Privacy Policy

Last updated: 2026-06-03 · This is a template. Replace the contact details before publishing.

This server is self-hosted by the people who run it. The administrators of this specific deployment are responsible for how it treats your data. This document describes what the software does — adapt it for your deployment before publishing.

What we collect

• Account details — your email, username, display name, and a password hash (Argon2id, salted; the plaintext password is never stored).
• Group / family data — the groups you belong to, your role (Owner or Co-owner), and license seat usage.
• User and board data — the names of the people whose boards you build, the tiles on those boards, and any photos or sound recordings you upload.
• Device metadata — when each paired device was created, its label, and when it last contacted the server. Device tokens are stored only as SHA-256 hashes.
• Session data — opaque session identifiers in HttpOnly + Secure cookies, with payloads held in Redis for the session's lifetime.
• Transient request data — IP addresses and request timing appear in server access logs and in the in-app audit log. Audit-log IPs are pseudonymised to a /24 (IPv4) or /48 (IPv6) after a short fresh window (default 7 days) and the whole entry is deleted after the retention window (default 365 days).
• Anonymous usage analytics — daily counters per feature name (e.g. "a board was created today, N times"), with no user, family, device, IP, or content attached. Used to keep the service secure and improve it. The full list of tracked event names is visible to your administrator on the Privacy & GDPR page.

What we do NOT collect

• No third-party analytics or trackers.
• No advertising identifiers.
• No location data.
• No contacts, calendar, photos library, or device data beyond what you explicitly upload through the editor.

How data flows

All communication between your browser or device and our server is encrypted with TLS. Internally, traffic between the reverse proxy and the application server is authenticated with mutual TLS (mTLS). Passwords are hashed with Argon2id before storage. Device pairing tokens are stored only as their SHA-256 hash.

Share only what you need

The only data we require to operate your account is an email address and a chosen password. Everything else — names, photos, voice recordings, places, ages, conditions, household details — is optional. The app works fine with emoji-only labels and generic names. We strongly encourage you to share only what your group actually needs to communicate. Less personal data uploaded means less personal data that could ever be exposed (by a breach, a lost device, a legal request, or any other route).

Data sharing

We do not sell, rent, or share your data with any third party. Your photos, audio recordings, and board contents are visible only to people in your group and to paired devices that present the device token your group has issued.

Your rights

• Access — every piece of data we hold about you and your group is visible in the app itself.
• Export — sign in, open Settings, and click "Download my data". You'll receive a JSON file containing every record we hold about your group (excluding security material like password hashes and OAuth tokens, which are not personally identifiable).
• Deletion — open the app, go to Settings, and choose "Delete account". If you are the only owner of your group, this also deletes the entire group (all co-owners, users, boards, devices, and uploaded media).
• Correction — change your display name, password, and group name from Settings or the Group page.
• Withdraw consent — sign out and stop using the service at any time. Deleting your account removes all associated data immediately.

Children

This app is designed for non-verbal or augmentative communicators, who are often children. End-user devices are paired by an Owner or Co-owner; end users never create accounts themselves and never type credentials. Photos and recordings of end users are uploaded by their guardians and remain scoped to that guardian's group.

Cookies

This site uses a small number of cookies, all of which are strictly necessary for the app to work and to keep your session secure (authentication and protection against cross-site request forgery). There are no advertising, marketing, or third-party analytics cookies. Cookie names and attributes are deliberately not enumerated here to avoid handing attackers a target list — they can be inspected in your browser's developer tools if you want to see them.

All cookies used are functional / strictly necessary under the EU ePrivacy Directive, so they don't require consent — but the app shows a one-time banner anyway so you know cookies are in use.

Retention

Account and board data are retained for as long as your account exists. Account deletion removes all of it. The audit log is kept for a configurable window (default 365 days), after which entries are deleted; IPs in audit entries are pseudonymised to a /24 (IPv4) or /48 (IPv6) once they're older than the fresh window (default 7 days). Server backups (managed by your administrator) may retain copies for the backup retention period configured on their side.

Our security commitment, our liability

We commit to applying the highest reasonable security and operational standards we can, including the ones listed above (TLS, mTLS, Argon2id, encrypted backups, signed media URLs, MFA for administrators, automated diagnostics, audit logs, retention sweeps, pseudonymisation of IPs).

We are not liable for harm resulting from any outage, bug, vulnerability, account compromise, data loss, or security incident affecting the Service, however caused. We are also not responsible for content you choose to upload — you decide what goes into your boards. The full liability limit is in the Terms of Service.

Contact

For privacy questions or data requests, contact your group's owner or the administrator who runs this server. A real deployment should publish a specific email address here.

← Back to AAC Made Easy · Terms of Service