Last updated: April 13, 2026
This Privacy Policy applies to the GrowTide mobile application and the growtide.app website (together, the "Services"), owned and operated by Manus Labs LLC ("we," "us," or "our"), a limited liability company registered in Utah, USA. By using the Services, you agree to the practices described in this policy.
Questions? Contact us at support@growtide.app.
1. Who We Are
GrowTide is a family chore and rewards application designed for parents and children aged 8–17. The Services are operated by Manus Labs LLC, 7533 S Center View Ct, Ste N, West Jordan, UT 84084, United States.
2. What Data We Collect
2a. Parent account data
- Email address and password (stored securely via Firebase Authentication — we never see your password in plain text)
- Family name or label
- Subscription and billing status (managed by RevenueCat — we never store payment card details)
- Optional: co-parent email (for family joining)
2b. Child profile data (COPPA-protected)
All child profiles are created and managed exclusively by a parent or guardian. We collect the following data for each child profile:
- First name or display name (required)
- Date of birth (optional)
- Avatar selection and earned avatar history
- Job completions, streaks, XP, coins, and badges earned
- Allowance balances (Save, Spend, and Give amounts)
- Optional job completion photos (stored in Firebase Storage)
- Push notification tokens for linked devices
2c. Device and technical data
- Firebase Cloud Messaging (FCM) push notification tokens
- Device linking records (one-time codes, linked device identifiers)
- Firebase Analytics events — anonymized, enum-style only, never containing names, emails, or child identifiers
- Crash and error reports via Firebase Crashlytics
- IP address and device type (standard server logs)
2d. Website data (growtide.app only)
When you visit growtide.app, we may collect:
- Standard web server logs (IP address, browser type, pages visited, time of visit)
- Cookies and tracking pixels for analytics and advertising measurement (see Section 10)
- Email address and first name if you sign up for our launch waitlist
Website tracking does not extend into the GrowTide app. The app and the website are separate environments with separate data practices.
3. How We Use Your Data
- To provide core app functionality (job management, rewards, approvals, notifications)
- To send push notifications about job completions, approvals, reminders, and screen time
- To process and manage your subscription via RevenueCat
- To improve app performance using anonymized, aggregated analytics
- To protect the Services from abuse (rate limiting, fraud detection, App Check attestation)
- To communicate with you about your account (support, product updates)
- To measure the effectiveness of our marketing on growtide.app (website only — see Section 4)
4. Advertising and Marketing
What we do
We run ads on platforms such as Meta (Facebook/Instagram) and Google to reach parents who may benefit from GrowTide. To measure whether our ads are working, we use tracking tools on growtide.app only:
- Meta Pixel — tracks website visits and waitlist signups to measure ad performance on Facebook and Instagram
- Google Ads conversion tracking — measures clicks from Google ads that result in website actions
- Apple SKAdNetwork — privacy-preserving iOS app install attribution. No personal data is shared with Apple for this purpose.
- Google Play Install Referrer — privacy-preserving Android app install attribution. No personal data is shared with Google for this purpose.
What we never do
- We never use any data from inside the GrowTide app for advertising purposes
- We never share child data with any advertising platform — ever
- We never run behavioral advertising inside the app
- We never sell user data to any third party
- Tracking pixels operate on growtide.app only — they are never loaded inside the GrowTide app
- Firebase Analytics is completely disabled on child-linked devices
5. Third-Party Services
We use the following third-party services to operate the Services. Each processes data according to their own privacy policy:
- Google Firebase (Authentication, Firestore, Cloud Functions, Storage, Analytics, Crashlytics, App Check, Cloud Messaging) — Firebase Privacy Policy
- RevenueCat (subscription management — receives only your Firebase UID and subscription status, never child data) — RevenueCat Privacy Policy
- Meta (Facebook/Instagram advertising — website only, never app data) — Meta Privacy Policy
- Google Ads (advertising and conversion tracking — website only, never app data) — Google Privacy Policy
- Google Fonts (Nunito typeface, loaded at build time — no user tracking)
- MailerLite (email marketing for waitlist subscribers — growtide.app website only) — MailerLite Privacy Policy
We do not sell your data to any third party. We do not use advertising SDKs inside the GrowTide app.
6. Children's Privacy (COPPA)
GrowTide collects limited personal information from children as part of parent-managed family accounts. We take this responsibility seriously and comply with the Children's Online Privacy Protection Act (COPPA), including the 2025 amendments effective June 23, 2025.
