OrdesaHub
Get in Touch

Privacy Policy

Effective Date: March 29, 2026  ·  Last Updated: April 4, 2026

This Privacy Policy describes how Kiko – Baby Tracker ("we," "us," or "our") collects, uses, and shares information about you when you use the Kiko – Baby Tracker mobile application (the "App"). By using the App, you agree to the collection and use of information in accordance with this policy. We fully comply with the Apple App Store Guidelines, GDPR, and CCPA.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: When you create an account we collect your email address and display name, either entered directly or provided by a third-party login provider (Apple or Google).
  • Baby profile: Name and date of birth of the infant(s) you add to the App.
  • Activity logs: Records of activities you log, including type (sleep, feed, diaper, bath, play, medicine, custom), timestamp, duration, and any optional notes you attach.
  • Growth measurements: Weight, height, and head circumference data you enter manually.
  • Planner events: Scheduled events and reminders you create within the App.
  • Profile photo: An optional photo you choose to upload for your baby's profile.
  • Smart Capture voice and text input: When you use the Smart Capture feature, audio you speak is transcribed on your device and that transcribed text may be sent to third-party AI services (Google Gemini API or Groq API) to detect and parse activities. This data is not stored by us or by those providers beyond the scope of processing your immediate request.

1.2 Information Collected Automatically

  • Usage data: Anonymous, aggregated information about features used, session length, and navigation patterns.
  • Device information: Device type, OS version, and app version, used for compatibility and crash diagnostics.
  • Crash reports: Diagnostic information that does not include your baby's personal information.

1.3 Information from Third Parties

  • Sign in with Apple / Google Sign-In: We receive your name and email address. We never receive your password. Apple may provide a private relay email at your discretion.
  • RevenueCat: When you purchase a subscription, RevenueCat handles the transaction through Apple's in-app purchase system. We receive subscription status only — never your payment card details.

1.4 Location Information

With your permission the App accesses your device's location once per session to calculate local sunrise and sunset times for display on the activity clock. Location data is never stored, transmitted, or used for any other purpose, and never leaves your device for this feature.

2. How We Use Your Information

  • Provide and operate the App — store and display your baby's activity logs, growth data, and planner events.
  • Enable partner synchronization — share your baby's data in real time with partners you explicitly invite by email.
  • Generate predictions and insights — analyze logged patterns to produce sleep and feeding predictions and trend analytics.
  • Send notifications — deliver push notifications for sleep reminders, event reminders, and prediction alerts if you enable them in Settings.
  • Process payments — verify and manage your premium subscription status via RevenueCat and Apple's App Store.
  • Improve the App — use anonymized, aggregated usage data to understand how features are used.
  • Ensure security — detect and prevent fraudulent activity and unauthorized access.
  • Respond to support requests — use your contact information to reply to questions or bug reports.

2.1 AI-Powered Smart Capture

The Smart Capture feature lets you log activities by speaking or typing naturally. When this feature is used:

  • Audio is transcribed on your device using Apple's on-device speech recognition. The raw audio is never transmitted.
  • The resulting transcribed text is sent to one of two third-party large language model (LLM) APIs — Google Gemini API or Groq API — to detect and structure baby care activities from your natural language input.
  • These API calls do not include any personally identifiable information other than the text you spoke. Your account identity is not disclosed to the AI providers.
  • Transmitted text is processed transiently and is not stored by us or by the AI providers for training or any other purpose beyond the immediate API response.
  • You can opt out of Smart Capture entirely by simply not using the feature. Manual log entry remains available at all times.

3. Data Storage, Security, and Protection

  • Secure Hosting: Your data is hosted by Supabase, an enterprise-grade, compliant database infrastructure provider.
  • Encryption in Transit and at Rest: All data transmitted between the App and our servers is encrypted using HTTPS/TLS. Data stored in the database is encrypted at rest.
  • Row Level Security (RLS): Database-level RLS policies ensure your data can only be read or modified by you, or by a specific user who has actively accepted your invitation to share the profile.
  • Secure Token Storage: Authentication tokens are stored using encrypted on-device secure storage. Passwords are never stored by us.

4. How We Share Your Information

We do not, and will never, sell your personal data or your baby's data to advertisers, data brokers, or any other third parties.

App Tracking Transparency: The App does not "track" you. We do not collect or share any data that links user or device data from our App with user or device data from other companies' apps, websites, or offline properties for targeted advertising or advertising measurement purposes.

We share limited data only with the following trusted providers to perform necessary app functions:

RecipientPurposeData Shared
Your invited partner/caregiverReal-time activity syncBaby profile, activity logs, growth data
SupabaseCloud storage & real-time syncAll app data (encrypted)
RevenueCatSubscription managementUser ID, subscription status
Apple / GoogleAuthenticationEmail, name (sign-in only)
Google Gemini APIAI-powered Smart Capture activity detectionTranscribed text only — not stored, not linked to your identity
Groq APIAI-powered Smart Capture (fallback model)Transcribed text only — not stored, not linked to your identity
Law enforcementLegal obligationOnly if required by valid legal process

5. Data Retention

We retain your associated device, profile, and activity data only for as long as it is necessary to provide the services to you.

  • Active account: We retain your data for as long as your account is active.
  • Account deletion: When you delete your account (Settings → Account → Delete Account), all associated data is immediately queued for permanent deletion from our servers and will be fully erased within 30 days. Actionable backups natively expire and are wiped shortly thereafter.
  • Local cache: The App stores a local cache on your device. This is cleared when you delete the App or log out.
  • Anonymized analytics: Aggregated, anonymized statistics that cannot be linked back to you or your device may be retained indefinitely for product improvement.

6. Your Rights and Choices

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information directly within the App or by contacting us.
  • Deletion: Delete your account and all associated data through Settings → Account → Delete Account, or by contacting us.
  • Portability: Export your activity log data in CSV or PDF format from the Insights tab.
  • Withdraw consent: Revoke location or notification permissions at any time through your device's Settings app.
  • Opt out of analytics: Contact us to request exclusion from anonymized usage analytics.

California residents (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale. We do not sell personal information.

European residents (GDPR): You have the right to access, rectify, erase, restrict, and port your data, and to lodge a complaint with your local data protection authority. Our legal basis for processing is performance of the contract (providing the App service) and, for optional features such as location and notifications, your explicit consent.

7. Children's Privacy

The App is designed for use by parents and caregivers — not by children. The App records information about infants as entered by their parent or guardian, but the user-facing account system is intended for adults only. We do not knowingly collect personal information directly from children under the age of 13. If you believe a child under 13 has created an account without parental consent, please contact us immediately and we will delete the account.

8. Third-Party Services

The App integrates the following third-party services, each governed by their own privacy policies:

9. Account Deletion

You own your data and maintain total control over it. You can delete any individual log or event directly from within the App at any time. For full account deletion, navigate to Settings → Account → Delete Account. All associated data — including baby profiles, activity logs, growth measurements, planner events, and media — will be permanently erased within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you through a notice within the App or by email prior to the change taking effect. The "Last Updated" date at the top reflects the most recent revision. Continued use of the App after changes take effect constitutes your acceptance.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

[email protected]

OrdesaHub · [email protected]