Privacy Policy
Parentflow (“we,” “us” or “our”) is committed to protecting the privacy of parents/guardians (“you”) and children under your care (“your child”). This Privacy Policy explains how we collect, use, disclose and safeguard information when you use our mobile application, website and related services (collectively, the “Service”). By using the Service, you consent to the practices described in this policy. This Privacy Policy is provided for general informational purposes and does not constitute legal advice; please consult a qualified attorney for advice specific to your situation.
1. Definitions
- Personal Information: Data that can be used to identify or contact you or your child, such as name, email address, phone number or device identifier.
- Child Information: Personal Information about a child under 13 years of age, collected only with verifiable parental consent.
- Sensitive Data: Information of a sensitive nature, including health‑related metrics (e.g., sleep logs, growth data) and media uploads (photos, videos or audio) of your child.
- Anonymous Information: Data that is not linked to Personal Information and does not permit identification of individuals.
- Service Providers: Third‑party companies that process data on our behalf under contractual obligations to protect your information.
- User: A parent or legal guardian who creates an account and uses the Service on behalf of themselves and/or their child.
2. Information We Collect
2.1 Information You Provide
We collect Personal Information that you voluntarily provide when you create an account or use certain features:
- Account Data: Name, email address, password and (optionally) phone number when you register an account.
- Payment Data: If you purchase a subscription, our third‑party payment processor (e.g., Stripe) collects your payment card details. We do not store full payment card numbers on our servers.
- Child Information (with Verifiable Consent): To provide our core services we require your child’s nickname, birthdate and gender. You may optionally provide additional information such as sleep/feeding logs, growth metrics, temperament details and media uploads. Collection of Child Information is strictly opt‑in and requires verifiable parental consent.
2.2 Information Collected Automatically
- Usage Data: We collect technical information such as IP address, device type and ID, operating system version, app events (crashes, session duration) and feature usage. This helps us troubleshoot issues and improve functionality.
- Approximate Location: We may derive an approximate city‑level location from your IP address to customise your experience (e.g., time zone). We do not collect precise GPS location and location collection is disabled by default.
- Cookies & Similar Technologies: We may use essential cookies or device identifiers to maintain session state and support basic app functionality. We do not use cookies for targeted advertising or cross‑site tracking.
2.3 Information from Third Parties
We may receive information about you from third‑party services if you link or sign in to the Service using those services (e.g., Apple, Google). This information may include your name and email address and is used solely to authenticate you and link your accounts.
3. How We Use Your Information
We use the information we collect to:
- Provide and Maintain the Service: Deliver core features such as sleep tracking, milestone predictions, growth charts and personalised insights.
- Personalise Your Experience: Customise content based on your usage patterns, child’s age and preferences.
- Process Transactions: Facilitate payments and send you related communications (e.g., purchase confirmations, subscription reminders).
- Respond to Enquiries: Provide customer support, respond to your requests and send administrative messages (e.g., password resets).
- Improve Our Services: Analyse anonymised usage data to understand user behaviour, develop new features and improve app performance.
- Ensure Safety & Compliance: Detect and prevent fraud, enforce our Terms of Use, protect children’s safety and comply with legal obligations.
We will never sell or rent Child Information to any third party, use your Personal Information or Child Information for targeted or behavioural advertising, or create commercial profiles of children.
4. Legal Bases for Processing
If you are located in the European Economic Area (EEA) or United Kingdom, we process your Personal Information under the following legal bases: (a) consent (e.g., when you provide Sensitive Data or Child Information); (b) contract (processing necessary to provide the Service); (c) legal obligations (to comply with laws or respond to lawful requests); and (d) legitimate interests (to improve the Service and ensure safety), provided those interests are not overridden by your fundamental rights.
5. Data Sharing and Disclosure
We may share your information with:
| Category | Examples | Data Shared | Purpose |
|---|---|---|---|
| Cloud Hosting | AWS, Google Cloud | Encrypted user data | Secure data storage and processing |
| Analytics | Firebase Analytics | Anonymised usage statistics | Improve app functionality |
| Payment | Stripe | Payment card details | Securely process subscription payments |
We may also disclose your information:
- Legal & Safety Reasons: If required by law (e.g., subpoena, court order) or if we have a good‑faith belief that disclosure is necessary to protect our rights, investigate fraud or prevent harm to a child.
