Privacy Policy

Last updated: 23 June 2026

Template notice. This is a plain-language, GDPR-aligned notice written to match how ReadMyBaby actually works. The publisher must finalize it with qualified legal counsel and insert the controller's legal identity and contact details before publication.

ReadMyBaby (“the app”, “we”) helps parents and caregivers log and understand their baby's daily care. Your baby's care data is private by default and stays on your device unless you explicitly turn on an optional feature that needs otherwise. To keep the app reliable we also collect a small amount of anonymous, non-personal usage and device analytics (described in Section 4). This policy explains what we process, why, the legal basis, and your rights.

Not medical advice. ReadMyBaby is an informational tool, not a medical device, and does not provide medical advice, diagnosis, or treatment. Consult a health professional for any health concern, and call your local emergency number in an emergency.

1. Who is responsible (controller)

The data controller is [Publisher legal name], [address], contact [privacy@readmybaby.app]. (Publisher to complete.) For most processing, ReadMyBaby acts on data stored locally on your device, which you control directly.

2. A note on children's data

ReadMyBaby is used by adults (parents/caregivers) but inherently processes information about an infant. We treat baby data as sensitive personal data relating to a child and apply heightened care:

data minimization — we collect only what the tracking features need;
on-device storage by default for all baby data;
no advertising, no profiling for marketing, no third-party tracking SDKs;
clear, explicit opt-in for any baby data that would leave the device.

The app is intended for use by a child's parent or legal guardian (or a caregiver they authorize). The anonymous analytics in Section 4 never include any information about your baby.

3. What we process, and where it lives

Stored on your device (local-first)

Category	Examples	Where it lives
Baby profile	Name/nickname, date of birth, optional due date, sex, optional photo reference	On-device database only
Care logs	Feeds, sleep, diapers, pumping, growth, notes	On-device database only
Cry analysis results	The derived suggestion + your feedback	On-device database only
Consent records	Timestamped log of consents granted/withdrawn + policy version	On-device database only
Settings	Reminder toggle, quiet hours, language, theme	On-device preferences

This local database is kept in the app's private sandbox and is excluded from device cloud backups.

Cry audio (special category — handled with extra care)

When you use the Cry Analyzer, audio is captured and analyzed on your device.
Cry audio is never stored and never uploaded. Only the derived, non-audio result (a ranked suggestion + confidence) is saved locally.

Baby data sent off the device — only if you opt in

ReadMyBaby does not send your baby's data anywhere by default. The following are optional and off unless you explicitly enable them:

Optional feature	What would be sent	To whom
AI Assistant	Your typed questions plus logged context (e.g. baby age in months, a short text summary). Never cry audio.	Our secure proxy (a Cloudflare Worker we operate), which relays to an LLM provider. The API key lives only on the proxy.
Anonymized cry contribution	Anonymized cry labels to help improve the model	Our model-improvement pipeline
Cloud sync / backup (future)	A copy of your logs to sync across devices	Our sync service

4. Anonymous usage & device analytics

So we can understand whether the app is working, which features are used, and on which devices it runs (to fix crashes and prioritize improvements), ReadMyBaby collects a small amount of anonymous, non-personal analytics. This is first-party (sent only to our own Cloudflare backend) — we use no third-party advertising or analytics SDKs.

What we collect	Detail
Anonymous device identifier	A random app-generated id, plus the device's Android ID one-way hashed (SHA-256 with a salt) so the raw value never leaves your phone and we cannot reverse it. Used only to de-duplicate devices.
Device info	Manufacturer, brand, model, Android version, screen size, language, timezone.
App info	App version and build.
Coarse location	Country/region inferred from your IP address at our edge (we do not use GPS and do not store a precise location).
Usage events	Non-personal events such as “app opened”, “screen viewed”, “entry logged” (the type only — e.g. feed/sleep), “prediction shown”. No values, names, notes, photos, or audio.

What we never collect here: your baby's name, date of birth, logs' contents, notes, photos, cry audio, or any health detail. Analytics carry the event type only — never your baby's data.

Legal basis (GDPR Art. 6(1)(f)): our legitimate interest in operating, securing, and improving the app, balanced against your privacy by keeping the data anonymous and minimal. You can ask us to delete it at any time — see Data deletion. If you would prefer this not be collected, that deletion request is your control, and we may add an in-app opt-out in a future release.

Retention: analytics events are retained for up to 14 months, then deleted or aggregated. Device records are removed when you request deletion or after a long period of inactivity.

5. Why we process it (purposes) and legal basis

Purpose	Legal basis
Core tracking, dashboard, predictions, reminders, growth — on your device	Consent (acknowledged at onboarding); local and necessary to deliver the feature
Analyze a cry on-device	Explicit consent; processed locally only
Send context to the AI Assistant	Explicit consent (separate opt-in)
Contribute anonymized cry data	Explicit consent (separate opt-in)
Anonymous usage & device analytics (Section 4)	Legitimate interest (Art. 6(1)(f))
Keep a consent audit log	Legal obligation / legitimate interest

6. Reminders & notifications

If you enable reminders, the app schedules local notifications on your device for predicted feed/sleep times, respecting your quiet hours. These are generated and delivered locally; no notification content is sent to us.

7. Sharing & disclosure

We do not sell your data.
We do not share it with third parties for advertising or marketing.
We use no third-party analytics, advertising, or tracking SDKs.
Outbound transmissions are: the first-party anonymous analytics (Section 4) to our Cloudflare backend, and the optional AI Assistant / contribution / sync features you choose to enable. Where a processor (e.g. an LLM or hosting provider) is involved, we engage them under appropriate data-processing terms.

8. International transfers

Analytics are processed on Cloudflare infrastructure, which operates globally. If you enable the AI Assistant (or future cloud features), requests may be processed across regions. Where personal data is transferred internationally, the publisher relies on appropriate safeguards (such as EU Standard Contractual Clauses). (Publisher to complete with the actual providers/regions.)

9. Retention

On-device baby data is retained until you delete it — individual entries, Delete all data, or uninstalling the app.
Cry audio is not retained at all (never stored).
Anonymous analytics: up to 14 months, or until you request deletion.

10. Your rights (GDPR)

Right	How
Access / portability	Use Export data in the app for a complete JSON copy of all babies, logs, and the consent log.
Erasure	Use Delete all data for on-device data; use the Data deletion page to erase server analytics.
Withdraw consent	Toggle any optional consent off in Settings; recorded in the consent log.
Rectification	Edit any baby profile or log entry in the app.
Object / restrict	For analytics processed under legitimate interest, you may object — request deletion via the Data deletion page or contact us.
Complaint	You may complain to your local data protection authority.

11. Security

Baby data is stored in the app's private sandbox and excluded from cloud backups.
All network calls use HTTPS; the LLM API key is held only on our server-side proxy — never in the app.
The Android ID is one-way hashed on the device before any analytics call.
No third-party trackers are bundled.

No method of storage or transmission is 100% secure, but we apply privacy-by-design and data-minimization throughout.

12. Changes to this policy

We may update this policy as features are released. Material changes are reflected by an updated “Last updated” date and, where appropriate, an updated policy version captured with your consent records.

13. Contact

Questions or requests: [privacy@readmybaby.app] — [Publisher legal name and address]. (Publisher to complete.)