  • Progress and usage notes — which weeks you’ve marked complete, which action items you’ve checked off, achievements earned, and any free-text notes you choose to save in the app.
  • Communications — if you email research@resilient.kids or send feedback through the app, we keep a record of that correspondence.

3.2 Information collected automatically

  • Device and app information — device type, operating system version, app version, language and region, and the time zone reported by your device. This helps us schedule local reminders and troubleshoot issues.
  • Log data — when the app communicates with our servers, we may log the request time, general location (derived from IP at city level, not stored long-term), and any error messages produced.
  • Crash reports — if the app crashes, a crash report may be sent to us so we can diagnose and fix the issue. Crash reports do not include the content of your notes or child information.

We do not use advertising SDKs, third-party analytics trackers, or behavioral advertising identifiers in our mobile app. On our website (resilient.kids), we use Google Analytics 4 for basic, aggregated traffic measurement — see Section 3.4 below. We do not sell your personal information. We do not share personal information with data brokers.

3.3 Information from third-party services

  • Apple or Google Sign In — if you choose to sign in with Apple or Google, the respective service sends us a verified user identifier and, with your permission, your name and email address. Apple offers the option to hide your email behind a private relay; if you choose that, we receive a relay address and cannot see your real address.
  • Apple App Store / Google Play subscriptions — when you purchase or renew a subscription inside the app, Apple or Google processes the payment. We do not receive your credit card number, bank details, or full billing address. We do receive a purchase receipt that tells us which plan you bought and when it renews or expires.
  • RevenueCat — we use RevenueCat to manage subscription receipts and confirm your subscription status across devices. RevenueCat processes your purchase identifiers, platform user ID, and subscription state. RevenueCat’s privacy notice: revenuecat.com/privacy

3.4 Website analytics and cookies

On our website (resilient.kids), we use Google Analytics 4 (“GA4”) to understand how visitors use the site — which pages are viewed, which links are clicked, and where visitors come from. GA4 is configured with IP anonymization and does not link website activity to your app account.

GA4 sets cookies in your browser (typically named _ga and _ga_*) to distinguish unique visitors. The data GA4 collects includes your IP address (truncated before storage), browser type and version, device type, operating system, referring URL, pages viewed, and approximate geographic location derived from IP at the city level.

You can opt out of GA4 by installing the Google Analytics Opt-out Browser Add-on or by blocking cookies from google-analytics.com in your browser. We honor the Global Privacy Control (GPC) signal where technically feasible.

Google’s privacy notice: policies.google.com/privacy

3.5 SMS notifications (when you opt in)

SMS is one of the notification channels you can enable in Settings → Notification Preferences. SMS is always opt-in — never default-on. The full SMS program terms (categories, frequency, opt-out, HELP keyword, message and data rates) live in our Terms of Service, Section 19.

What we collect when you opt in to SMS:

  • Your phone number, used solely to deliver the messages you have asked for.
  • The per-category opt-in toggles you set (Account Security, Advisor Updates, Weekly Digest, Household Changes), recorded with timestamp in our event log so we can prove consent was collected and process opt-outs reliably.
  • Delivery metadata for each message we send (timestamp, message ID, delivery status, bounce or unsubscribe events). We use this to debug delivery failures and to honor opt-out requests.

How SMS is delivered. We do not run our own SMS infrastructure. We use Twilio, a US-based communications platform, as our SMS sub-processor. We hand Twilio your phone number and the message body; Twilio routes the message to your wireless carrier (AT&T, T-Mobile, Verizon, or other) for delivery to your device. Twilio is contractually bound to process this data only on our instructions and only to deliver our messages. Twilio’s privacy notice: twilio.com/legal/privacy

What we do NOT do with your phone number:

  • We do not sell your phone number.
  • We do not share your phone number with advertisers, data brokers, or any third party for that party’s own marketing.
  • We do not use your phone number for marketing — only for transactional, account-related notifications you have opted in to receive.
  • We do not use SMS for behavioral profiling, ad targeting, or analytics beyond delivery reliability.

How to opt out of SMS: reply STOP to any message, or toggle SMS off per category in Settings → Notification Preferences. Either path takes effect within seconds. Full opt-out details in Terms of Service § 19.5.

4. How we handle children’s information

We treat the limited child-related information you enter with care.

  • It is stored only in association with your household, behind the same row-level security policies that protect your own account.
  • It is never shared with advertisers or data brokers.
  • You can delete the child’s entry at any time from the Household tab, which removes the name and birthdate from our database.
  • We do not build behavioral profiles of children based on what you enter.
  • We do not knowingly collect personal information directly from anyone under 13. If you believe a child has created an account, contact research@resilient.kids and we will delete it.

Because children are not direct users, the Children’s Online Privacy Protection Act (“COPPA”) does not require a verifiable-parental-consent workflow for this app. We nonetheless follow COPPA-aligned practices for the child information parents provide voluntarily.

