Privacy Policy

Effective date: 2026-05-09

This is a plain-language summary of how EZPZ handles the information you give us when you use the service. We try to write this the way we'd explain it to a friend at the kitchen table. If something below is unclear, email us at admin@ezpz.family.

1. Who we are

EZPZ is a small, independent service operated by a small team based in Wellington, New Zealand. We make age-tailored family activity plans for parents and caregivers.

2. What we collect

When you sign up and use EZPZ, we store:

Account email — the address you sign up with.
Children's first names and birth month — used to tailor activity plans. We store birth month and year to calculate age; we do not collect the day of birth, last names, photos, schools, addresses, or other identifying information about your children.
Region — the New Zealand region (or, in future, Australian or UK region) you choose for community events.
Activity preferences — interests you select for each child, and accessibility / inclusivity tags you opt into.
Plan history — the activity plans EZPZ has generated for your family, plus any feedback or ratings you give.
Optional review or feedback content — if you leave a review or send us a note, we store what you wrote.
Payment information — we do not store credit card numbers or banking details. Payments are handled entirely by Stripe. We see your subscription status and Stripe customer ID, nothing more.

Authentication is handled by Firebase. Your password never reaches EZPZ's servers.

3. How we use what we collect

To generate activity plans tailored to your family.
To improve the quality of plans over time based on feedback.
To send you the emails you've opted into (plan reminders, occasional product updates). You can turn these off any time in your notification preferences.
To provide support if you contact us, and to keep your account and payments working.

We do not sell your data. We do not run third-party advertising on EZPZ. We do not build profiles of your children for any purpose beyond making the next plan better.

4. Subprocessors

To run EZPZ we rely on a small set of trusted vendors. Each one processes a narrow slice of data on our behalf:

Vercel — hosting (privacy).
Neon — database (privacy).
Firebase — authentication (privacy).
Resend — emails (privacy).
Stripe — payments (privacy).
Railway — data (privacy).
PostHog — analytics (privacy).
Anthropic — enrichment (privacy).

5. Children's information

EZPZ is designed for parents and caregivers. The account holder is always an adult — children are not direct users of EZPZ.

We collect the minimum needed to tailor a plan: each child's first name and birth month. No photos, no last names, no full dates of birth, no school details, no contact information for the child.

If you ever want a child removed from your family on EZPZ, you can edit or delete them from your family settings, or email us and we'll do it for you.

6. Retention and deletion

We keep your account data while your subscription is active and for a short period after, in case you come back.

You can request deletion of your account and all associated data at any time by emailing admin@ezpz.family. We honour deletion requests within 30 days. An in-app "delete my account" button is on the roadmap but is not shipped yet.

7. Your rights

You have the right to:

Access the information we hold about you.
Correct anything that's wrong.
Ask us to delete your account.
Ask for a copy of your data in a portable format.
Withdraw consent for non-essential emails at any time.

Email admin@ezpz.family for any of these. We'll respond within 30 days.

8. Cookies and analytics

We use a small number of cookies for sign-in and session handling. For product analytics we use PostHog, which helps us see which parts of EZPZ are working well and which aren't. Analytics are tied to your account so we can understand usage patterns, not to build an advertising profile.

You can opt out of non-essential analytics by emailing us, and we plan to add an in-app toggle.

9. International transfers

EZPZ is operated from New Zealand, but several of our subprocessors (Vercel, Neon, Firebase, Stripe, Anthropic, PostHog, Resend) host data in the United States and elsewhere. By using EZPZ you accept that your data may be transferred to and processed in those jurisdictions, under the providers' own privacy commitments.

10. Security

We use HTTPS everywhere, hash passwords via Firebase Authentication (we never see them), and limit access to production data to a small set of administrators. No service can promise perfect security, but we take it seriously and we'll tell you promptly if something goes wrong.

11. Changes to this policy

If we make a material change to this policy we'll email account holders and update the effective date at the top of this page.

12. Contact

Questions, concerns, deletion requests, or anything else: admin@ezpz.family.