Privacy Policy

Effective Date: March 31, 2026 · Last Updated: March 31, 2026

Larkin ("we," "our," or "us") is a family calendar assistant that helps parents manage schedules by intelligently parsing emails and calendar events. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

1a. Account Information

When you sign up with Google or Apple, we receive:

Email address and display name from your Google or Apple account
Profile photo URL (if available; Google only — Apple may provide a private relay email)
Device timezone (detected automatically, updated on each app open)

If you use Sign in with Apple, Apple may provide a private relay email address. We use whichever email Apple provides for your account identification.

1b. Family Information (Optional)

During onboarding, you may provide:

Child names and age or grade level (e.g., "3rd grade")
School names

This information is used solely to help Larkin identify which family member an email event pertains to. We do not collect children's dates of birth, email addresses, or photos. See Section 8 (Children's Privacy) for more detail.

1c. Email Data (Gmail — Read-Only Access)

With your permission, Larkin accesses your Gmail inbox in read-only mode to identify family-related events (school notices, sports schedules, appointments, etc.).

What we store:

Email metadata only: sender address, subject line, date received, and the domain the email came from
Parsed event details: event title, date, time, location, and which family member it relates to

What we never store:

Email bodies — full email content is processed in memory and immediately discarded
Attachments
Emails unrelated to family scheduling (filtered out during processing)

1d. Calendar Data (Google Calendar — Read & Write Access)

With your permission, Larkin accesses your Google Calendar to:

Read your existing events and display them alongside parsed email events in a unified family schedule
Create new calendar events when Larkin detects scheduling information in your emails (e.g., school events, sports practices, medical appointments)

Larkin uses smart routing to decide which parsed events belong on your Google Calendar (school, sports, medical, social) versus which stay as internal Larkin reminders (bills, gifts, meal prep). You can customize these routing preferences.

1e. Document Vault Data (Google Drive)

With your permission, Larkin accesses your Google Drive using the drive.file scope to:

Store scanned documents (report cards, medical records, school forms) in a dedicated Larkin folder within your Google Drive
Read documents that Larkin has previously stored

Larkin only accesses files it has created — it cannot read or modify other files in your Google Drive. Documents are processed to extract metadata (document type, dates, related family member) for organization purposes.

1f. Notification Preferences

Push notification settings (enabled/disabled per notification type)
Quiet hours / blackout times you configure
Your device's push notification token (FCM token) for delivering notifications

1g. Device Permissions

Larkin may request access to the following device capabilities:

Permission	Purpose	When Requested
Camera	Scan physical documents (report cards, forms) for the Document Vault	When you tap "Scan Document"
Photo Library	Import existing photos of documents into the Document Vault	When you tap "Import from Photos"
Microphone	Voice-to-text for submitting feedback during beta testing	When you tap the voice feedback button
Speech Recognition	Transcribe spoken feedback into text	When you use voice feedback
Notifications	Deliver morning briefings, event reminders, and schedule updates	During onboarding or settings

All device permissions are optional. You can deny any permission and still use Larkin's core features. You can revoke permissions at any time in your device's Settings app.

1h. Device & Diagnostic Information

Device timezone (IANA format, e.g., "America/Los_Angeles")
Device model and OS version — collected only when you submit feedback, to help us reproduce and fix issues
Crash reports — collected automatically via Firebase Crashlytics, including stack traces, device model, OS version, and app state at the time of crash (see Section 9)

We do not collect persistent device IDs, advertising identifiers, IP addresses, or hardware serial numbers.

1i. Shopping List Data (Instacart Integration)

If you use the meal planning feature's Instacart integration, Larkin sends your shopping list items (ingredient names and quantities) to Instacart via their Developer Platform API to enable grocery ordering. No other personal data is shared with Instacart.

