This Privacy Policy explains how Harmoneaz (part of MJoy-IT VOF) processes personal data when you use Harmoneaz through the website, app, and related services, in accordance with the General Data Protection Regulation (GDPR). We aim to describe this clearly and transparently.
Data controller
The controller responsible for processing your personal data is MJoy-IT VOF, trading as Harmoneaz, Abeelweg 156, 3053 PD Rotterdam, the Netherlands (Chamber of Commerce 42007160, Support@Harmoneaz.com, Harmoneaz.com). MJoy-IT has not appointed a data protection officer (DPO). This is not required for our organization under the GDPR.
Minimum age and children
Harmoneaz is intended for use within a family or co-parenting context. Anyone who creates their own account independently must be at least the age at which they can consent to digital services on their own under the law of their country (in the Netherlands this is 16; in other countries it may be lower). Children who have not yet reached that age can only take part through a child account created and managed by a parent or guardian. Creating a child account constitutes consent by the parent or guardian for the processing of that child’s personal data within Harmoneaz. The parent or guardian decides whether, and from what age, a child uses a child account and is responsible for supervising that use; Harmoneaz does not perform any age verification of its own. Very young children have no independent use for the app in practice. If you believe a minor has created their own account without the consent of a parent or guardian, please contact us at Support@Harmoneaz.com.
Personal data we process
- Account data, such as your email address, authentication identifiers, and language preference.
- Profile data you choose to provide, such as your name and visual preferences.
- Family and group data, such as memberships, invitations, child profiles, and permission settings.
- Content you create within Harmoneaz, such as calendar items, custody schedules, agreements, alimony information, tasks, packing lists, reminders, approvals, and day notes. This can also include child-specific targeting or visibility settings you choose for shared items.
- Files you upload, such as photos attached to notes or other entries.
- Cost data you record for children, such as amounts, date, description, category, and who incurred or should bear the cost, together with any supporting documents you choose to upload, such as a receipt or invoice.
- Subscription and entitlement data required to provide subscription features, restore purchases, and manage access rights.
- Technical and usage-related data required to operate and secure the service, such as timestamps, app state, push tokens, and limited diagnostic or security information.
- Anonymized group placeholder: if a co-parent deletes their account while the shared group continues, Harmoneaz may keep a functional offline placeholder without a personal name or email address, so that schedules and tasks keep working for the remaining group members.
Harmoneaz does not itself ask for special categories of personal data within the meaning of Article 9 GDPR (such as health data) and does not process them for its own purposes. However, files you upload yourself — for example a receipt or invoice from a doctor, pharmacy, or other care provider — may contain health-related or otherwise sensitive data, including about your child. You add such files entirely on your own initiative, and by doing so you expressly consent to Harmoneaz storing them and displaying them to the group members you have granted access. We recommend redacting any unnecessary sensitive information on supporting documents before uploading them, and we ask you not to enter sensitive data in free-text fields where this is not necessary.
Purposes of processing
- To create, manage, and secure your account and to keep you signed in.
- To provide planning, collaboration, and communication features within your family or group.
- To send reminders, notifications, and other service-related messages when you enable them.
- To support optional features such as media uploads and subscription-based access.
- To help you record, organize, and transparently share costs relating to children with the other parent or group members.
- To maintain, secure, improve, and troubleshoot Harmoneaz, including fraud and abuse prevention.
Providing an email address is mandatory to create an account. Without it, Harmoneaz cannot deliver the service. Other data (such as a profile name or photo) is optional.
Legal bases (EEA/UK)
- Performance of a contract (Art. 6(1)(b) GDPR): where processing is necessary to provide the services you request, such as managing your account, delivering planning features, and sending service-related notifications.
- Legitimate interests (Art. 6(1)(f) GDPR): where processing is necessary to operate, secure, and improve Harmoneaz responsibly. Specifically, this covers security logging and fraud prevention, retaining group activity logs for integrity and support purposes, and technical diagnostics to keep the service stable and secure. We process this data only where our legitimate interests are not disproportionately outweighed by your privacy interests.
- Consent (Art. 6(1)(a) GDPR): for optional processing, such as push notifications, camera access, or access to photos on your device. You can withdraw consent at any time through your device settings or in the app. Withdrawal has no retroactive effect.
Automated decision-making and profiling
Harmoneaz does not use automated decision-making or profiling within the meaning of Article 22 GDPR. No decisions are made about you that are based solely on automated processing and that produce legal effects concerning you or similarly significantly affect you.