- Parental consent: A non-dismissible parental consent dialog is displayed before any child profile can be created. It lists every category of data collected from the child. No child profile can be created without this consent.
- Parent-only account creation: No child can create their own account. All child profiles are created, managed, and can be deleted by the parent at any time.
- No advertising to children: We never use child data for advertising. Firebase Analytics is completely disabled on child-linked devices. No ad SDKs exist in the app.
- No behavioral profiling: We do not build behavioral profiles of children for any commercial purpose.
- No AI training: Child data is never used to train artificial intelligence or machine learning systems.
- Child device authentication: Children on dedicated linked devices authenticate via a secure Firebase custom token — no password is required after initial device linking. On shared family devices, children switch to their profile using a 4–6 digit PIN set by the parent. PINs are hashed server-side using PBKDF2-HMAC-SHA256 and never stored in plain text.
- Parent rights: Parents may review, update, or delete their child's data at any time through the app's Settings, or by contacting us at support@growtide.app.
- 14-day restore window: Deleted child profiles enter a 14-day grace period during which they can be restored. After 14 days, all child data is permanently and irreversibly purged.
If you believe a child profile was created without proper parental consent, contact us immediately at support@growtide.app and we will delete it promptly.
7. Data Security
We implement the following security measures:
- Firebase App Check on all API endpoints to prevent unauthorized access
- PBKDF2-HMAC-SHA256 hashing with 100,000 iterations for all PINs
- Rate limiting: 5 failed PIN attempts triggers a 15-minute lockout
- HTTPS/TLS encryption for all data in transit
- Firestore Security Rules restricting data access to authorized family members only
- Firebase Analytics disabled on child-linked devices
- Device linking codes expire after 5 minutes and are single-use
No method of transmission over the internet is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.
8. GDPR (EU and UK Users)
If you are located in the EU or UK, we process your data under the following lawful bases:
- Contract: Processing necessary to provide the Services you have signed up for
- Legitimate interest: Security monitoring, crash reporting, and app improvement (anonymized)
- Legal obligation: Retaining billing records as required by law
- Consent: Website cookies and advertising measurement (you may withdraw consent via your browser settings)
For children under 16 in the EU, parental consent is required before account creation. GrowTide enforces this by design — only parents can create accounts and child profiles.
9. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of data we hold about you
- Correction: Update inaccurate information via the app's Settings
- Deletion: Delete your account and all associated data permanently from within the app — deletion is immediate and removes all Firestore data, Firebase Auth records, Storage files, FCM tokens, and RevenueCat records
- Portability: Export your job history as a CSV file (GrowTide Pro feature)
- Withdrawal of consent: Stop using the Services at any time; withdraw cookie consent via browser settings for the website
- Opt-out of marketing emails: Use the unsubscribe link in any email we send
To exercise these rights, use the in-app controls or contact us at support@growtide.app. We will respond within 30 days.
10. Cookies and Tracking (growtide.app Website Only)
The GrowTide app does not use cookies. The growtide.app website uses the following:
- Essential cookies: Required for the website to function (e.g., form submissions). Cannot be disabled.
- Analytics cookies: Help us understand how visitors use the site (Google Analytics). Anonymized where possible.
- Advertising cookies: Used by Meta Pixel and Google Ads to measure whether our ads result in website visits or waitlist signups. These cookies do not track you inside the GrowTide app.
You can disable analytics and advertising cookies by adjusting your browser settings or using a browser extension such as uBlock Origin. Disabling these cookies will not affect your use of the GrowTide app.
11. Data Retention
| Data type |
Retained until |
| Family and parent account data |
Account deleted |
| Child profiles |
14-day grace period after deletion, then permanent purge |
| Job history |
Account deleted |
| Job completion photos |
90 days after job approval, or immediately on child/account deletion |
| FCM push tokens |
Device unlinked or account deleted |
| Security and rate-limit logs |
90 days |
| Billing records |
7 years (US tax law requirement) |
| Website analytics data |
26 months (Google Analytics standard) |
| Waitlist email addresses |
Until you unsubscribe |
12. International Data Transfers
GrowTide operates on Google Firebase infrastructure. Your data may be processed in the United States and other countries where Google operates data centers. By using the Services, you consent to this transfer. We rely on Firebase's standard contractual clauses for EU/UK data transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
14. Contact Us
For privacy questions, data requests, or concerns:
- Email: support@growtide.app
- Company: Manus Labs LLC
- Address: 7533 S Center View Ct, Ste N, West Jordan, UT 84084, United States