- Business Transfers: In the event of a merger, acquisition or sale of assets, your Personal Information may be transferred to the successor entity. The acquiring entity will be required to honour this Privacy Policy.
- With Consent: We may share information for other purposes if you give us specific consent.
We do not disclose personal information to advertisers, data brokers or other third parties for commercial purposes.
6. Parental Controls, Consent & Your Choices
- Verifiable Parental Consent (COPPA): For children under 13, we require parental consent before collecting any Child Information. You must verify that you are the child’s parent or legal guardian.
- Privacy Dashboard: You can access, review, correct and delete your Child Information at any time via the in‑app privacy dashboard (Settings > Privacy). This allows you to manage logs, uploads and other data.
- Right to Access & Portability: You can download a machine‑readable copy of your data via the privacy dashboard.
- Right to Deletion: You can request deletion of your account and all associated Personal Information by emailing support@parentflow.io. We will process deletion requests within 30 days.
- Right to Withdraw Consent: You may withdraw consent for processing Sensitive Data or Child Information at any time.
- Communication Preferences: You can opt out of non‑essential communications (e.g., marketing emails) via in‑app settings.
7. Your Rights Under GDPR & CCPA
- GDPR (European Union/UK): If you are an EEA or UK resident, you have the right to object to processing, request restriction of processing, correct inaccurate data and lodge a complaint with your data‑protection authority. To exercise these rights, contact our Data Protection Officer at dpo@parentflow.io.
- CCPA/CPRA (California): If you are a California resident, you have the right to request access to and deletion of personal information and to opt out of “selling” personal information. We do not sell personal information as defined under the CCPA/CPRA.
8. Data Security
We implement administrative, technical and physical safeguards to protect your information:
- Encryption: Data in transit is encrypted using TLS 1.3, and data at rest is encrypted using AES‑256.
- Access Controls: Access to Personal Information is limited to authorised personnel who require it to perform their job functions.
- Breach Notification: In the event of a data breach, we will notify affected users and relevant authorities within 72 hours of confirmation, in accordance with applicable laws.
9. Data Retention
We retain your data only as long as necessary to provide the Service or as required by law.
- Account Data: Until you request account deletion.
- Child Health Logs: 24 months of inactivity, after which you will be notified before deletion.
- Media Uploads: Until you delete the specific media or your account.
10. International Data Transfers
- General: Your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
- For EU/UK Users: We transfer data relying on Adequacy Decisions (where applicable) or Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data remains protected.
- For Australian Users: By providing your data, you consent to your personal information being transferred to the United States. You acknowledge that while we take reasonable steps to protect your data, the overseas recipient is not subject to the Australian Privacy Principles (APPs) and if they breach the APPs, you may not be able to seek redress under the Australian Privacy Act.
11. Children’s Privacy
Children require particular protection. We design our systems using a data‑protection‑by‑design approach. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we learn that a child under 13 has provided us with personal information without consent, we will delete such information.
12. Do Not Track & Advertising
- No Third‑Party Ad Networks: We do not integrate with third‑party advertising networks and do not display targeted advertisements.
- Do Not Track Signals: We do not currently respond to browser‑based “Do Not Track” (DNT) signals as our Service requires usage tracking to function correctly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email and an in‑app notice at least thirty (30) days before changes take effect.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: support@parentflow.io
Privacy Officer: privacy@parentflow.io
Mailing Address: [Your Legal Address], Attn: Legal/Privacy Department
Regulatory Contacts:
- EU/EEA: You may contact your local Data Protection Authority.
- Australia: If you are unsatisfied with our response, you have the right to contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
15. Disclaimer
This Privacy Policy describes our data practices for informational purposes and does not constitute legal advice. Privacy laws differ by jurisdiction and may change over time. We encourage you to consult a qualified attorney to ensure your privacy policy meets all applicable legal requirements.