VANIPrivacyTermsCookiesBETA

Privacy Policy

Last updated May 2026 · Applies to the VANI app and this website

VANI is a routine building app for families. We're based in Iceland and take privacy seriously. This policy explains what we collect, why, and what your rights are.

Who we are

The data controller is VANI, based in Reykjavík, Iceland. As an EEA-based company, your data is protected under GDPR. Our supervisory authority is Persónuvernd, Iceland's data protection authority.

What we collect

Your account — your email address, display name, and password (hashed, never stored in plain text).

Child profiles — when you create a profile for a child in your household, we store their first name and birth date. That's it. Child profiles belong to your account and children don't have separate logins.

Routine data — the habits and routines you or your children create, and their completion history.

Subscription status — whether you have an active subscription, processed through Apple or Google. We never see your card details.

App diagnostics — crash reports and basic device info (model, OS version) via Sentry, to help us fix bugs.

We don't collect location, contacts, camera access, or any browsing activity outside VANI.

How we use it

  • To provide and run the VANI service
  • To process your subscription via Apple or Google
  • To send you account related emails (e.g. password reset)
  • To fix bugs and improve the app
  • To keep your account secure

We don't sell your data. We don't use it for advertising.

Children's data

Child profiles are created and managed entirely by the parent or guardian who owns the VANI account. Children don't communicate with us directly, they use the app on a family device supervised by a parent. By creating a child profile, you as the account holder are confirming you're that child's parent or guardian and consenting to their limited data being processed as part of your account.

We collect only a first name and birth date for each child profile. We never contact children directly, and child data is not used for analytics or advertising. You can delete any child profile at any time in the app settings.

Legal basis (GDPR)

We process your data to perform our contract with you (providing VANI), to comply with legal obligations, and where we have a legitimate interest (security, crash analytics). For marketing emails, we rely on your explicit consent, which you can withdraw at any time.

Sharing your data

We share data only with the small set of providers needed to run VANI: cloud hosting, PostHog (analytics), Sentry (crash reporting), and a transactional email provider. All are bound by GDPR data processing agreements. PostHog processes data within the EEA. Sentry is based in the US; we rely on Standard Contractual Clauses for that transfer.

We never sell your data or share it with advertising networks.

Your rights

Under GDPR you have the right to access, correct, or delete your data; to object to processing; and to receive a portable copy of your data. You can also lodge a complaint with Persónuvernd.

To exercise any of these rights, email hello@vani.app. We'll respond within 30 days.

Data retention

We keep your account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Subscription and payment records are kept for 7 years as required by Icelandic accounting law.

Updates to this policy

If we make meaningful changes, we'll let you know by email or in-app notification before they take effect. The "last updated" date above always reflects the current version.