2. How We Use Your Information

Purpose	Data Used
Parse emails into calendar events	Email metadata, email content (in-memory only), family context
Create Google Calendar events from parsed emails	Parsed event details (title, date, time, location)
Display your unified family schedule	Parsed events, Google Calendar events
Send push notifications	FCM token, notification preferences, timezone, event data
Personalize event parsing	Family information (names, grades, schools)
Detect schedule changes and alert you	Email metadata, event history
Weather-aware notifications	Timezone / general location
Store and organize family documents	Scanned/imported documents, Google Drive access
Sync shopping lists for meal planning	Ingredient names and quantities (sent to Instacart)
Diagnose app crashes and improve stability	Crash reports, device model, OS version
Process user feedback (beta)	Feedback text, screenshots, device info

We do not use your data for advertising, profiling, or sale to third parties.

3. Third-Party Services

Larkin uses the following third-party services to operate:

Service	Purpose	Data Shared
Firebase Authentication	Account sign-in (Google & Apple)	Google/Apple account credentials (managed by respective provider)
Firebase Cloud Firestore	Database	All stored data listed in Section 1
Firebase Cloud Messaging	Push notifications	FCM token, notification content
Firebase Cloud Functions	Backend processing	Email metadata, event data
Firebase Crashlytics	Crash reporting & diagnostics	Crash logs, stack traces, device model, OS version, app state
Firebase Storage	Feedback screenshot storage	Screenshots submitted with user feedback
Google Gmail API	Read emails	OAuth tokens (encrypted, server-side only)
Google Calendar API	Read existing events; create events from parsed emails	OAuth tokens (encrypted, server-side only)
Google Drive API	Store and retrieve Document Vault files	OAuth tokens (encrypted, server-side only); documents stored in user's own Drive
Google Gemini AI	Parse emails into structured events; generate suggestions	Email subject, sender, sanitized email content (see Section 4)
Apple Sign-In	Account authentication (iOS)	Apple-provided identity token and email
OpenWeatherMap	Weather forecasts for notifications	Timezone-derived general location only
Instacart Developer Platform	Grocery shopping list sync	Shopping list items (ingredient names, quantities)
Notion API	Internal feedback management (beta only)	User feedback text, categorization, and screenshots

No data is shared with advertisers, data brokers, or any parties beyond those listed above.

4. Email Processing & Security

Larkin processes your emails through a multi-layer security pipeline:

Sanitization — Before any AI processing, emails are scanned and cleaned: sensitive data patterns (SSNs, credit card numbers, passwords, API keys) are automatically redacted, protected health information (PHI) is detected and flagged, content is truncated to prevent abuse, and email spoofing is detected.
AI Parsing — Sanitized email content is sent to Google Gemini AI to extract event details (what, when, where, who). The AI returns structured event data only.
Validation — AI output is validated for correct structure and checked for any sensitive data leakage before storage.
Storage — Only the extracted event metadata is stored. The original email body is never written to our database.

Your Google OAuth tokens (used to access Gmail, Calendar, and Drive) are encrypted at rest and stored server-side only. They are never exposed to the client app or any third party.

5. Data Retention

Data Type	Retention Period	Deletion Method
Account & profile	Until you delete your account	Account deletion
Family information	Until you delete your account	Account deletion
Parsed events	Until you delete your account	Account deletion
Email metadata	90 days	Automatic (Firestore TTL)
Parsing error logs	30 days	Automatic (Firestore TTL)
Notification history	90 days	Automatic (Firestore TTL)
OAuth tokens	Until you disconnect or delete your account	Account deletion or revocation
Notification preferences	Until you delete your account	Account deletion
Document Vault files	Until you delete from your Google Drive or delete your account	Manual deletion or account deletion
Crash reports	90 days	Automatic (Firebase Crashlytics retention)
Feedback data	Until resolved, then 90 days	Automatic deletion

6. Your Rights & Controls

Export Your Data

You can download a copy of all your personal data at any time from within the app. Your export includes your profile, events, email metadata, notification history, and preferences — delivered as a structured data file.