5. How we use your information

We use the information described above to:

  1. Operate the app — authenticate your sign-in, compute the current week of content for your child’s age, sync progress across your caregiver accounts, and deliver reminders you’ve opted into.
  2. Manage subscriptions — confirm your subscription status, grant access to paid features, and honor the 30-day money-back guarantee described in our Terms of Service.
  3. Communicate with you — send important service notices (for example, a security notice or a change to these terms). We will only send marketing emails if you’ve explicitly opted in, and you can unsubscribe at any time.
  4. Improve the service — fix bugs, understand which features are used, and inform future development. We do this using aggregated, de-identified data wherever possible.
  5. Comply with law — respond to lawful legal process, enforce our Terms of Service, and protect the rights, property, or safety of Resilient Kids, our users, or others.

We will not use your personal information for any purpose that is materially different from the purposes listed above without notifying you.

6. Who we share information with

We share your information only as described below.

  • Infrastructure providers — we use Supabase (Postgres database, authentication, file storage) to host your account and content. Supabase processes data on our behalf under a data processing agreement.
  • Subscription management — RevenueCat, as described in Section 3.3.
  • Payment processors — Apple App Store and Google Play, as described in Section 3.3.
  • Email delivery — we use Brevo (formerly Sendinblue) to send account, transactional, and opt-in newsletter emails. Brevo processes your email address and the content of the messages we send in order to deliver them. Brevo’s privacy notice: brevo.com/legal/privacypolicy
  • SMS delivery — we use Twilio to send the transactional SMS notifications you have explicitly opted in to receive (see Section 3.5). Twilio processes your phone number and the message body in order to route messages to your wireless carrier for delivery to your device. Twilio’s privacy notice: twilio.com/legal/privacy
  • Website analytics — we use Google Analytics 4 to measure website traffic, as described in Section 3.4. Google processes this data on our behalf.
  • Legal and safety — we may disclose information if we believe in good faith it is required by law, court order, or subpoena, or necessary to investigate fraud or protect the safety of people or property.
  • Business transfers — if Resilient Kids is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We will never sell your personal information or the information you enter about your child.

7. Where your information is stored

Your information is stored on servers located in the United States, operated by our infrastructure providers (primarily Supabase). Resilient Kids is intended for caregivers located in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws different from those in your country.

8. How long we keep your information

  • Account information — kept while your account is active and for up to 30 days after you delete it, so that accidental deletions can be reversed. After 30 days, your account data is purged from production databases. Backups are retained for up to 90 days and are then purged.
  • Subscription records — retained as long as required by Apple, Google, and applicable tax law, typically 7 years.
  • Support correspondence — retained for up to 2 years unless a longer retention is required by law.
  • Crash and diagnostic logs — retained for up to 90 days.

9. Your rights

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is inaccurate or incomplete.
  • Deletion — delete your account and associated personal information. You can do this from Settings → Delete Account, or by emailing research@resilient.kids. Account deletion runs through a 7-day soft-delete window — you can change your mind. After 7 days, every event your household generated is permanently removed.
  • Portability — receive a copy of your personal information in a structured, machine-readable format.
  • Opt out of marketing — unsubscribe from any marketing emails we send.
  • Withdraw consent — where we rely on consent to process your data, withdraw that consent at any time.

Note on data export. A self-serve export of every event your household has generated is live in the app — open Settings → Account → Export my data. We email a secure download link to the address on your account within 72 hours; the link stays valid for 24 hours and the export covers everything your account has access to (events, accounts you co-caregive, served content history, notifications). You can also request an export by emailing research@resilient.kids if you prefer.

Residents of California have additional rights under the California Consumer Privacy Act, including the right to know what personal information we have collected and the right to request deletion.

To exercise any of these rights, contact research@resilient.kids. We will respond within the time required by applicable law.

10. Security

We use industry-standard practices to protect your information, including:

  • Encryption in transit (HTTPS/TLS) between the app and our servers.
  • Encryption at rest for data stored in our primary database.
  • Row-level security in the database so one household’s data cannot be read or modified by another.
  • Hashed passwords (we never store plaintext passwords).
  • Access controls that limit which Resilient Kids personnel can see production data.

No method of transmission or storage is 100% secure. If we learn of a breach that materially affects your personal information, we will notify you as required by applicable law.

10.5 Public content provenance — what is not covered

To keep our published content auditable, every content version Resilient Kids publishes — and every advisor sign-off recorded against it — is hash-anchored on a public Hedera consensus log. These anchors carry no personal information: only the content version’s identifier, the advisor’s published identity (name + credential, the same information shown on the public Governance Ledger), the cryptographic hash of the content, and the on-chain timestamp. No event a household or caregiver emits is ever anchored on-chain. See /trust for the full public record and /governance for advisor information.

11. Third-party links

The app may contain links to external websites or resources. We are not responsible for the privacy practices of third parties. Please review their privacy notices before providing information to them.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by email before the changes take effect. The “Effective date” at the top of this document reflects the most recent revision.

13. Contact us

Questions, concerns, or requests? Email research@resilient.kids and include “Privacy” in the subject line.