BabyRoutio

Effective Date: February 27, 2026

Last Updated: February 27, 2026

Applies to: BabyRoutio iOS app (and any future Android / Web versions)

Data Controller: BabyRoutio (operated as an independent developer)

At BabyRoutio, we take your family's privacy seriously. This Privacy Policy explains what data we collect when you use our baby-tracking app, why we collect it, how it is stored and protected, and what rights you have regarding your personal information.

BabyRoutio is designed for parents and caregivers. We do not knowingly collect data from children; all data entered about a baby is entered by an adult user. Please read this policy carefully before using the app.

Information We Collect
How We Use Your Information
Legal Bases for Processing (GDPR)
Data Storage & Security
Third-Party Services
Notifications
AI Assistant Feature
Subscriptions & Payments
Data Retention
Your Rights
Children's Privacy
International Transfers
Changes to This Policy
Contact Us

1 Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address — used for authentication, account recovery, and transactional communications.
Password — stored as a secure cryptographic hash; we never see your plain-text password.
Display name (optional) — used to personalise the app interface.

1.2 Baby Profile Data

To provide personalised tracking and sleep schedule recommendations, you may enter:

Baby's first name
Baby's date of birth
Baby's gender (optional)
Baby's weight & height (optional, for growth tracking)
Baby's photo (optional, stored locally by default)

1.3 Tracking & Activity Data

Category	Data Points Recorded
Sleep Records	Start time, end time, duration, sleep quality notes, nap vs. night-sleep flags
Feeding Records	Start time, type (breastfeeding / bottle / solid), amount (ml or oz), duration, notes
Diaper Records	Timestamp, type (wet / dirty / both), notes
Supplementary Foods	Food name, serving date/time, quantity, acceptance rating, notes
Calendar Events	Doctor appointments, vaccination dates, milestones added by the parent
Growth Records	Date, weight, height, head circumference (optional)

1.4 Sleep Schedule & Notification Preferences

When you use the Sleep Schedule feature, we store your preferred wake-up time, nap schedule settings, notification lead times, and gamification progress (sleep streaks and badges).

1.5 AI Assistant Interactions

When you use the in-app AI chat assistant, we process:

The text messages you send to the assistant.
The AI responses returned to you.
A daily usage counter (max 15 messages per 24-hour period, enforced server-side).

 Important: Do not enter sensitive personally identifiable information (e.g., full legal names, insurance IDs, medical record numbers) into the AI chat. The AI is for general parenting guidance only and is not a substitute for professional medical advice.

1.6 Device & Technical Data

Device type, model, and operating system version
App version number
Language and locale settings
Crash reports and error logs (aggregated, non-personally-identifiable)
Push notification token (for local/remote notifications)

1.7 Subscription & Purchase Data

Handled via RevenueCat and Apple In-App Purchase. We receive subscription status (active / expired / trial), product ID, and purchase date. We do not receive or store your payment card details; these remain with Apple.

2 How We Use Your Information

Purpose	Data Used
Create and authenticate your account	Email, hashed password
Sync your records across devices	All tracking data, baby profile
Generate sleep schedule recommendations	Baby's age, sleep records, wake windows
Send sleep & feeding reminders	Notification preferences, schedule data
Provide the AI parenting assistant	Chat messages, baby age (anonymised)
Manage your subscription	Subscription status from RevenueCat
Improve app performance & fix bugs	Crash logs, device/OS info (aggregated)
Send transactional emails	Email address (e.g., password reset)
Display gamification progress	Sleep streak counts, badge status
Comply with legal obligations	Minimal required data

We do not sell your personal data. We do not use your data for targeted advertising. We do not share your baby's information with any third party for their own marketing purposes.

3 Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Turkey (KVKK), we process your data based on the following legal grounds:

Contract performance — processing required to provide the service you signed up for.
Legitimate interests — analytics and crash reporting to improve app quality.
Legal obligation — retaining transactional records as required by applicable law.
Consent — push notifications (you can withdraw consent at any time in device Settings).

Turkish Users (KVKK): Your data is processed in accordance with the Turkish Personal Data Protection Law No. 6698. You have all the rights listed in Section 10 of this policy, enforceable under KVKK.

4 Data Storage & Security

4.1 Local Storage

Tracking records, preferences, and app state are first saved locally on your device using AsyncStorage (encrypted by iOS Secure Enclave). This ensures the app works fully offline.

4.2 Cloud Storage (Supabase)

When you are signed in and online, your data is synced to Supabase, hosted on AWS infrastructure in the EU (Frankfurt region, eu-central-1). Supabase provides:

Data encryption at rest (AES-256) and in transit (TLS 1.2+)
Row-Level Security (RLS) — your data is accessible only by your authenticated account
SOC 2 Type II compliant infrastructure
Automated daily backups

4.3 Security Measures

JWT-based authentication with short-lived access tokens and refresh token rotation
API endpoints protected by server-side JWT verification
No admin or third-party access to individual user data without judicial order
Regular dependency audits and security patches

 Your responsibility: Keep your device password/biometrics enabled and your account password strong and unique. If you suspect unauthorised access, change your password immediately and contact us.

