Privacy Policy

1. About this portal

The Heilweil Family Portal is a private, invite-only website operated by and for the Heilweil family. It is not a public service, not commercially operated, and is not accessible to anyone outside the family without an explicit invitation.

2. What information we collect

• Google account data — when you sign in via Google, we receive your name, email address, and profile photo from Google. We do not receive your password.
• Photos — photos you upload or import from Google Photos are stored on our private server and visible only to family members.
• Posts and activity — messages you post to the family feed, reactions, and calendar events.
• Children's accounts — child accounts (username + PIN) are created by a parent. No email or Google account is required or collected for children.
• Usage data — standard server logs (IP address, browser type, pages visited) for security and error monitoring. These are not shared with any third party.

3. How we use your information

• To authenticate you and keep your account secure.
• To display your name and photo to other family members within the portal.
• To store and display family photos, posts, and calendar events.
• We do not use your data for advertising, analytics platforms, or any commercial purpose.

4. Who can see your data

Only authenticated family members who have been invited and approved can access the portal. Your information is never shared with the public, search engines, or third-party services, except as described below.

5. Third-party services

• Google OAuth — used for adult member authentication. Governed by Google's Privacy Policy.
• Google Photos API — used optionally to import photos you choose. We only access photos you explicitly select.
• Pusher — used to deliver real-time feed updates. Only encrypted event notifications are sent; no personal data is stored by Pusher.
• ExclusiveHosting — our web hosting provider where all data is stored. Data is hosted in their secure data centre.

6. Data retention

Your data is kept for as long as your account is active. If you would like your account and associated data deleted, contact the portal administrator and it will be removed within 30 days.

7. Children's privacy

Child accounts are created by a parent or guardian and require no email address. No data from child accounts is shared outside the family portal. Parents may request deletion of a child's account at any time by contacting the administrator.

8. Security

The portal uses HTTPS encryption, secure session handling, and role-based access controls. Only invited and verified family members can access any content. We take reasonable technical measures to protect your data against unauthorised access.

9. Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting the portal administrator. You may also revoke Google OAuth access from your Google account settings at any time.

10. Contact

This portal is administered by Erez Heilweil. For any privacy-related questions or requests, please reach out directly through the family portal or by email.