Delete Your Account

You can permanently delete your account and all associated data from within the app. When you delete your account, we remove:

Your user profile and family information
All parsed events
All email metadata
All notification history and preferences
All OAuth tokens
Your Firebase Authentication record
All feedback submissions
Document Vault metadata (documents stored in your Google Drive remain under your control)

Deletion is comprehensive and irreversible. Automatically expiring data (email metadata, error logs, notification history) that has not yet reached its TTL is also deleted immediately.

Manage Notifications

You can enable or disable specific notification types, set quiet hours, and adjust notification preferences at any time in the app settings.

Revoke Google Access

You can disconnect Gmail, Google Calendar, and/or Google Drive access at any time through the app or through your Google Account permissions. Revoking access stops all email, calendar, and document processing immediately. Any events already created on your Google Calendar will remain (Google Calendar is your data), but no new events will be added.

7. Data Security

All data is transmitted over HTTPS/TLS
Data is stored in Firebase Cloud Firestore with encryption at rest
OAuth tokens are encrypted and stored server-side only
Firebase App Check is enforced to prevent unauthorized API access
Firestore Security Rules restrict data access — users can only read and modify their own data
Server-side fields (tokens, subscription status, sync timestamps) cannot be modified by the client app
Children's names are encrypted in storage
Document Vault files are stored in the user's own Google Drive, protected by Google's security infrastructure

8. Children's Privacy (COPPA Compliance)

Larkin is designed for parents — not children. Children do not create accounts, sign in, or interact with the app directly. All data is managed under the parent's authenticated account.

What we collect about children:

Name and grade level only (provided by the parent during optional onboarding)
No date of birth, email address, phone number, photo, or other personal identifiers

How children's data is used:

Solely to help Larkin's AI correctly identify which child an email event is about

How children's data is protected:

Stored under the parent's account, accessible only to the parent
Children's names are encrypted at rest
Never shared with third parties for any purpose beyond event parsing
Completely deleted when the parent deletes their account

Parental controls:

Parents can add, edit, or remove children's information at any time
Parents can configure which email domains Larkin processes (whitelist/blacklist)
Parents have full control over account deletion and data export

If you believe we have inadvertently collected personal information from a child without parental consent, please contact us immediately at privacy@heylarkin.com.

9. Analytics, Diagnostics & Tracking

Crash Reporting (Firebase Crashlytics)

Larkin uses Firebase Crashlytics to automatically collect crash reports when the app encounters an error. This includes:

Stack traces and error messages
Device model and operating system version
App version and build number
App state at the time of the crash

Crash data is used solely to identify and fix bugs. It does not include personal data such as your name, email, or family information. Crash data is retained for 90 days.

Notification Metrics

We track limited internal metrics to improve notification delivery:

Whether a notification was delivered, opened, or dismissed
Aggregate notification engagement rates (used to optimize delivery timing)

These metrics are tied to your account, never shared externally, and deleted automatically after 90 days.

No Advertising or Third-Party Analytics

Larkin does not use advertising SDKs, tracking pixels, or third-party analytics services (such as Google Analytics, Facebook SDK, or similar). We do not build advertising profiles or share usage data with ad networks.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request that we delete all personal information we have collected about you.
Right to Opt-Out of Sale: We do not sell your personal information to any third party.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, use the in-app data export and account deletion features, or contact us at privacy@heylarkin.com.

11. International Users

Larkin is operated by Larkin AI, LLC, based in the United States. If you access Larkin from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

For Users in the European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR), including:

Right of Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Request limitation of how we use your data
Right to Data Portability: Request your data in a machine-readable format
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent for Gmail, Calendar, or Drive access at any time

Our legal basis for processing your data is your consent (provided when you grant OAuth access and agree to this policy) and legitimate interest (improving and maintaining the service).

To exercise these rights, use the in-app controls or contact us at privacy@heylarkin.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. Your continued use of Larkin after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at:

Email: privacy@heylarkin.com
Entity: Larkin AI, LLC

14. Google API Services Disclosure

Larkin's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only request access to data that is necessary for Larkin's core functionality
We do not use Google user data for advertising
We do not transfer Google user data to third parties except as necessary to provide the service (as described in Section 3)
We do not use Google user data to develop or improve unrelated products