5 Third-Party Services

We use a minimal set of carefully selected third-party services:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Database, authentication, cloud sync	Account data, all tracking records	supabase.com/privacy
RevenueCat	Subscription management	User ID, subscription status, purchase events	revenuecat.com/privacy
Apple App Store	In-app purchase processing	Subscription receipts (Apple retains payment data)	apple.com/legal/privacy
Notifee	Local push notifications	No data sent externally — runs 100% on-device	notifee.app
AI Provider	AI parenting assistant	Anonymised chat messages (no PII transmitted)	Disclosed separately in-app

We do not use Facebook SDK, Google Analytics, or any advertising networks. We do not permit any third party to build a profile of you for advertising purposes.

6 Notifications

BabyRoutio uses local notifications only (scheduled on-device by Notifee). Notification content is generated locally and is never transmitted to our servers or any third party.

Sleep window reminders (e.g., "Nap time is coming in 15 minutes")
Feeding reminders
Follow-up check-ins after scheduled naps

You control all notifications via iOS Settings → BabyRoutio → Notifications.

7 AI Assistant Feature

7.1 How It Works

Messages are sent over TLS to our server-side proxy, which enforces the daily usage limit (15 messages per 24 hours per account) before forwarding the request to the AI provider.

7.2 What We Transmit

Your typed message text
Baby's age bracket (e.g., "6 months") for contextual responses — not the exact birthdate
A hashed user ID (not your email) to enforce rate limits

 Not Medical Advice: The AI assistant provides general parenting information only. It is not a medical device and does not provide diagnoses, medical advice, or treatment recommendations. Always consult a qualified healthcare professional for medical concerns about your baby.

7.4 Retention of AI Chats

AI conversation history is stored locally on your device. We do not persistently store your AI chat history on our servers beyond what is necessary to generate the response.

8 Subscriptions & Payments

BabyRoutio offers a subscription via Apple In-App Purchase, managed through RevenueCat. We receive:

Subscription plan (monthly or annual)
Subscription status (trial, active, expired, cancelled)
Renewal date and cancellation date
RevenueCat anonymous user ID

We do not receive, store, or process your credit card number or any other payment instrument.

 Free Trial Note: BabyRoutio offers an Apple-managed 7-day free trial. Billing begins automatically after the trial period unless cancelled at least 24 hours before the trial ends. Manage subscriptions at iOS Settings → [Your Name] → Subscriptions.

9 Data Retention

Data Category	Retention Period
Account information (email)	Until you delete your account
Baby profile & tracking records	Until you delete your account or specific records
AI chat usage counters	Rolling 24-hour window; automatically deleted
Crash & error logs	90 days (aggregated, no PII)
Subscription transaction records	7 years (legal/tax obligation)
Local device data	Until app is uninstalled or you delete data in-app

Account Deletion

Delete your account anytime via Profile → Settings → Delete Account. Upon deletion:

All personal data deleted from servers within 30 days
Backups purged within 90 days
Subscription transaction records retained for the legally required period

10 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

👁️

Right of Access

Request a copy of all personal data we hold about you.

✏️

Right to Rectification

Correct inaccurate or incomplete data directly in-app or by contacting us.

🗑️

Right to Erasure

Request deletion of your account and all associated data.

📦

Right to Portability

Receive your tracking data in a machine-readable format (JSON/CSV).

🚫

Right to Object

Object to processing based on legitimate interests.

⏸️

Right to Restrict

Request restriction of processing in certain circumstances.

↩️

Withdraw Consent

Withdraw notification consent at any time in device Settings.

📣

Right to Complain

Lodge a complaint with your national data protection authority.

To exercise any of these rights, contact us at the email in Section 14. We will respond within 30 days.

Turkish users may also submit requests pursuant to KVKK Article 11 via the contact information in Section 14.

11 Children's Privacy

BabyRoutio is designed for parents and caregivers who are 18 years of age or older. The app collects information about babies entered by their parent/guardian, but it is not directed at children.

We do not knowingly collect personal information directly from children under 13. If you believe a child has created an account without parental consent, please contact us immediately.

12 International Data Transfers

Our primary cloud infrastructure (Supabase) is hosted in the EU (Frankfurt, Germany). RevenueCat operates from the United States. When data is transferred outside the EEA, we ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Service providers' own compliance certifications (SOC 2, GDPR DPA agreements)

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Effective Date" at the top of this page
Display an in-app notification or prompt for re-acceptance for significant changes
Send an email notification to registered users for major changes

14 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out:

🔒

Privacy Inquiries

We aim to respond to all requests within 30 days.

babyroutioapp@gmail.com

You also have the right to lodge a complaint with the relevant supervisory authority:

EU/EEA: Your national data protection authority (DPA)
Turkey: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr
UK: Information Commissioner's Office (ICO) — ico.org.uk

← Back to Home Terms of Service →

Table of Contents