Not Just On The Fridge
Privacy Policy
Last updated: June 1, 2026
Not Just On The Fridge (also called “Fridge” in places where short fits better) is a shared family calendar that runs in a browser and as a mobile app. This page explains what data the service collects, why, who it’s shared with, and how to delete it. It’s written in plain language because legal pages that nobody reads aren’t actually protecting anyone.
Operator: Ryan Arment (individual, not a company). Contact: ryan.arment@gmail.com.
What we collect
Account data
- Email address (for sign-in and password resets).
- Display name, color, and optional avatar URL for each member of a household, which you choose during setup.
- Optional phone number (E.164 format) if you opt in to SMS reminders. Phone verification happens via a one-time code we send to that number.
- A bcrypt-hashed PIN code if you enable adult-mode protection for kid devices. The plaintext PIN is never stored.
Content you create
- Calendar events (title, time, location, description, attendees, attachments).
- Notes, comments, and checklist items attached to events.
- Photos and files you attach to events.
Device and usage data
- Push subscription tokens (web push endpoints, iOS device tokens, Android FCM tokens) so we can deliver reminders. A device name and user-agent string are recorded next to each subscription so you can identify devices in Settings.
- Session cookies and tokens stored locally on your device to keep you signed in. These are issued by Supabase Auth (see “Third parties” below).
- Server-side audit logs of database changes, used for debugging and troubleshooting.
What we do not collect
- No advertising identifiers, no IDFA, no Google Advertising ID.
- No analytics or behavioral tracking across other apps or websites.
- No precise location data unless you type a location into an event yourself.
- No microphone or camera access.
How we use it
Everything we collect exists to make the calendar work: showing your events, sending the reminders you asked for, letting household members see and edit shared events, and keeping you signed in across devices. We don’t sell data, share it with advertisers, or use it to build profiles for resale.
Third parties
Running the service requires a few infrastructure providers. They process data on our behalf under their own terms; we don’t hand them data for marketing purposes.
- Supabase — database, authentication, and file storage. All your account data and content lives here. See supabase.com/privacy.
- Microsoft Azure — hosts the web app and the server-side Functions that handle push notifications and other backend tasks. See microsoft.com/trust-center/privacy.
- Anthropic — powers the “Smart Add” feature that extracts events from text, screenshots, or PDFs you paste in. Only the content you submit to Smart Add is sent; Anthropic does not train on this data per its commercial terms. See anthropic.com/privacy.
- Mapbox — powers the location autocomplete dropdown when you add a location to an event. Search queries you type are sent to Mapbox. Coordinates of selected places are stored on the event. See mapbox.com/legal/privacy.
- Apple Push Notification service / Google Firebase Cloud Messaging / Web Push providers — deliver the push reminders you opt into. They receive only the device token and the notification payload (reminder time, event title).
- Sentry — receives crash reports and unhandled errors so we can fix bugs. Sentry sees the error stack trace, the page or screen where the error happened, and your internal user identifier (so we can deduplicate reports), but not the contents of your events, notes, or attachments. See sentry.io/privacy.
Children’s data
Family calendars frequently include kids by name. Fridge supports kid profiles created by adult household members. These profiles do not have their own sign-in — an adult manages them on behalf of the child. Kid profiles store only the data the adult provides (display name, color, optionally an avatar). Adults are responsible for the content they attach to a kid profile.
Fridge is not directed at children under 13 as standalone users. Children should not create their own accounts; only an adult can sign up.
How long we keep data
- Your data is retained as long as your account exists. Backups may persist for up to 30 days after deletion before being purged.
- Audit logs retain a record of database changes (without your PII) indefinitely for troubleshooting and compliance.
- Push subscription tokens that fail consistently (device uninstalled, etc.) are pruned automatically.
Deleting your account
Sign in, open Settings, and use the Delete account card at the bottom. You’ll be asked to type your email to confirm. Deleting your account:
- Removes your sign-in row and all personally identifying fields (email, phone, display name, avatar, PIN hash) from your household membership rows.
- Removes your push subscription tokens, notification preferences, and any pending notification deliveries.
- Transfers ownership of any household where you’re the sole owner to the oldest-joined adult member, or deletes the household entirely if you’re the only adult.
- Cannot be undone. Events and notes that other household members rely on remain in the household with anonymized attribution; sole-owner households are deleted along with their events, notes, and attachments.
If you can’t access the in-app deletion flow for any reason, email ryan.arment@gmail.com and the same removal will be performed manually.
Cookies and local storage
Fridge uses local storage and IndexedDB on your device to keep your session, your theme preference, and offline-friendly caches of your calendar data. We don’t use third-party cookies for advertising or tracking.
Security
Data is transmitted over HTTPS. Database access is restricted by row-level security so members of one household can’t see another household’s data. Service keys are held only on server infrastructure. Nothing on the public internet is perfectly secure; we’ll notify affected users via email if a breach is discovered that affects them.
Your rights
You can view, edit, or delete your account and content at any time from inside the app. If you’re in a jurisdiction with statutory rights (GDPR, CCPA, etc.) and want a copy of your data in a portable format, email the address above and we’ll send it as JSON within 30 days.
Changes to this policy
If we make material changes we’ll update the “Last updated” date and, if the change affects how your data is used, notify you in the app. Continued use of Fridge after the change indicates acceptance.
Contact
Questions, requests, or complaints: ryan.arment@gmail.com.