Privacy Policy

Last updated: May 31, 2026

The short version: We collect only what's needed to help you plan your kids' activities. We don't sell your data, we don't show ads, and we don't share your information with third parties except the infrastructure providers that run the app (Google/Firebase, Anthropic, Postmark, Apple). You can delete your data at any time.

What Google sign-in and calendar access actually do Signing in with your Google account lets us identify you (your email and display name). Separately, if you choose to connect Google Calendar, we ask for permission to view and edit events on your calendars. We use it for exactly two things: (1) we read your upcoming calendar events (roughly a 30-day window) so they appear alongside your school and camp schedule in the app and on your kitchen display, and (2) we add school, camp, and community events to your calendar when you tap to sync them. That's the full extent of it. We do not read your Gmail, your contacts, or your files. You can revoke our access at any time at myaccount.google.com/permissions.

If Google shows an "unverified app" warning during sign-in, it is because our calendar feature is completing Google's review process. It is safe to continue.

Google user data — Limited Use
One Little City's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, the Google Calendar data we access is used only to provide and improve the calendar features you turn on. We do not sell or transfer it to third parties except the infrastructure providers that operate the app; we do not use it for advertising; and we do not use it to develop, improve, or train generalized artificial-intelligence or machine-learning models. No human reads your calendar data except with your explicit consent, where necessary for security, or to comply with applicable law.

1. Who we are

One Little City is a community app built for families in Falls Church City, Virginia. It helps parents manage school calendars, summer camps, and local events. The app is operated by One Little City LLC.

2. What we collect

We collect only the data you provide directly:

Account info: Email address and display name when you sign up via email/code, Google, or Apple
Family profile: Children's first names, grade or age, and camp/program selections. We intentionally do not ask for child last names, dates of birth, school ID numbers, or any other identifier that could be used to reach a child outside the app
Forwarded email content: If you set up a personal forwarding address, the emails you forward are parsed by AI to extract dates and action items. We store the structured output (event titles, dates, locations) — not the raw email body. Regular users do not grant Gmail access to the app; forwarding is opt-in via a dedicated alias we provide.
Preferences: Digest email settings, push notification subscription, co-parent family link, community sharing opt-in status
Usage analytics: Anonymous session data (page views, feature usage, onboarding step completion) to improve the app. Visitors are identified by a randomly generated ID — not your real identity

We do not collect:

Social Security numbers, government IDs, or financial information
Precise GPS location (we only use city-level for weather)
Photos, contacts, or other device data except when you explicitly snap a flyer for event extraction
Data from children directly — all data is entered by parents

3. How we use your data

Agenda + calendar: Your school dates, community events, forwarded-email events, and your kids' camps are combined into a single agenda shown in the app and (if you opt in) synced to Apple Calendar or Google Calendar
Camp planning: Your family profile helps the AI planner recommend age-appropriate camps
Email digests: If you opt in, we send a morning brief and weekly digest summarizing upcoming events and action items
Push notifications: If you grant permission, we send night-before alerts for urgent items (dress-up days, early dismissals, deadlines). Disable at any time from your device or in-app settings
Community features: If you opt in to community sharing, your children's first names and camp selections are visible to other signed-in parents in your district. Community-wide events forwarded by the district admin are visible to everyone — kid-specific items you forward are not
Co-parent family groups: If you invite a co-parent, they can see your family's agenda and forwarded items. Either parent can leave the group from settings
Analytics: We use anonymous, aggregated data to understand which features are used and improve the app

4. Forwarded email parsing

Each family gets a personal forwarding address like yourname_family@inbox.onelittlecity.com. Any email you forward there is parsed and the extracted events/actions appear on your agenda only. Key points:

Raw email bodies are not stored — only the structured AI output (title, date, time, location, action items)
Forwarded content is never visible to other families, the district admin, or any third party
Email domains on an allowlist (FCCPS, PTA, Konstella, and similar school platforms) are processed automatically; forwards from other domains ask for your confirmation before processing
You can revoke your forwarding address at any time from the School Inbox settings, which stops new email from being parsed

Gmail connection — admin only. The district admin (one designated person per district) may optionally grant One Little City Gmail read access to automatically pick up community-wide school emails (like FCCPS newsletters) and publish only the schoolwide items to the shared community agenda. This is an admin-only feature — regular users never see a "Connect Gmail" prompt. The admin's raw email content is processed by AI for event extraction, never shared with other users, and never used to train AI models.

