Who we are
This Privacy Policy explains how Baby App PRO ("we", "us") collects, uses, and protects personal data when you use our iOS app and related services (the "Service").
We are the data controller for the personal data described in this policy. You can contact us at hello@babyapp.pro.
Data we collect
We only collect data that is necessary to run the Service. Concretely, that is:
Account data
- A Sign in with Apple identifier, if you choose to sign in. Apple provides us a stable, relay-style email address by default.
- A pseudonymous device identifier for anonymous accounts that do not sign in.
- Authentication tokens (stored in iOS Keychain on your device; only short-lived refresh tokens reach our servers).
Baby and event data (provided by you)
- A name or nickname, date of birth, and sex (optional) for each baby profile you create.
- Events you log: sleeps, feedings, diapers, activities, medications, symptoms, weight and height measurements, and similar entries.
- Notes or comments you choose to attach to events.
Household data
- The email or identifier of co-parents or caregivers you invite to your household, so we can deliver the invitation and sync data.
Device and diagnostic data
- App version, iOS / Android version, device model (coarse), and anonymised crash diagnostics (on Android, sent only if you opt in from the app's Privacy settings).
- Request metadata (hashed IP address, timestamp) for rate-limiting and abuse detection.
We do not collect precise location, contacts, microphone audio, photos, or any health data from Apple Health.
How we use your data and our legal basis
Under the GDPR, we need a legal basis to process your personal data. We rely on the following bases:
- Performance of a contract (Art. 6(1)(b) GDPR) — to provide the core Service: storing your logs, running sleep predictions, syncing with caregivers, and managing your subscription.
- Legitimate interest (Art. 6(1)(f) GDPR) — to keep the Service secure, prevent abuse, debug crashes, and communicate service-critical messages. We balance these interests against your rights.
- Legal obligation (Art. 6(1)(c) GDPR) — to respond to lawful requests and to keep required records (for example, tax records related to subscription payments).
- Consent (Art. 6(1)(a) GDPR) — for anything that requires your explicit opt-in (for example, push notifications at the OS level).
We do not use your data for targeted advertising, profiling for marketing, or automated decisions with legal effect.
Third parties and subprocessors
We use a small number of service providers that process personal data on our behalf, under a data-processing agreement:
- Apple Inc. — Sign in with Apple, App Store / StoreKit billing, APNs push delivery. Apple's Privacy Policy applies to data Apple processes.
- DigitalOcean, LLC. — cloud hosting for our backend servers and database, in the European Union region.
- Google LLC — on the Android app: Sign in with Google, Google Play billing for purchases and subscriptions, and Firebase Cloud Messaging push delivery. Google's Privacy Policy applies to data Google processes.
- Functional Software, Inc. (Sentry) — anonymised crash diagnostics for the Android app, collected only if you opt in from the app's Privacy settings. Sentry's Privacy Policy applies.
We do not share personal data with advertisers, data brokers, or social networks.
How long we keep your data
- Account and baby/event data — kept while your account is active. After account deletion, we erase it within 72 hours.
- Backups — encrypted backups are purged on a 30-day rolling schedule, after which deleted data is gone from them too.
- Diagnostic and sync logs — auto-purged after 30 days.
- Billing records — we keep the minimum records required by tax law (typically 10 years in the EU).
Delete your account
You can delete your account and all data associated with it directly from the app — no email or support request needed:
- Open Settings in the app (iOS or Android).
- Tap Delete account and confirm.
What happens next: your account and all of your baby and event data are erased from our servers within 72 hours. Encrypted backups are purged on a 30-day rolling schedule, after which the deleted data is gone from them too — see How long we keep your data for the full retention detail (the only exception is the minimum billing records tax law requires us to keep). Data you shared with other members of your household stays with them: deleting your account removes you and your data, not their copies of what was shared into the household.
If you no longer have access to the app (lost device, uninstalled), you can request deletion by emailing privacy@babyapp.pro. No sign-in is required to make the request; we will verify that you control the account and complete the deletion on the same timeline.
Your rights
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR:
- Access — request a copy of your personal data (Art. 15).
- Rectification — correct inaccurate data (Art. 16).
- Erasure — delete your data (Art. 17). You can trigger this directly from the app.
- Portability — receive your data in a structured, machine-readable format (Art. 20). The app exports your full history as JSON.
- Restriction and objection — limit or object to certain processing (Art. 18, 21).
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior processing.
- Lodge a complaint — with your local data-protection authority. In Romania, this is ANSPDCP.
To exercise any of these rights, email hello@babyapp.pro. We will respond within 30 days (and usually much sooner).
International data transfers
Our servers and database are hosted in the European Union. Some of our subprocessors (for example, Apple) may transfer data to the United States. Where that happens, transfers rely on appropriate safeguards, typically the European Commission's Standard Contractual Clauses and, for Apple, the EU–US Data Privacy Framework.
Security
We protect your data using industry-standard measures: HTTPS in transit, encrypted backups at rest, short-lived JWTs, strict role-based access for our team, and minimum necessary data retention. Events created in the app live on your device first; sync is scoped to the caregivers in your household.
No system is perfectly secure. If we ever become aware of a personal-data breach that is likely to affect your rights, we will notify you and the relevant supervisory authority within the timeframes required by law.
Children and babies
The Service is designed for adults (parents and caregivers) to log information about an infant in their care. The account holder is the data subject we primarily deal with. Information about a baby (name, date of birth, events) is provided by the parent or caregiver and we treat it as personal data handled under the account holder's control.
You must be at least 18 years old to use the Service. If you believe a child under 18 has created an account, contact us at hello@babyapp.pro and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. If we make a material change, we will notify you in the app and, where applicable, by email at least 14 days before the change takes effect. Non-material changes (for example, clarifications) may take effect immediately.
Contact
Questions, requests, or concerns about this policy or your data? Email hello@babyapp.pro.