Privacy policy

Nilsen Konsult (Norwegian business registration no. 931 405 861 MVA) is the data controller for the personal data processed through the Kroni app and the kroni.no website. That means we determine the purposes and means of the processing, and we are responsible for ensuring it complies with the Norwegian Personal Data Act and the GDPR.

Kroni is a family app where a parent creates chores, allowance and rewards for their children. For the app to work, we have to process a minimum of personal data about both the parent and the child. Throughout, we have chosen solutions that collect as little as possible — for example, we never ask for the child's last name, email address or photo, and no real money ever moves through the system. Privacy is built in, not bolted on.

For privacy questions or to exercise your GDPR rights, reach us at support@kroni.no.

About the parent we process:

• Email address (used as login via our authentication partner Clerk).
• The Apple ID name if you choose «Sign in with Apple».
• An optional display name shown in the family (first name or nickname).
• Subscription state (free, trial, monthly, yearly, lifetime, ended) and a RevenueCat app-user-ID linked to your Clerk user ID.
• IP address and device/browser info on login and when contacting our server endpoints, used for security and debugging.
• Timestamps for events in the app (chore creation, approvals, logins).
• Optional language preference.

About the child we process:

• First name (typically what the parent calls the child day to day — a nickname is fine).
• Optionally a year of birth — only the year, never day or month. Used for age-tailoring; optional.
• Optionally a four-digit PIN, stored as a bcrypt hash. We never store the PIN in clear text.
• A chosen avatar key pointing to one of the app's predefined icons. We do not store user-uploaded images.
• Device ID and push token to deliver notifications about new chores, approvals and rewards.

We do notcollect the child's last name, full date of birth, email address, phone number, photos or voice data, location, or other special categories of personal data about the child.

For purchases and billing, payment data (card data, billing address, etc.) is processed by Apple or Google as merchant of record. Kroni only receives an order confirmation without card information, plus an anonymised purchase object from RevenueCat (product id, purchase time, renewal time, trial status if any).

About app usage we process:

• Chores and chore templates (titles, amounts, frequency, assignments).
• Completions, approvals and declines.
• Rewards and redemptions.
• Virtual-kroner balances per child.
• Technical telemetry from Sentry — crash reports with stack trace, breadcrumbs of recent events in the app, performance / distributed traces, plus device, OS and app version. Events are tagged with the parent's Clerk user ID (not their email address) and the child profile's internal ID if the error occurs on the child's side. We do not send email addresses to Sentry. Sentry is run as a self-hosted instance on our own infrastructure in the same data centre as the rest of the service; the logs do not leave our infrastructure and are not shared with third parties — especially not for marketing. Performance trace sampling is limited (approximately 20% in production, may be reduced).

Most data we get directly from the parenton registration, when creating child profiles, and through normal use of the app. The child's device pairs to the family via a six-digit code provided by the parent; the child does not enter personal data beyond what the parent has prefilled.

Technical data — IP address, device model, OS, app version, timestamps and similar — is collected automatically when the app contacts our server endpoints, and is necessary for the service to function and to detect abuse.

Subscription information comes from the Apple App Store and Google Play, mediated by our subscription platform RevenueCat.

We process personal data on the following legal bases under GDPR Article 6:

• Contract (Article 6(1)(b)): Processing necessary to perform the agreement with the parent — providing the family app, creating and maintaining the account, executing purchases and renewals.
• Consent (Article 6(1)(a)): Push notifications and any optional features that require your active consent. Consent can be withdrawn at any time.
• Legitimate interest (Article 6(1)(f)): Securing the service against abuse, debugging, aggregated statistics, and defending against legal claims.
• Legal obligation (Article 6(1)(c)): When we must retain accounting records under Norwegian bookkeeping law, or respond to orders from public authorities.

For children under 13 we rely on parental consent under GDPR Article 8, as implemented in Norwegian Personal Data Act § 5.

We process personal data to:

• create, operate and maintain parent accounts and linked child profiles;
• let the child mark chores as done and the parent approve them;
• maintain virtual-kroner balances and display them in the child's app;
• send relevant push notifications, when consent is given;
• handle subscription, trial and renewal via the App Store and Google Play;
• answer customer-service and privacy enquiries;
• detect and prevent abuse, account takeover and breaches of the terms;
• improve the service based on aggregated, anonymised usage statistics;
• comply with legal obligations, including bookkeeping and orders from authorities.

We do not use personal data for behavioural advertising aimed at children, for profiling with legal or similarly significant effects, or for selling data to third parties.

We store personal data for as long as necessary for the purposes for which it was collected, and no longer than the law allows or requires.

• Active accounts: Data is retained while the agreement runs and the account is in active use.
• Completed and approved chores: Generally deleted or anonymised within 90 days of approval.
• Account deletion: When the parent deletes the family account, all personal data about the parent and the children is deleted within 30 days, except for accounting records (5 years) and evidence required for legal claims.
• Logs and security data: Typically 30 to 180 days.
• Customer service enquiries: Normally up to 24 months.

We do not share personal data with third parties for their own purposes. As an explicit principle we share as little data as possible — minimising the amount, the categories and the number of recipients. Some sharing is technically unavoidable for the app to work (login, billing, distribution), and where it occurs it is solely with processors bound by a Data Processing Agreement (DPA) under GDPR Article 28, or — for Apple and Google — as independent controllers for the merchant-of-record role.

