Trust & Safety

How we protect your family's data

TLDR Parents is built by parents, for parents. We use it ourselves, on our own family inboxes, and we are obsessive about keeping your family's information safe.

Trust and safety is not a policy page for us — it is a product requirement. The goal is simple: help you stay on top of family life without creating new risk.

Here is how we protect your data, in plain English.

Our promises to you

  • We do not sell your personal information.
  • AI providers are not permitted to train on your data.
  • We do not use your data to serve ads.
  • You stay in control. Connect, disconnect, and delete any time.
  • SMS opt-in data is never shared with third parties for marketing. If you give us your mobile number, it is used only to send you the messages you signed up for.

What TLDR Parents connects to, and why

When you sign up, you can connect:

  • Email (Gmail) — so we can find the family-related information hiding in your inbox.
  • Calendar (Google Calendar) — so we can show you what's already on the calendar and, if you enable it, add new events for you.

We use this access to find the school and activity information buried in long email threads — schedule changes, sign-ups, deadlines, soccer rosters, what to bring, where to be — and turn it into a daily briefing you can actually use.

As we add support for more services over time, the same rules will apply.

What TLDR Parents will not do

  • We will not send email on your behalf without your express permission.
  • We will not change your calendar without your permission.
  • We will not read your email except to extract family-related events, as described below.

How we handle your email

Here is exactly what happens to your email when you connect Gmail:

  1. We identify which emails are family-related — school newsletters, activity rosters, sign-up forms, schedule changes, and similar — so we can focus exclusively on those.
  2. We extract structured information from those messages — event names, dates, times, locations, action items, what to bring — and store the structured information and the outputs we generate (like your daily briefing) so the product works.
  3. To generate summaries and action items, we send the full text of family-related emails to an AI provider (OpenAI) for processing. The provider is contractually prohibited from using your data to train models. We use this only to create your briefing and action items — not for advertising.

We do not store your entire mailbox, and we do not read messages that are not family-related.

How AI fits in

TLDR Parents uses AI (currently OpenAI) to turn information into events, summaries, and action items. The contract with our AI provider prohibits training on your data. AI can occasionally get things wrong — miss an event, misread a date, duplicate something. Always verify critical information against the original source.

SMS and email

We can reach you in two ways: email and (if you opt in) SMS.

  • Email is on by default for service notifications (account, security, billing). Promotional email is optional and you can opt out any time.
  • SMS is off by default. To turn it on, check the dedicated SMS consent box in your account settings and provide your mobile number. SMS messages are transactional only: your daily briefing, schedule-change alerts, and account notifications. We do not send marketing or promotional SMS. Reply STOP to opt out at any time, or HELP for assistance. Message and data rates may apply.

For SMS delivery we use Twilio. SMS opt-in data, including your phone number, is never shared with third parties for marketing purposes.

Who we share data with

We share data only with vendors who help us operate the product. They are contractually limited to processing data on our behalf and are not allowed to use it for their own purposes.

  • AWS — hosting and infrastructure
  • Auth0 — secure account sign-in
  • Stripe — payment processing
  • Twilio — SMS delivery
  • OpenAI — AI processing for event extraction
  • Google — Gmail and Calendar APIs you authorize
  • Google Analytics — aggregate product usage

For full details, see our Privacy Policy.

Security, in plain English

We have invested in security from day one:

  • Your data is encrypted in transit and at rest.
  • We use secure OAuth to connect to Google — we never see or store your Google password.
  • Internal access is tightly controlled and logged. Only employees and contractors who need access have it.
  • We use AWS GuardDuty for continuous threat detection and monitor systems for abuse.
  • We continuously harden our security as we scale.

No system is perfectly secure. We work hard to protect your data, and we will tell you promptly if anything affecting your account ever changes.

Delete, disconnect, and retention — you are in control

  • Disconnect any third-party service at any time, in TLDR Parents settings or directly with the provider (for Google, at https://myaccount.google.com/security).
  • Delete your account at any time from settings, or by emailing support@hellopenny.ai.
  • After deletion or disconnection, we remove your data from our active systems within a reasonable period, typically within 30 days.
  • Some information may be retained for a limited period for legal, security, fraud-prevention, or operational reasons. Backups can take longer to fully cycle out.

Full details are in our Privacy Policy.

Questions?

If you ever have questions about privacy, security, or how we handle your family's data, email us at support@hellopenny.ai. We are real parents and we read every message.

TLDR Parents, Inc.
Newton, Massachusetts