Privacy Policy

What we collect, why we collect it, and the rights you have over your data.

Last updated · June 4, 2026

Who we are

This Privacy Policy explains how Baby App PRO ("we", "us") collects, uses, and protects personal data when you use our iOS app and related services (the "Service").

We are the data controller for the personal data described in this policy. You can contact us at hello@babyapp.pro.

Baby App PRO is built privacy-first. We do not run ads, we do not sell data, and we do not embed third-party analytics or tracking SDKs. The entire business model is you paying for the app.

Data we collect

We only collect data that is necessary to run the Service. Concretely, that is:

Account data

  • A Sign in with Apple identifier, if you choose to sign in. Apple provides us a stable, relay-style email address by default.
  • A pseudonymous device identifier for anonymous accounts that do not sign in.
  • Authentication tokens (stored in iOS Keychain on your device; only short-lived refresh tokens reach our servers).

Baby and event data (provided by you)

  • A name or nickname, date of birth, and sex (optional) for each baby profile you create.
  • Events you log: sleeps, feedings, diapers, activities, medications, symptoms, weight and height measurements, and similar entries.
  • Notes or comments you choose to attach to events.

Household data

  • The email or identifier of co-parents or caregivers you invite to your household, so we can deliver the invitation and sync data.

Device and diagnostic data

  • App version, iOS / Android version, device model (coarse), and anonymised crash diagnostics (on Android, sent only if you opt in from the app's Privacy settings).
  • Request metadata (hashed IP address, timestamp) for rate-limiting and abuse detection.

We do not collect precise location, contacts, microphone audio, photos, or any health data from Apple Health.

How we use your data and our legal basis

Under the GDPR, we need a legal basis to process your personal data. We rely on the following bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) — to provide the core Service: storing your logs, running sleep predictions, syncing with caregivers, and managing your subscription.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to keep the Service secure, prevent abuse, debug crashes, and communicate service-critical messages. We balance these interests against your rights.
  • Legal obligation (Art. 6(1)(c) GDPR) — to respond to lawful requests and to keep required records (for example, tax records related to subscription payments).
  • Consent (Art. 6(1)(a) GDPR) — for anything that requires your explicit opt-in (for example, push notifications at the OS level).

We do not use your data for targeted advertising, profiling for marketing, or automated decisions with legal effect.

Sharing a summary with a specialist

You can create a read-only web link (a "share link") that lets a person you choose — for example a paediatrician, lactation consultant, or sleep specialist — view a summary of your baby's logged data in their browser, without an account or the app.

This is a disclosure you initiate. A baby's sleep, feeding, diaper, growth and similar entries are special-category health data, and — when you choose to include your baby's name (see below) — that name, paired with this health data, directly identifies your child. We only disclose any of it through a share link because you explicitly ask us to, and our legal basis is your explicit consent under Art. 9(2)(a) GDPR (with Art. 6(1)(a) for the underlying processing). You give that consent in the app by generating the link, on a screen that shows you exactly what the page will include before you create it; we record the version of the consent text you accepted (currently share-consent-2026-06-r2).

What the link exposes is what you choose. You pick the date range and the categories; the page shows your baby's derived age and only the profile fields you opt into. Those optional fields can include your baby's name: when you leave it selected, the name appears as the heading of the shared page so the specialist can tell whose summary they are looking at; when you turn it off, no name is shown — older links created before this option, and any link where you deselect the name, never display it. Notes are included only if you turn them on. The specialist sees this exact, minimized scope and nothing else; the link is per-baby, so other children are never exposed.

Protections. Each link is guarded by a high-entropy token in the URL and, optionally, a 6-digit code you share separately. Links expire (you choose 1, 7, or 30 days, 7 by default) and you can revoke any link instantly from the app. We do not index these pages (noindex, no caching) and serve no third-party scripts.

Minimized view telemetry. So you can tell whether a link was opened, we record only a coarse "last viewed" timestamp and an "opened" flag per link. We do not log a per-request access trail, raw IP address, user-agent, device fingerprint, or location for views, and automated link-preview crawlers (e.g. when the URL is pasted into a chat) are excluded from this signal so they never show as a real view.

You can withdraw your consent at any time by revoking the link; revocation takes effect immediately, and deleting the baby or your account revokes all of its links automatically.