• Hetzner Online GmbH — operates Kroni's application servers and PostgreSQL databases. Machines are located in Hetzner's data centre in Finland, within the EU/EEA. The entire core dataset (accounts, child profiles, chores, completions, virtual balances, Sentry logs) is held there.
• Clerk, Inc. — authentication and account management for the parent. Processes email, login events and the Apple ID name if «Sign in with Apple» is used. Clerk has its own privacy policy.
• RevenueCat, Inc. — handles subscription state and synchronises purchases / renewals across the App Store and Google Play. Receives an anonymised app-user-ID and purchase metadata; no card information. RevenueCat has its own privacy policy.
• Mailpace (Ohmysmtp Ltd., established in the United Kingdom) — delivers our transactional emails from the sending domain kroni.no (authenticated with SPF, DKIM and DMARC). Processes your email address (sourced from Clerk) and the body content of the messages we send you. The purpose is solely delivery of account-essential service emails — sign-up confirmation, password reset, email verification, billing notices (failed payment, subscription expiration) and household invitation links. The legal basis is contract (GDPR Art. 6(1)(b)) — we cannot operate the account without delivering these messages. Mailpace is a sub-processor under the data processing agreement we have with you, and retains delivery logs per its published retention schedule; the email content itself is not stored long-term by us. These are essential service messages and cannot be opted out of while the account is active; any marketing emails (we send none today) would require separate, opt-in consent. We have chosen to send our own, localised emails matching Kroni's visual identity rather than Clerk's default templates, which are disabled.
• Apple Distribution International Ltd. (App Store) and Google Commerce Limited (Google Play) — distribution and payment as merchant of record. Apple's and Google's privacy terms govern what they themselves collect.
• Expo (Expo Application Services) — relays push notifications from Kroni's backend to the user's device. Expo dispatches the messages to Apple Push Notification service (APNs) for iOS devices and Google Firebase Cloud Messaging (FCM) for Android devices. Apple and Google see the notification title and body plus the device's push token while the message is in transit; neither stores the content long-term, and it is not used for marketing or advertising.
• Cloudflare, Inc. — DDoS protection and CDN for kroni.no.

Personal data may be disclosed to public authorities where we are legally required to do so.

An up-to-date list is available by contacting support@kroni.no.

Some of our processors — especially Clerk and RevenueCat — are established in the US and may have data flows there. Such transfers rely on the EU Commission's Standard Contractual Clauses (SCCs) per GDPR Article 46, supplemented by technical and organisational measures.

Kroni's core databases and application servers are operated by Hetzner in Finland, so day-to-day processing takes place within the EU/EEA. The «central» dataset — chores, completions, virtual balances, child profiles and Sentry logs — therefore never leaves the EEA in normal operation.

We have implemented reasonable technical and organisational measures:

• TLS encryption on all traffic.
• Hashing of sensitive fields — the child's PIN is a bcrypt hash.
• Access control on a need-to-know basis.
• Logging and monitoring via our self-hosted Sentry instance, plus regular security updates.
• Regular database backups and restore procedures.
• We never process card numbers, CVC codes or BankID data.

As a data subject you have the following rights under the GDPR:

• Access (Art. 15): See what data we hold and receive a copy.
• Rectification (Art. 16): Have inaccurate or incomplete data corrected.
• Erasure (Art. 17): Request deletion of personal data.
• Restriction (Art. 18): Have processing temporarily paused.
• Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interest.
• Withdrawal of consent (Art. 7(3)): Withdraw consent at any time.

Email support@kroni.no. We respond within 30 days.

If you believe we process your personal data in breach of the rules, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

Datatilsynet
P.O. Box 458 Sentrum, 0105 Oslo, Norway
Phone: +47 22 39 69 00
Web: datatilsynet.no

We would still appreciate hearing from you first.

The age of digital consent under GDPR Article 8 is set at 13 in Norway. Children under 13 may only use Kroni through a child profile created by a parent or legal guardian, who consents on the child's behalf.

For children 13 or olderthe parent may take the child's own consent into account. Either way, all administration and account ownership remain with the parent.

In the mobile app: We use no advertising trackers, no third-party analytics with personally identifying identifiers, and no fingerprinting. For debugging the app sends crash reports and a limited share of performance traces to our self-hosted Sentry instance, see sections 02 and 09. These logs are used solely for debugging and are not shared further.

On kroni.no: We use no advertising trackers and no third-party analytics. To understand how the site is used, we run Rybbit, a privacy-friendly web analytics tool, as a self-hosted instance on our own infrastructure inside the EU. Rybbit is cookieless and does not fingerprint visitors. It collects aggregate data such as page URL, referrer, screen size, browser and OS, and a coarse country/region derived from your IP address; the IP itself is not stored. We also record a handful of anonymous interaction events (e.g. taps on the App Store and Google Play badges) so we can see which calls-to-action work without identifying anyone. No personal data is sent to third parties, and we do not use this data for advertising, profiling or any cross-site tracking. The legal basis is legitimate interest (GDPR Art. 6(1)(f)) in being able to operate, improve and secure the website. Beyond Rybbit we only set strictly necessary cookies.

If a breach occurs, we notify the Data Protection Authority within 72 hours, per GDPR Article 33. If the breach is likely to result in a high risk to the persons affected, we will also notify you directly, per GDPR Article 34.

We may update this policy to reflect changes in the service or the law. Material changes are notified at least 30 days before they take effect.

For privacy questions and rights requests:

Nilsen Konsult
Email: support@kroni.no