Privacy Policy | BabyDaily

This Privacy Policy explains how BabyDaily ("we," "our," or "us") collects, uses, securely stores, and protects your information. We are committed to upholding the highest standards of privacy and fully comply with the Apple App Store Guidelines, Google Play Data Safety requirements, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We only collect the absolute minimum information necessary to provide the core functionality of BabyDaily (tracking and syncing baby care events).

Account Information: When you register using a third-party Single Sign-On provider (Sign In with Apple, Google Sign-In), we receive and store your basic identifier, such as your email address and name.
Baby Profile Data: To personalize the experience, you manually provide information about your child (such as their first name, gender, and date of birth).
User-Generated Content (Health & Activity Logs): You actively input the core data of the app, including sleep timers, feeding logs, diaper changes, and custom events. This includes timestamps and optional notes you attach to logs.
Device and Usage Analytics: We collect anonymous, aggregated crash reports and basic usage metrics (such as App version and OS version) to identify bugs and improve the app. This data is not linked to your identity or baby profiles.

2. How We Use Your Information

Your data is used exclusively to operate, maintain, and provide the features of BabyDaily:

Syncing and Backup: To securely sync your logged activities across your own devices and with partners or caregivers you explicitly invite to your baby's profile.
Analytics & Predictions: To analyze the data locally on your device or via secure cloud functions to provide you with daily summaries, sleep trends, and predictive insights (e.g., predicted next nap).
Customer Support: To assist you with account-related inquiries or technical issues.

3. Data Storage, Security, and Protection

We take the security of your family's data very seriously. BabyDaily relies on enterprise-grade infrastructure to protect your information:

Secure Hosting: Your data is hosted by Supabase, a highly secure and compliant database infrastructure provider.
Encryption in Transit and at Rest: All data transmitted between the App and our servers is encrypted using standard HTTPS/TLS protocols. Data stored in the database is encrypted at rest.
Row Level Security (RLS): We employ strict, database-level Row Level Security policies. This means that a baby's profile data can only be queried, read, or modified by the user who created it, or by a specific user who has actively accepted an invitation to share that profile. Even in the event of an API misconfiguration, the database engine actively prevents unauthorized data access.

4. Third-Party Sharing and Disclosure

We do not, and will never, sell your personal data or your baby's data to advertisers, data brokers, or any other third parties.

We share limited data strictly with trusted service providers necessary to run the application. These providers are bound by strict confidentiality and data protection agreements:

Authentication Providers: Apple (Sign In with Apple) and Google (Google Sign-In) to verify your identity.
Hosting & Database: Supabase (provides our database and real-time syncing infrastructure).
Payment Processing: RevenueCat, Apple App Store, and Google Play Store process all in-app subscriptions. We do not collect or store your credit card information.

5. Children's Privacy (COPPA Compliance)

BabyDaily is designed to be used by parents and adult caregivers, not by children. We do not knowingly collect personal information directly from anyone under the age of 13. All data concerning children (such as birth dates or health logs) is actively provided by a parent or authorized guardian. If you are a parent or guardian and believe we have inadvertently collected data directly from your child without appropriate consent, please contact us so we can delete the information immediately.

6. Data Retention and Account Deletion

You own your data and maintain total control over it.

Data Retention: We keep your data only as long as your account remains active.
Log Deletion: You can delete any individual log or event directly from within the app at any time.
Full Account Deletion: You have the right to request the complete erasure of your account and all associated data. You can perform this action entirely within the App by navigating to Settings > Delete Account. Activating this feature will immediately trigger the permanent deletion of your user profile, baby profiles, and all corresponding activity logs from our active databases. This action is irreversible.

7. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you have specific rights regarding your data, including:

The right to access the personal information we hold about you.
The right to request the correction of inaccurate data.
The right to request the deletion of your data (Right to be Forgotten).
The right to export your data in a portable format.

To exercise any of these rights, please contact us using the information below.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect functional improvements or changes in legal requirements. Any significant changes will be communicated to you via an in-app notice or via the email associated with your account.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Data Protection Officer at:

Email: [email protected]