Security & Privacy

We use this for our own family, so we take security seriously.

Your family’s information is encrypted and under your control at all times.

🚫

We will never sell your data.

Your family's data belongs to you. We use Vercel Analytics for anonymised page-load performance only. We do collect your approximate location (country, region, city) from your IP address at registration for security and compliance purposes - see our Privacy Policy for details.

🔒

Encrypted at every layer

TLS 1.2+ in transit. AES-256 at rest via MongoDB Atlas. Passwords hashed with bcrypt. Session tokens are HTTP-only, same-site cookies with short expiry.

Data we collect

Only what the app needs to work.

We collect the minimum data required to deliver the product. Here’s an honest summary.

Account

Name, email, password hash, Google ID (if using Google Sign-in)

Authentication and account recovery

Goals & progress

Goal titles, sticker logs, reward names, frequency settings, mood check-ins

Core product functionality - tracking and reporting

Collaboration

Invitee email, role assignment, access timestamps

Multi-user sharing (parents, therapists, family members)

Standards we follow

✓Hosted on Vercel (SOC 2 Type II) + MongoDB Atlas (ISO 27001, SOC 2)
✓HTTPS-only - all cleartext connections redirected
✓Content Security Policy, HSTS, and X-Frame-Options headers

Responsible disclosure

If you find a security vulnerability, please report it to us privately. We take all reports seriously and will respond within 48 hours.

Report a vulnerability

hello@superepicgoals.com

Your rights

You own your data. You can exercise any of these rights at any time.

Access & export

Request a full copy of all data we hold about your family.

Correction

Ask us to correct any inaccurate personal information.

Deletion

Request permanent deletion of your account and all associated data.

Questions?

Read our full Privacy Policy or Terms of Service, or get in touch.