Tandem
Sign inGet started

Privacy Policy

Last updated:

1. Who we are

Tandem is a shared household management application operated by LKTech, LLC(“Tandem,” “we,” “our,” or “us”). We offer the Tandem web application and iOS/Android mobile apps (collectively, the “Service”).

If you have questions about this policy or how we handle your data, contact us at info@our-tandem.com.

2. What data we collect

Account data

When you create an account, we collect:

  • Your email address and display name
  • A hashed password (if you use email/password sign-in — we never store your plain text password)
  • OAuth identifiers and profile information provided by Google or Apple if you choose to sign in through those providers
  • Timestamps for when your account was created and last updated
  • An optional avatar URL

Household content

The core purpose of Tandem is to store and share household data. When you use the Service, we store the content you and your household members create, including:

  • Grocery lists and grocery items (names, categories, quantities, checked state)
  • Meal plans and meal entries (meal names, descriptions, recipe URLs, weekly schedule)
  • Saved meals and their ingredients
  • Reminders and calendar events (titles, descriptions, recurrence rules, due dates)
  • Bills (names, amounts, due dates, payment history, recurrence, auto-pay status)
  • Household assets (names, categories, estimated values)
  • Birthdays (stored as calendar events)
  • Budget data (categories, monthly allocations, spending transactions, budget periods)
  • Member food preferences (dietary restrictions, preferences)
  • Household settings (name, invite codes, timezone, week start day, member roles and permissions)

Technical data

We and our hosting infrastructure automatically collect certain technical data when you access the Service:

  • IP address and approximate geographic location derived from it
  • Browser type, operating system, and user agent string
  • Timestamps for requests and session activity
  • HTTP request logs generated by our web server

Mobile app data

The Tandem iOS and Android applications store a session bearer token in your device's local storage (AsyncStorage) to keep you signed in. The mobile app caches a local copy of your household data using on-device SQLite storage to enable offline access. This cached data remains on your device and is not transmitted to third parties.

3. How we collect data

  • Directly from you — when you register, create household content, or update your profile
  • From OAuth providers — when you choose to sign in with Google or Apple, those providers share your name, email address, and a unique identifier with us according to their own privacy policies
  • Automatically — technical data is collected when your browser or mobile app connects to our servers

4. Legal bases for processing

Where applicable law requires us to identify a legal basis for processing personal data (for example, under GDPR), we rely on:

  • Contract performance — processing necessary to provide the Service you have signed up for (authentication, storing and syncing household data)
  • Legitimate interests — processing for security, fraud prevention, server logging, and improving the reliability and performance of the Service
  • Consent — where we ask for it explicitly (for example, optional features or communications you opt into)

5. How we use your data

We use the data we collect to:

  • Create and maintain your account and authenticate you
  • Store, display, and sync your household data across devices and household members
  • Enable real-time updates via WebSocket connections between household members
  • Operate household invitations and membership management
  • Diagnose technical issues, prevent abuse, and maintain server security
  • Improve the Service over time based on how features are used

We do not sell your personal data. We do not use your data for advertising purposes. We do not use third-party analytics trackers in the Service.

6. Sharing your data

We share your data only in the following limited circumstances:

  • With other household members — household content you create is visible to all members of your household by design. This is the core function of the Service.
  • OAuth providers — if you use Google Sign-In or Sign in with Apple, your authentication request is processed by those providers according to their privacy policies. We receive only the data they provide us (name, email, identifier).
  • Hosting infrastructure — our servers and infrastructure are provided by Amazon Web Services (AWS). Your data is stored on their infrastructure and subject to their data processing terms.
  • Legal process — we may disclose data if required by a valid court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect the safety of any person, to address fraud or security issues, or to comply with applicable law.

We do not share your data with advertisers, data brokers, or any other third parties for commercial purposes.

7. Data storage and security

Your data is stored in a SQLite database on our server infrastructure. We use Write-Ahead Logging (WAL) mode for database durability. All connections to the Service are encrypted in transit using HTTPS/TLS. Passwords are hashed before storage and are never stored or transmitted in plain text.

The mobile app stores a local copy of your household data in on-device SQLite storage. We recommend keeping your device protected with a passcode or biometric lock to protect this local cache.

While we take reasonable technical measures to protect your data, no system is perfectly secure. We cannot guarantee that unauthorized parties will never be able to defeat our security measures.

8. Data retention and account deletion

We retain your account data and household content for as long as your account remains active.

To request deletion of your account, email info@our-tandem.com from the email address associated with your account. We will confirm receipt and permanently delete your account and the household content you created within 30 days, except where we are required to retain specific records for legal, tax, or compliance reasons. Content that you shared with other household members may remain visible to them unless they also delete it.

Server logs (IP addresses, request timestamps) are retained for a limited period for security and diagnostic purposes, then deleted.

9. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that inaccurate data be corrected
  • Deletion — request that your account and personal data be deleted
  • Portability — request your data in a structured, commonly used format
  • Withdraw consent — where processing is based on consent, withdraw that consent at any time (this does not affect processing already carried out)
  • Object to processing — object to processing carried out on the basis of legitimate interests

To exercise any of these rights, contact us at info@our-tandem.com. We will respond within the timeframe required by applicable law. We may need to verify your identity before fulfilling a request.

10. Children's privacy

Tandem is not directed at children under the age of 13 (or 16 in jurisdictions where that higher age applies, such as certain EU member states). We do not knowingly collect personal data from children below the applicable age threshold. If you believe a child has provided us with personal data without parental consent, contact us at info@our-tandem.com and we will delete that data promptly.

11. International data transfers

Our servers are located in the United States. If you access the Service from outside that region, your data may be transferred to and processed in a country with different data protection laws than your own. By using the Service, you consent to this transfer. Where required, we take appropriate safeguards to ensure your data is protected in accordance with applicable law.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. If the changes are significant, we may also notify you by email or via a notice within the Service. Your continued use of Tandem after a policy update constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions, requests, or complaints, contact us at:

LKTech, LLC
info@our-tandem.com

If you are located in the European Economic Area and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.