privacy policy

last updated: 5 May 2026

our promise

beanies.family is built on a simple belief: your family's data belongs to you. we don't collect it, we don't store it on our servers, and we don't sell it. ever. this isn't just a policy — it's the foundation of how we built the app.

how beanies.family works

beanies.family is a local-first application. this means your family data — finances, activities, goals, to-dos, and everything else — lives on your device. it is never transmitted to our servers because we don't have servers that store your data.

  • local storage: all family data is stored in your browser's IndexedDB, encrypted at rest
  • no accounts on our servers: we don't maintain user accounts, databases, or profiles on any server
  • no cloud dependency: the app works fully offline — no internet connection required after initial load

data we do not collect

to be absolutely clear, we do not collect:

  • your financial data (accounts, transactions, balances, budgets)
  • your family information (names, relationships, activities)
  • your goals, to-do items, or travel plans
  • your passwords or encryption keys
  • your location data
  • your contacts or address book
  • any personally identifiable information (PII) on our servers

analytics

we use Plausible Analytics, a privacy-friendly, cookie-free analytics service. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. it tells us aggregate information like:

  • how many people visit the site
  • which pages are most popular
  • what countries visitors are from (approximate, based on anonymised IP)
  • which features are used most (aggregate counts only)
  • how often people sign in (aggregate login counts, not individual tracking)
  • what devices and browsers are used

no individual user can be identified from this data. Plausible's full privacy policy is at plausible.io/data-policy.

google drive integration (optional)

if you choose to enable Google Drive sync, your family data file (.beanpod) is encrypted on your device before it leaves your browser, using AES-GCM encryption with a key that only you control. Google never sees the unencrypted contents, and we never see them either.

  • encryption: your .beanpod is encrypted locally using the Web Crypto API (AES-GCM) before any byte leaves your device
  • your key, your control: the encryption key is derived from your password and never leaves your device — not even to us
  • OAuth scope: we request only the drive.file scope. this is a per-file scope - it grants access to a specific .beanpod only when you explicitly select it via Drive's file picker, drag and drop it into the app, create it with the app, or open it via Drive's "Open with beanies.family" menu. we cannot list, search, browse, or access any other files in your Drive
  • file metadata: we read the file name, modified time, and the encrypted contents of .beanpod files you've explicitly granted access to. we do not read any other Drive metadata
  • what's in a .beanpod: family member profiles, accounts, transactions, activities, goals, to-dos, and other family planning data — all encrypted at rest, unreadable to anyone without your password (including us, including Google)
  • revocable: you can disconnect Google Drive at any time from Settings, and revoke access entirely from your Google account at myaccount.google.com/permissions

google workspace marketplace

beanies.family is listed on the Google Workspace Marketplace. the listing enables the "Open with beanies.family" entry in Google Drive's right-click menu for .beanpod files. when you use it, Drive grants the app per-file access to that specific .beanpod using the same drive.file scope described above. no broader Drive access is granted, and no additional data is collected by being listed.

the marketplace listing itself is purely a discoverability shortcut - it does not change how the app handles your data, and removing the listing would not change your data flows.

google authentication

when you sign in with Google for Drive sync, we request only your email address from Google's OAuth service (userinfo.email scope). we do not request your name, profile picture, friends list, calendar, contacts, or any other profile data.

your email address is:

  • used solely to label which Google account is connected to which family pod, so you can recognise it in the app's settings
  • stored locally in your browser (IndexedDB), alongside the rest of your family data
  • never transmitted to or stored on our servers
  • cleared when you sign out of beanies.family or revoke the Google authorisation

cookies

beanies.family does not use cookies. we don't use tracking cookies, advertising cookies, or any third-party cookies. Plausible Analytics is also cookie-free.

third-party services

the only third-party services the app connects to are:

  • Google Fonts: to load the Outfit and Inter typefaces
  • Plausible Analytics: privacy-friendly, cookie-free analytics
  • Google Drive: only if you explicitly enable it — encrypted data only
  • Google OAuth: only when you choose to sign in
  • ExchangeRate API: to fetch currency exchange rates — no personal data is sent

data portability & deletion

  • export: you can export your family data file at any time from Settings
  • delete: clearing your browser data removes all local data. if you use Google Drive sync, you can delete the .beanpod file from your Drive
  • no lock-in: your data is yours — we provide export functionality so you're never trapped

children's privacy

beanies.family is designed for families, which may include children. since all data is stored locally on the parent's or guardian's device and we collect no personal information, there is no data processing of children's information by us. the family owner controls all data.

security

  • encryption at rest: local data is encrypted in IndexedDB
  • encryption in transit: Google Drive files are AES-GCM encrypted before upload
  • no server-side data: there is no server to breach — your data lives only on your devices
  • open source: our code is publicly auditable on GitHub

changes to this policy

if we make changes to this privacy policy, we will update the "last updated" date at the top of this page. since beanies.family is open source, you can also review changes in our GitHub repository.

contact

if you have questions about this privacy policy, please reach out via our homepage or open an issue on GitHub.