Your data is yours.
We treat children's data with extra care, even though COPPA technically does not apply (you are the user, not your child). Plain language version below; the legal version is in the Terms.
What we collect
- Your name, email, and password (or OAuth identity).
- For each child: name, birthday, optional sex, your notes.
- Check-in answers, milestones marked, conversations logged, vaccinations entered, pediatrician visits recorded.
- Standard server logs (IP address, timestamps) for security.
What we never do
- Sell your data to anyone, ever.
- Use your data to train external AI models.
- Use your data for advertising or behavioral targeting.
- Share child-specific data with anyone without your explicit consent.
Where it lives
Encrypted at rest on managed Postgres infrastructure (Render). Encrypted in transit over TLS. Row-level isolation: only you and the caregivers you invite can access your children's data.
Export & deletion
From Settings → Data you can export everything we hold about you and your children as JSON. From the same page you can permanently delete your account and all associated data. We complete deletion within 30 days.
Analytics
We use privacy-respecting product analytics to understand which content is helpful and which routes are confusing. We do not use third-party advertising trackers. You can opt out at any time in Settings.
We use email for: sign-in (magic links), important account notifications, and (only if you opt in) weekly digests and stage transitions. We never share your email with third parties.
Children's data
Per our terms, accounts are for adults. The data you store about your child is treated with the highest standard of care: it is not shared with marketing partners, never used for advertising, and is deleted within 30 days of you deleting your account.
Contact
Questions? Email privacy@yourdomain.com. We respond within five business days.