Third-party services
Harmoneaz uses carefully selected external service providers. With our processors — Supabase (authentication, database, storage, and server-side functions), Resend (transactional emails such as authentication and notifications), and RevenueCat (subscription handling and entitlements) — MJoy-IT has concluded a data processing agreement (DPA). These parties are based in the US; SCCs apply. Personal data is shared only to the extent necessary for the relevant functionality.
When processing payment and account data, Apple and Google act as independent controllers, not as our processors. They process data on the basis of their own terms and privacy policies (apple.com/privacy, policies.google.com/privacy), which you accept when creating an Apple ID or Google account. If you choose to sign in with Google or Apple, these providers act as independent controllers and share the email address and name from your Google or Apple account with Harmoneaz so we can create or access your account. Apple may provide an anonymized relay email address if you choose to hide your email. We never sell your personal data to third parties and do not share it for advertising purposes.
International data transfers
The processors named above (Supabase, Resend, RevenueCat) are based in the United States, a country without an adequacy decision from the European Commission. The transfer of data to these parties is covered by Standard Contractual Clauses approved by the European Commission, which form part of the data processing agreements concluded with them. For transfers governed by UK data protection law or Swiss data protection law, we rely on the equivalent safeguards that apply there (such as the UK International Data Transfer Addendum and the Swiss addendum to the SCCs). You can request information about the applicable safeguards by contacting Support@Harmoneaz.com.
Retention period
We retain personal data only for as long as necessary for the purposes described in this policy. The exact period depends on the type of data and the reason we process it.
- Account and profile data are retained while your account is active. If your account remains inactive for 12 months, we may schedule it for automatic deletion after a 30-day warning period.
- In-app notifications are normally retained for up to 6 months.
- Push tokens are normally retained for up to 3 months since last activity or refresh.
- Temporary technical state records are normally retained only as long as needed for short-lived flows and are then cleaned up automatically.
- Group activity logs are normally retained for up to 12 months, and admin audit logs for up to 24 months, where needed for security, integrity, support, and abuse prevention.
- Subscription and transaction data are retained for as long as legally required. Under a tax retention obligation this is typically 7 years. The in-app entitlement record expires earlier.
- Export files generated for data portability are normally retained for up to 7 days before they expire and are removed.
- Cost data and any supporting documents you record for children are retained for as long as your account or the relevant group is active, or until you delete them yourself. Harmoneaz does not impose a statutory retention period on this; you stay in control of this data.
- The anonymized group placeholder is retained for as long as the relevant group is active and contains no personal data.
- If you delete your account, we aim to remove your profile, user-owned data, and linked storage files. Where shared group data must remain available to other members, we may anonymize your user links instead of deleting the shared record entirely. Transaction data subject to a legal retention obligation is kept for the duration of that obligation.
Data export and portability
You can request an export of your personal data in a structured, commonly used, machine-readable format. Harmoneaz currently provides this through an in-app export flow in Settings → Profile. Export files are made available temporarily and then removed automatically.
Your rights and choices
- Right of access — to find out what data we process about you.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure — to request deletion of your data, insofar as no legal retention obligation applies.
- Right to data portability — to request a machine-readable export via Settings → Profile.
- Right to restriction of processing — in certain cases, to request that processing be temporarily restricted.
- Right to object — to object to processing based on legitimate interests.
- Right to withdraw consent — to withdraw consent for optional processing through device settings or in the app. Withdrawal has no retroactive effect.
- Right to lodge a complaint — with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl) or the supervisory authority in your country.
You can delete your account yourself via Settings → Profile → Delete account. For other requests, contact Support@Harmoneaz.com; we respond within the statutory period of one month.
Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse, including encryption of data in transit and at rest, and access controls. In the event of a data breach that poses a risk to your rights and freedoms, we will — where legally required — report it within 72 hours to the Dutch Data Protection Authority in accordance with Article 33 GDPR, and inform you where necessary in accordance with Article 34 GDPR.
Cookies and similar technologies
The Harmoneaz app itself does not use tracking or advertising cookies. The website Harmoneaz.com may place functional and analytics cookies; where consent is legally required for this, we ask for it. More information can be found in the cookie policy, which is published together with this privacy statement.
Contact details
MJoy-IT VOF, trading as Harmoneaz, Abeelweg 156, 3053 PD Rotterdam, The Netherlands. Chamber of Commerce (KvK): 42007160. For privacy-related questions or requests, please contact Support@Harmoneaz.com or visit Harmoneaz.com.