5. AI features

We use Claude by Anthropic for three things: (1) parsing forwarded school emails, (2) the AI Camp Planner and Camp Concierge, and (3) photo flyer extraction when you choose to snap one. When you use these features:

Only the data needed for the task is sent: a child's first name, grade, interests, or a forwarded email body for parsing
Anthropic does not use your data to train AI models (zero-retention data handling via the Anthropic API)
We do not send your email address, last name, address, or Firebase UID to the AI
AI responses are not stored by Anthropic after processing

6. Where your data is stored

All data is stored in Google Firebase (Firestore) in Google Cloud's US data centers. Firebase provides:

Encryption at rest and in transit (TLS 1.2+)
SOC 1/2/3 and ISO 27001 compliance
Automatic backups

We do not store data on personal servers or outside of Google Cloud infrastructure. Inbound email is routed through Postmark, which passes the webhook payload to our Cloud Functions; it is not retained by Postmark after delivery.

7. Who can see your data

You: Full access to your family profile and all data you've entered
Co-parent(s) linked to your family group: See the same agenda and forwarded items
App administrators: Can view aggregate analytics (DAU, feature usage). Individual family data is protected by Firestore rules and cannot be read by admins through the app
Other parents in your district: Only if you opt in to community sharing — limited to first names and camp/week selections. Community-wide school events from the district admin's curated pool are visible to all users in that district
Third parties: We do not sell, rent, or share your data with advertisers or data brokers. Infrastructure providers (Google Cloud, Anthropic, Resend, Postmark, Apple, Google for sign-in) process data only as needed to deliver the service

8. Data retention

Family profiles: Kept until you delete your account
Forwarded email items: Kept until you delete the item or your account
Analytics: Anonymous session data is automatically deleted after 90 days
AI conversations: Not stored after the session ends

9. Your rights

You can at any time:

View all data associated with your account (visible in the app)
Edit your family profile, children's info, and preferences
Delete your account and all associated data in-app at any time: tap your profile avatar → Delete Account. Deletion is immediate and irreversible. If you no longer have access to your account and need us to delete data on your behalf, email privacy@onelittlecity.com
Opt out of email digests, push notifications, and community sharing in your account settings
Revoke your forwarding address, which stops new email parsing
Export your camp schedule data (CSV/ICS export in the app)

10. Children's privacy (COPPA)

One Little City is designed for use by parents and guardians, not by children directly. We do not knowingly collect personal information from children under 13. All data about children is entered and managed by their parent or guardian, and is intentionally minimized: we collect a first name and grade (or age) only. We do not ask for last names, dates of birth (full birthdays stay on your device for camp age-eligibility only), school IDs, medical or health information, or any other identifier that could be used to contact a child outside the app.

11. Security

We take security seriously:

All connections are encrypted via HTTPS with HSTS preload
Security headers: Content Security Policy, X-Frame-Options, X-Content-Type-Options
API secrets managed through Google Cloud Secret Manager
Rate limiting on all API endpoints
Firebase Authentication (Google, Apple, or email code) for account access
Firestore security rules enforce data isolation between users
Administrative diagnostic endpoints require a signed Firebase ID token tied to an allowlisted admin account

12. Changes to this policy

We may update this policy as the app evolves. Significant changes will be communicated via the app or email digest. The "last updated" date at the top reflects the most recent revision.

13. Contact

Questions about your data or this policy? Contact us:

Email: privacy@onelittlecity.com
Or use the in-app feedback form