1. Introduction
Welcome to BabyTime ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
By using BabyTime, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
2.1 Personal Information
We collect the following personal information:
- Account Information: Email address, password (encrypted), name, profile picture
- Baby Information: Baby names, birthdates, gender, photos (optional)
- Household Information: Household name, member details, shared access settings
- Activity Data: Feeding times, sleep schedules, diaper changes, growth measurements
- Subscription Data: Payment information (processed securely through Stripe), billing history
2.2 Automatically Collected Information
- Device Information: Device type, operating system, browser type, IP address
- Usage Data: App features used, time spent in app, navigation patterns
- Analytics: Performance metrics, error reports, crash data
- Cookies: Session cookies, preference cookies, analytics cookies (see our Cookie Policy)
2.3 Information from Third Parties
- OAuth Providers: If you sign in with Google, Apple, or other providers, we receive basic profile information
- Payment Processors: Stripe provides transaction confirmation and billing information
3. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: Provide core baby tracking features, sync data across devices, generate insights and reports
- Account Management: Create and manage your account, authenticate your identity, process subscriptions
- Communication: Send important updates, respond to support requests, notify you of new features
- Improvement: Analyze usage patterns, fix bugs, enhance user experience, develop new features
- Security: Detect and prevent fraud, protect against unauthorized access, ensure data integrity
- Legal Compliance: Comply with legal obligations, respond to lawful requests
4. How We Share Your Information
We do not sell your personal information. We may share your information with:
4.1 Service Providers
- Supabase: Database and authentication services (GDPR compliant)
- Stripe: Payment processing (PCI DSS compliant)
- OpenAI: AI-powered name suggestions (anonymized data only)
- Analytics Providers: Google Analytics, Posthog (anonymized where possible)
4.2 Household Members
When you add family members to a shared household, they can view and edit baby information within that household. You control who has access.
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of BabyTime, our users, or others.
5. Data Security
We implement industry-standard security measures:
- Encryption: All data transmitted over HTTPS/TLS, passwords hashed with bcrypt
- Access Controls: Row-Level Security (RLS) policies, role-based permissions
- Monitoring: Automated threat detection, regular security audits
- Infrastructure: Hosted on secure cloud platforms with SOC 2 Type II compliance
While we take reasonable measures to protect your information, no system is 100% secure. Please use a strong password and enable two-factor authentication.
6. Your Privacy Rights
Depending on your location, you may have the following rights:
6.1 GDPR Rights (EU/EEA/UK)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to data processing based on legitimate interests
- Withdraw Consent: Revoke consent for data processing at any time
6.2 CCPA Rights (California)
- Know: Request disclosure of data collection and sharing practices
- Delete: Request deletion of personal information
- Opt-Out: Opt out of the sale of personal information (we don't sell data)
- Non-Discrimination: Equal service regardless of privacy choices
6.3 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@babytime.app. We will respond within 30 days.
7. Data Retention
We retain your information for as long as necessary:
- Active Accounts: While your account is active and for a reasonable period after
- Legal Requirements: As required by law (e.g., tax records for 7 years)
- Deleted Accounts: Within 90 days of account deletion, except for legal/security purposes
- Backups: Data in backups may persist for up to 90 days after deletion
8. Children's Privacy (COPPA)
BabyTime is designed for parents and caregivers (ages 18+) to track information about their babies. We do not knowingly collect personal information directly from children under 13.
The baby data you enter (names, photos, activities) is considered your personal information as the parent/guardian. You are responsible for deciding what information to include.
If we discover that a child under 13 has created an account, we will delete it immediately. If you believe this has occurred, contact us at privacy@babytime.app.
9. International Data Transfers
BabyTime is based in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the US and other countries.
We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Compliance with GDPR and other applicable data protection laws
- Use of service providers with appropriate certifications (Privacy Shield successors)
10. Third-Party Services and Links
BabyTime may contain links to third-party websites or integrate with third-party services (e.g., Google Calendar for appointment reminders). We are not responsible for the privacy practices of these third parties.
We recommend reviewing the privacy policies of any third-party services you use. Our policy only applies to information collected by BabyTime.
11. Do Not Track Signals
Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry standard for DNT, we do not currently respond to these signals. You can control cookies through your browser settings and our Cookie Consent Banner.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy with a new "Last Updated" date
- Sending an email notification to your registered email address
- Displaying an in-app notification
Your continued use of BabyTime after changes take effect constitutes acceptance of the updated policy.
13. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For EU/EEA residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.