Skip to main content
Security & Privacy

We keep it simple and safe

Grandkids Guide is a family-friendly directory. We collect only what we need, protect it properly, and never share or sell it. Here's exactly what we do.

πŸ”’

Encrypted in transit

All traffic uses HTTPS (TLS 1.3). Your browser connection to this site is always encrypted.

πŸ›‘οΈ

Encrypted at rest

All data is stored in Supabase (Postgres), which encrypts data at rest using AES-256.

🚫

No data selling

We never sell, rent, or share your personal information with third parties for marketing.

What we collect

If you create a free account

  • Email address (required for login)
  • Optional: display name, grandkid ages/interests (to personalize recommendations)
  • Your saved venues and plans

If you list a venue

  • Business name, address, contact info, and description (displayed publicly)
  • Your email address (for listing management, not displayed publicly)
  • Payment details are handled by Stripe β€” we never see or store your card number

Browsing (no account needed)

  • Anonymous page views (via Cloudflare Web Analytics β€” no cookies, no cross-site tracking)
  • We do not use Google Analytics or Facebook Pixel

How we store it

Data is stored in Supabase (PostgreSQL, hosted in the US). Supabase is SOC 2 Type II certified and encrypts all data at rest and in transit. Accounts are authenticated via Supabase Auth β€” passwords are hashed with bcrypt and never stored in plain text.

The site is hosted and served via Cloudflare Pages with Cloudflare's global CDN in front. This means DDoS protection, Web Application Firewall (WAF), and fast load times worldwide β€” without additional tracking.

Payments

Featured venue listings are processed by Stripe, a PCI DSS Level 1 certified payment processor. We do not store credit card numbers or billing details β€” Stripe handles all of that securely. We receive only a payment confirmation token.

Who can see your data

  • Grandkids Guide staff β€” for support and operations only
  • Supabase and Cloudflare β€” infrastructure providers, bound by their own privacy policies
  • Stripe β€” payment processing only, if you purchase a listing
  • No one else β€” we do not sell data, run retargeting ads, or share with data brokers

Your rights

You can request at any time:

  • Access β€” what data we have about you
  • Deletion β€” delete your account and all associated data
  • Correction β€” fix inaccurate information
  • Export β€” a copy of your data

To exercise any of these rights, email us at [email protected]. We'll respond within 5 business days.

Children's privacy

Grandkids Guide is a directory for grandparents planning activities with grandchildren. Accounts are intended for adults (18+). We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will delete it promptly.

Questions?

We're a small team and happy to answer directly.

Email: [email protected]

Last updated: February 2026