Third parties and subprocessors

We use a small number of service providers that process personal data on our behalf, under a data-processing agreement:

  • Apple Inc. — Sign in with Apple, App Store / StoreKit billing, APNs push delivery. Apple's Privacy Policy applies to data Apple processes.
  • DigitalOcean, LLC. — cloud hosting for our backend servers and database, in the European Union region.
  • Google LLC — on the Android app: Sign in with Google, Google Play billing for purchases and subscriptions, and Firebase Cloud Messaging push delivery. Google's Privacy Policy applies to data Google processes.
  • Functional Software, Inc. (Sentry) — anonymised crash diagnostics for the Android app, collected only if you opt in from the app's Privacy settings. Sentry's Privacy Policy applies.

We do not share personal data with advertisers, data brokers, or social networks.

How long we keep your data

  • Account and baby/event data — kept while your account is active. After account deletion, we erase it within 72 hours.
  • Backups — encrypted backups are purged on a 30-day rolling schedule, after which deleted data is gone from them too.
  • Diagnostic and sync logs — auto-purged after 30 days.
  • Billing records — we keep the minimum records required by tax law (typically 10 years in the EU).

Delete your account

You can delete your account and all data associated with it directly from the app — no email or support request needed:

  • Open Settings in the app (iOS or Android).
  • Tap Delete account and confirm.

What happens next: your account and all of your baby and event data are erased from our servers within 72 hours. Encrypted backups are purged on a 30-day rolling schedule, after which the deleted data is gone from them too — see How long we keep your data for the full retention detail (the only exception is the minimum billing records tax law requires us to keep). Data you shared with other members of your household stays with them: deleting your account removes you and your data, not their copies of what was shared into the household.

If you no longer have access to the app (lost device, uninstalled), you can request deletion by emailing privacy@babyapp.pro. No sign-in is required to make the request; we will verify that you control the account and complete the deletion on the same timeline.

Your rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Access — request a copy of your personal data (Art. 15).
  • Rectification — correct inaccurate data (Art. 16).
  • Erasure — delete your data (Art. 17). You can trigger this directly from the app.
  • Portability — receive your data in a structured, machine-readable format (Art. 20). The app exports your full history as JSON.
  • Restriction and objection — limit or object to certain processing (Art. 18, 21).
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior processing.
  • Lodge a complaint — with your local data-protection authority. In Romania, this is ANSPDCP.

To exercise any of these rights, email hello@babyapp.pro. We will respond within 30 days (and usually much sooner).

International data transfers

Our servers and database are hosted in the European Union. Some of our subprocessors (for example, Apple) may transfer data to the United States. Where that happens, transfers rely on appropriate safeguards, typically the European Commission's Standard Contractual Clauses and, for Apple, the EU–US Data Privacy Framework.

Security

We protect your data using industry-standard measures: HTTPS in transit, encrypted backups at rest, short-lived JWTs, strict role-based access for our team, and minimum necessary data retention. Events created in the app live on your device first; sync is scoped to the caregivers in your household.

No system is perfectly secure. If we ever become aware of a personal-data breach that is likely to affect your rights, we will notify you and the relevant supervisory authority within the timeframes required by law.

Children and babies

The Service is designed for adults (parents and caregivers) to log information about an infant in their care. The account holder is the data subject we primarily deal with. Information about a baby (name, date of birth, events) is provided by the parent or caregiver and we treat it as personal data handled under the account holder's control.

You must be at least 18 years old to use the Service. If you believe a child under 18 has created an account, contact us at hello@babyapp.pro and we will delete it.

Cookies and the website

This website (babyapp.pro) uses no analytics and no tracking or advertising cookies. We do not track your visit.

The only cookie we ever set is a single strictly-necessary cookie on a code-protected share link: after you enter the correct access code, we store a short-lived, HttpOnly + Secure token (not the code itself) so the page stays unlocked while you read it. It carries no identifier, is scoped to that one link, and expires shortly. No consent banner is required for a strictly-necessary cookie.

Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you in the app and, where applicable, by email at least 14 days before the change takes effect. Non-material changes (for example, clarifications) may take effect immediately.

Contact

Questions, requests, or concerns about this policy or your data? Email hello@babyapp.pro.