Privacy Policy

Transparent Data Management – Version 1.5 (UK, US, PL)

The Short Version

1. Who Is Responsible for Your Data

The data controller is Darren Savery, trading as Morechard (sole trader).

Postal address: 331 Finchampstead Road, Wokingham, Berkshire, RG40 3JT, United Kingdom
Email: [email protected]

2. The "Nicknames Only" Policy

Privacy starts with not collecting what isn't needed.

3. Why We Process Your Data

We process your data to provide and improve the Morechard service. For each purpose, the lawful basis under UK GDPR Article 6 is stated below.

4. Our Service Providers & International Transfers

We use a carefully selected set of service providers and share only the minimum data necessary for each to function. Several are based in the US; where that is the case, transfers from the UK are protected by the relevant mechanism noted below.

Infrastructure & Security

Analytics & Reliability

Communication & Payments

AI Mentor

5. Children's Privacy (COPPA, GDPR-K & the Children's Code)

Morechard is designed for parents to use alongside their children. Because children's personal data is involved, this service falls within the scope of the ICO's Age Appropriate Design Code (Children's Code). We apply the Code's 15 standards by design — including high-privacy defaults, data minimisation, no behavioural nudging, and no session recording on child profiles.

Lawful basis for processing children's data

Child profiles are created and managed by a parent. The parent acts as the responsible adult and provides consent on the child's behalf, in accordance with UK GDPR, GDPR-K, and COPPA. We process children's data in minimised form (nicknames, no dates of birth or legal names) on the parent's authority.

Age thresholds by jurisdiction

DPIA

Processing children's data under the Children's Code makes a Data Protection Impact Assessment (DPIA) mandatory. A DPIA for Morechard is in progress and will be completed before any material change to how we process children's data.

6. Data Retention

Active accounts

We retain your personal data for as long as your account is active. You may request a copy or deletion at any time — see Section 7.

Deletion and the 30-day soft-delete window

When you delete your account, a 30-day window begins. Your data is hidden immediately but retained for 30 days to prevent accidental loss and to allow co-parents to intervene if a deletion was unauthorised. After 30 days, personal identifiers — name, email, authentication hashes — are permanently purged from our active systems.

The family ledger

Ledger transaction records (amounts, timestamps, chore identifiers, and the hash chain) are pseudonymised after account deletion — direct personal identifiers are removed and replaced with anonymous tokens. These records remain personal data under UK GDPR: the combination of amounts, timestamps, and chore patterns may constitute a unique behavioural fingerprint capable of singling out a household. We retain them under legitimate interests to preserve the cryptographic integrity of the ledger, with strict access controls and no retained linkage key.

We hold pseudonymised ledger records for a maximum of 7 years after account deletion — a period aligned with the UK Limitation Act 1980 civil-claims window, reflecting the legitimate interest in preserving ledger integrity for that long and no longer. At the end of that period the records, the associated status log, and the payment audit log are permanently hard-deleted from our systems on an automated schedule. See Section 8 for how this interacts with your right to erasure.

Bank and payout details (Payment Bridge)

If you use Payment Bridge to store a child's payout details — sort code, account number, or Zelle handle — for faster reward payouts, those details are saved only in your browser's session storage on your own device, unencrypted, and are never transmitted to or stored on Morechard's servers. They are cleared automatically when you close the browser tab or app. This is a known interim measure while we build an encrypted vault for this data; if you share a device, avoid leaving payout details entered on a shared or public session.

Backups

Database backups are retained for up to 30 days, encrypted at rest, and then overwritten in rotation. Any personal data purged from active systems is not restored from backups.

7. Your Rights

Under UK GDPR you have the right to:

To exercise any right, email [email protected]. We will respond within one calendar month.

Right to complain to a supervisory authority

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the relevant data protection authority:

8. Security & the Family Ledger

Morechard uses cryptographic hashing to ensure the integrity of your family ledger. Each transaction is linked to a hash of the previous one, forming a tamper-evident chain — this is the "Sovereign Ledger" design.

How erasure works with an immutable ledger

The hash chain covers transaction records — amounts, timestamps, and chore identifiers. When you delete your account, direct personal identifiers (name, email, authentication hashes) are removed and replaced with pseudonymous tokens. The hash chain remains mathematically valid because its integrity is anchored to transaction data, not to your identity.

However, the combination of amounts, timestamps, and chore patterns may constitute a unique behavioural fingerprint. Under UK GDPR this means the retained records are pseudonymous personal data — not truly anonymous data. We rely on Article 17(3) to decline full erasure of the hash chain, specifically the legitimate interest in maintaining ledger integrity for audit and legal-claims purposes. We minimise re-identification risk through strict access controls, no indexing of behavioural fields, and no secondary dataset that could enable re-linkage.

9. Automated Decision-Making

Morechard uses AI (via our sub-processor OpenAI — see Section 4) to generate coaching observations and financial literacy content personalised to your child's activity in the app. These AI observations are informational only — they are presented to parents as guidance and carry no binding effect on any account, access right, or entitlement. A parent reviews all chore approvals, reward payments, and account-level decisions. No purely automated decision that produces a legal or similarly significant effect on any user is made by Morechard.

10. Cookies & Similar Technologies

We keep cookies to a minimum. We do not use advertising or cross-site tracking cookies, and we never sell your data. On our public website, analytics cookies are only set after you accept them using our cookie banner — if you decline, none are stored. You can change your choice at any time via Cookie settings in the footer.

Strictly necessary (no consent needed)

A small amount of browser storage is used to remember your cookie choice, keep your light/dark theme, and keep you securely signed in to the app. These are essential for the service to function and do not require consent.

Analytics (consent required)

Because these are non-essential, they only load once you have given consent on our website. Withdrawing consent stops further collection and opts you out.