Legal
Privacy Policy
Last updated: 1 July 2026
1. Who we are
Rumaloom (“we”, “our”, “us”) operates the Rumaloom mobile application (iOS and Android) and the website at www.rumaloom.com. We are committed to protecting your personal data and being transparent about how we use it.
For privacy questions, contact us at privacy@rumaloom.com.
2. What data we collect
Account & profile data
- Email address and password (via Supabase Auth)
- Display name and profile colour
- Family membership and role (leader or member)
Content you create
- Calendar events, occasions, reminders, and trips
- Meal plans and recipes
- Lists, notes, and drawings
- Emergency vault entries (insurance, medical, documents)
- Attic items with photos and descriptions
- Family wall posts, photos, videos, and comments
Device & technical data
- Push notification token (to deliver reminders)
- Device calendar events (only if you grant permission)
- Device OS and app version (for crash reporting)
Data we do NOT collect
- Precise GPS location
- Contacts from your address book
- Microphone or audio recordings
- Data from other apps
3. How we use your data
- Providing the service— syncing your family’s shared data in real time across all devices.
- Push notifications — sending reminders and family alerts you have opted into.
- Authentication — verifying your identity when you sign in and resetting your password.
- Location autocomplete — when you add a location to a calendar event we pass your typed query to the Google Places API. We do not store the query or the result.
- Service improvement — anonymised crash and error logs to fix bugs.
We do not sell your data. We do not use your data for advertising.
4. Data storage and security
Your data is stored on Supabase infrastructure (hosted on AWS). Data is encrypted in transit (TLS) and at rest. Media files (photos, videos, documents) are stored in Supabase Storage with per-family access controls.
Vault entries (insurance, medical records, emergency contacts) are stored as plain text in the database at this time. We recommend not storing highly sensitive information such as full financial account numbers or government ID numbers until we introduce field-level encryption.
5. Data sharing
We share data only with the following sub-processors:
- Supabase — database, authentication, storage, and edge functions.
- Google Places API — location autocomplete queries (transient, not stored).
- Apple Push Notification Service / Firebase Cloud Messaging — delivering push notifications.
Your family’s data is shared only with members of your family group inside the app. We never share your data with other families or third parties beyond the sub-processors listed above.
6. Your rights
- Access — you can view all your data inside the app at any time.
- Correction — edit your profile and content directly in the app.
- Deletion — use Settings → Delete Account to permanently erase your account and all associated data.
- Data portability — contact us at privacy@rumaloom.com to request an export.
- Withdraw consent — revoke calendar or notification permissions in your device settings at any time.
7. Children
Rumaloom is designed for use by families including children. Children’s accounts are created and managed by a parent or guardian as “managed members” — they do not have their own login credentials. We do not knowingly collect data directly from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us so we can delete it.
8. Data retention
We retain your data for as long as your account is active. When you delete your account, all personal data, family content, and uploaded media are permanently deleted within 30 days.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via a notice in the app and by updating the “Last updated” date above. Continued use of the app after changes constitutes acceptance.
10. Contact
For any privacy questions or requests, email us at privacy@rumaloom.com.