Privacy Policy

Last updated: 29 Aug 2025

BackPack is private by design. Sensitive content stays on your device unless you explicitly export or share it.

What We Collect & Why

• Personal info (name, email, parent/guardian phone/email): account creation, sign-in, parent link.
• User content (diary entries, tasks, schedule, AI chats, optional photos you upload): core app functionality.
• Calendar events: show schedules and reminders.
• Diagnostics (crash logs, basic app performance and device identifiers): keep the service reliable and debug issues.
• AI requests: prompts and optional images you send when using AI features, processed to generate replies and to prevent abuse/serious-risk harm.

Data on Your Device (local)

• Stored locally: diary entries, tasks, schedule, calendar, and AI chat history.
• Where: the app’s local storage (e.g., AsyncStorage on iOS/Android).
• Control: export or delete this local data anytime from the in-app Profile page.

Data on Our Servers (minimal)

• Account: a minimal identifier (e.g., username) to keep names unique and manage access.
• Parent/guardian link: a record connecting a parent/guardian to a student account.
• AI requests: text and optional images you submit for AI features; processed only to return results and to enforce safety.
• Diagnostics: basic logs and device identifiers strictly for reliability and abuse prevention.

How We Share Data

We do not sell personal data or use it for third-party advertising. Limited sharing happens only to provide the service:

• AI processing: requests are transmitted to our AI processing backend solely to generate replies and enforce safety.
• Payments: optional purchases are processed by PayPal. We never store full payment card numbers. See PayPal’s privacy policy on their site.
• Hosting/analytics/crash reporting: standard providers that process data on our behalf under contract.

Security

• Encryption in transit: all data sent between the app and our servers uses HTTPS/TLS.
• Access controls: administrative access is restricted and logged.

Retention

We retain server-side data only as long as needed to provide the service, comply with law, or resolve disputes, then delete or de-identify it. Local data remains on your device until you delete it from the app.

Notifications

We schedule local reminders on your device for events you create in the app. We do not send marketing push notifications.

Payments (Parent-Only, External)

• No in-app purchases on student devices. Parents/guardians complete optional paid features on our website (external checkout via PayPal).
• We do not store full payment card numbers.

Safety

If our systems detect potential danger (e.g., self-harm, threats, exploitation), we may notify the linked parent/guardian. We do not provide emergency services—call local services if someone is in immediate danger.

Your Choices

• Export diary or all data (JSON) from Profile.
• Delete local data on the device from Profile.
• Delete account & server data: request deletion via the app or here: Delete Data. Parents/guardians can request on behalf of a child.

Children’s Privacy

BackPack serves students with parent/guardian oversight. Children cannot complete purchases. We do not knowingly allow children to disclose more personal data than needed for the service. Parents/guardians can review, export, or delete their child’s information at any time by using the in-app options or contacting us.

Changes

We may update this Policy periodically. Material changes will be posted here with a new “Last updated” date.