Privacy Notice
Last updated: 13 April 2026
1. Who we are
parte. ("we", "us", "our") is a family calendar service operated by Albert-Jan Nijburg. We are the data controller for the personal data described in this notice.
If you have any questions about how we handle your data, contact us at [email protected].
2. What we collect and why
We only collect personal data that is necessary to provide the parte. service. The table below sets out what we collect, why, and the legal basis under UK GDPR.
| Data | Purpose | Legal basis |
|---|---|---|
| Account information | Name, email address, and profile photo (from Google or Apple sign-in) to create and authenticate your account. | Contract |
| Family and member data | Family name, timezone, member names, roles, colours, and optional birth year and phone number — so your family calendar works. | Contract (adults); Legitimate interest (children — see section 8) |
| Calendar events and tasks | Event titles, descriptions, locations, times, recurrence rules, and task details you create. | Contract |
| Intake content | Emails you forward, photos you upload, text or WhatsApp messages you send — processed by AI to extract calendar events. See section 4. | Contract |
| Imported calendar data | Events from Google Calendar or Outlook, if you choose to connect them. | Contract |
| Conversation history | Messages you send to the parte. AI assistant and its replies, stored for conversation continuity. | Contract |
| Device tokens | Apple Push Notification tokens so we can send you event reminders. | Consent (iOS notification prompt) |
| Billing data | Subscription status and usage counts. Payment card details are handled entirely by Stripe or Apple — we never see or store card numbers. | Contract |
| Onboarding survey | Optional: why you signed up and how you found us, to help us improve the product. | Legitimate interest |
| Website analytics | Anonymised browsing data on parte.app (pages visited, referral source) via Google Analytics — only after you accept cookies. | Consent (cookie banner) |
We do not sell your personal data to anyone.
3. Google user data
When you sign in with Google, we access your basic profile information (name, email, profile photo) to create your account.
If you connect your Google Calendar, we request access to your calendar events. We use this data solely to display your events within parte. and do not modify, share, or use your Google Calendar data for any other purpose. You can disconnect your Google Calendar at any time from app settings.
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. AI processing of your content
parte. uses AI to extract calendar events from unstructured content. Here is exactly what happens:
- Email intake — when you forward an email to your parte. intake address, we send the email content to Anthropic (our AI provider) to extract event details. The raw email is processed in memory and is not permanently stored. We keep a log entry with the subject line and a brief summary.
- Photo intake — photos of school letters, flyers, or screenshots are uploaded temporarily, sent to Anthropic for extraction, then immediately deleted from our storage. We do not retain your uploaded images.
- WhatsApp intake — messages and photos you send via WhatsApp are received through Twilio, processed by Anthropic, then the extracted events are saved. Twilio may retain message logs per their own retention policy.
- Natural language and conversation — text you type or send to the AI assistant is processed by Anthropic and stored as conversation history so the assistant has context.
- Semantic search — event text is converted into numerical embeddings by Cloudflare Workers AI to power search. These embeddings cannot be reversed into your original text.
Anthropic (our AI provider) does not store API inputs or use them for model training under their commercial terms. Your content is processed and discarded.
5. Who we share data with
We use the following services to operate parte.. Each acts as a data processor on our behalf:
| Service | What they do | Location |
|---|---|---|
| Supabase | Database, authentication, real-time sync | Switzerland |
| Cloudflare | API hosting, temporary file storage, AI embeddings for search | Global / US |
| Anthropic | AI processing of emails, photos, text, and conversations for event extraction | US |
| Authentication (Sign in with Google) and calendar sync (if connected) | US | |
| Apple | Authentication (Sign in with Apple), push notifications, App Store payments | US |
| Microsoft | Outlook calendar sync (if connected) | US |
| Stripe | Web payment processing | US |
| RevenueCat | iOS App Store subscription management | US |
| Twilio | WhatsApp message delivery (if you use WhatsApp intake) | US |
| Resend | Transactional email delivery (invitations, notifications) | US |
| Google Analytics | Website analytics on parte.app (consent-gated) | US |
Within the app, calendar data is shared with members of your family group. If you use the co-parenting feature, selected events are also visible to people you explicitly invite.
6. International data transfers
Your primary data is stored in Switzerland (Supabase), which has a UK adequacy decision — meaning your data receives equivalent protection to the UK.
Some of the services listed above are based in the United States. These transfers are protected by:
- The UK-US Data Bridge (UK extension to the EU-US Data Privacy Framework) for processors that are certified, or
- Standard Contractual Clauses (SCCs) incorporated into the processor's terms of service.
All data is encrypted in transit using TLS.
7. How long we keep your data
We keep your data only for as long as it is needed:
- Account and family data — until you delete your account or remove the data.
- Calendar events and tasks — until you delete them or delete your family.
- Uploaded photos — deleted immediately after AI extraction. Not retained.
- Forwarded emails — processed in memory. We store a subject line and summary in the intake log, not the full email.
- Conversation history — until your family is deleted.
- Co-parenting invite tokens — expire automatically after 7 days.
- Push notification tokens — until you unregister the device or revoke notification permissions.
- Billing records — retained for 7 years to meet UK tax record-keeping requirements (HMRC).
- Website analytics — 14 months (Google Analytics default). Cookies expire after up to 2 years.
- Waitlist entries — deleted within 6 months of launch if not converted to an account.
When you delete your family, all associated data (events, tasks, members, conversations, intake logs, device tokens, calendar connections) is permanently removed.
8. Children's data
parte. is designed for families. Parents add children's details (name, optional birth year, display colour) so events can be assigned to the right family member.
Children do not have accounts, cannot log in, and do not interact with the app. All children's data is entered and controlled by parents.
We process children's data under the legitimate interest of the parent managing their family's schedule. We have conducted a balancing test and a Data Protection Impact Assessment to ensure this processing is proportionate. Key safeguards:
- We collect only what is needed: name, optional birth year, and a display colour.
- No behavioural tracking, profiling, or targeting of children.
- Children's data is never sent to analytics or advertising services.
- Parents can remove a child's data at any time from family settings.
- All children's data is included in account deletion.
We have assessed parte. against all 15 standards of the UK Age Appropriate Design Code (Children's Code) and are satisfied that the service meets its requirements. Our full conformance assessment is available on request.
We do not knowingly collect personal information directly from children. If you believe a child has provided us with data without parental involvement, contact us and we will delete it promptly.
9. Data security
We take appropriate technical and organisational measures to protect your data:
- All data is encrypted in transit (TLS) and at rest (Supabase database encryption).
- Row Level Security (RLS) at the database level ensures you can only access your own family's data.
- Authentication tokens on iOS are stored in the system Keychain.
- Payment card details are handled entirely by Stripe and Apple — they never touch our servers.
- Uploaded photos are deleted immediately after processing.
- Our AI provider does not retain your data after processing.
If we become aware of a personal data breach that poses a risk to your rights, we will notify the Information Commissioner's Office within 72 hours and, where the risk is high, notify you directly.
10. Cookies
Our website (parte.app) uses cookies for the following purposes:
- Essential — remembers your cookie consent preference. Does not require consent.
- Analytics — Google Analytics cookies (
_ga,_ga_*, expiring after up to 2 years) to understand how visitors use our website. Only loaded after you accept via the cookie banner.
You can withdraw consent at any time by clearing your browser cookies for parte.app — the banner will reappear on your next visit.
The parte. iPad app and web app do not use tracking cookies.
11. Your rights
Under UK GDPR, you have the following rights over your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data. Most corrections can be made directly in the app.
- Erasure — ask us to delete your personal data. Deleting your account removes all your data from our systems (billing records excepted for legal requirements).
- Portability — receive your data in a structured, machine-readable format (JSON and ICS calendar export).
- Restriction — ask us to pause processing in certain circumstances.
- Objection — object to processing based on our legitimate interest (e.g. the onboarding survey or children's data). We will stop unless we have compelling grounds.
- Withdraw consent — where we rely on consent (push notifications, analytics cookies), you can withdraw at any time. For push notifications, use iOS Settings. For cookies, clear your browser cookies.
To exercise any of these rights, email [email protected]. We will respond within one month. If a request is complex, we may extend this by up to two additional months — we will let you know within the first month if so.
If a parent makes a request regarding their child's data, we will fulfil it. If a child who has reached maturity contacts us directly, we will verify their identity and handle their request.
12. Complaints
If you are unhappy with how we handle your data, please contact us first at [email protected] so we can try to resolve it.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
13. Changes to this notice
We may update this notice when our processing activities change. For significant changes, we will notify you via the app or email. The "last updated" date at the top shows when this notice was last revised.
14. Contact
parte. is operated by Albert-Jan Nijburg.
For any data protection queries: [email protected]