Privacy Policy
Effective date: 2026-03-25 | Last updated: 2026-04-10
This Privacy Policy explains how Tinycore Studios ("we", "our", or "us") collects, uses, stores, and protects your information when you use the Baby Journal mobile application (the "App"). By using the App you agree to the practices described in this policy.
1. Who We Are
Baby Journal is developed and operated by Tinycore Studios. If you have any questions about this policy, contact us at: privacy@tinycorestudios.com
2. Information We Collect
2.1 Account Information
When you create an account we collect:
- Your display name
- Your email address
- Authentication provider (email/password, Google, or Apple)
We do not store your password in plain text. Passwords are managed securely by Firebase Authentication (Google LLC).
2.2 Journal and Baby Data
When you create a journal or add entries, you may provide:
- Journal title
- Your baby's name, gender, and date of birth
- Journal entries including: notes, milestone records ("firsts"), appointment details, family events, growth measurements (height, weight, foot size), and photos
This information is stored in your private journal and is not shared with other users unless you explicitly invite a caregiver.
2.3 Caregiver Data
If you invite another person to access your journal, we store:
- Their email address (used to send the invitation)
- Their role (Owner, Editor, or Viewer)
- Invitation status (Pending, Active, or Declined)
2.4 Usage and Analytics Data
With your consent, we collect anonymised usage events (e.g. screens visited, features used) via Firebase Analytics to understand how the App is used and to improve it. This data does not identify you personally.
2.5 Crash and Diagnostic Data
We use Firebase Crashlytics to automatically collect crash reports and diagnostic information when the App encounters an error. This helps us identify and fix bugs. Crash reports may include device type, OS version, and app state at the time of the crash.
2.6 Photos
If you add photos to journal entries, those images are uploaded to Supabase Storage and associated with your journal. Photos are private to your account and any caregivers you have invited.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the App
- Authenticate you and keep your account secure
- Sync your journal data across your devices
- Enable real-time sharing with caregivers you invite
- Analyse app usage (with your consent) to improve the product
- Detect and fix crashes and technical errors
- Respond to your support requests
We do not use your data for advertising. We do not sell your personal information to third parties.
4. Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and authentication | Contract performance |
| Journal and entry storage | Contract performance |
| Analytics (usage events) | Consent |
| Crash reporting | Legitimate interests (improving app stability) |
| Caregiver invitations | Consent |
You may withdraw consent for analytics at any time via your device settings or by contacting us.
5. Data Storage and Security
Your data is stored on Google Cloud infrastructure via Firebase services (Firebase Authentication, Cloud Firestore, Firebase Cloud Storage). Google LLC acts as our data processor.
- All data is transmitted over encrypted connections (TLS)
- Firestore security rules restrict access so you can only access your own journals and entries
- Caregiver access is role-based and revocable at any time
- We do not store payment information (any future payments are handled by Apple App Store or Google Play)
Google's data centres are primarily located in the United States. If you are based in the EEA or UK, your data may be transferred to and processed in the United States. Such transfers are made subject to appropriate safeguards in accordance with applicable data protection law (including Google's Standard Contractual Clauses).
6. Data Retention
We retain your personal data for as long as your account is active. If you delete your account:
- Your account credentials are deleted from Firebase Authentication
- Your journals and entries are deleted from the Supabase database
- Your photos are deleted from Supabase Storage
Some anonymised, aggregated analytics data may be retained for statistical purposes and cannot be linked back to you.
7. Children's Privacy
Baby Journal is intended for use by parents, guardians, and caregivers — it is not directed at children under the age of 13. We knowingly collect information about babies (such as name, birth date, and growth measurements) on behalf of the adults using the App, but we do not knowingly collect personal information from children under 13.
If you believe we have inadvertently collected personal information from a child under 13 without appropriate consent, please contact us at privacy@tinycorestudios.com and we will take prompt steps to delete that information.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Portability | Receive your data in a structured, machine-readable format |
| Restriction | Ask us to restrict processing of your data in certain circumstances |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent for analytics at any time |
How to Exercise Your Rights
You can manage most of your data directly in the App (edit journal details, delete entries, remove caregivers). To request full account and data deletion, or to exercise any of the rights above, contact us at: privacy@tinycorestudios.com
We will respond to all requests within 30 days. In complex cases we may extend this by a further 60 days and will notify you accordingly.
9. Data Deletion Requests
You have the right to request complete deletion of all data associated with your account. To do so:
- Email privacy@tinycorestudios.com from the email address associated with your account
- Include "Data Deletion Request" in the subject line
- We will verify your identity and confirm deletion within 30 days
Once deleted, your data cannot be recovered.
10. Third-Party Services
We use the following third-party services. Each has its own privacy policy:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Firebase Authentication (Google) | Account sign-in and security | firebase.google.com/support/privacy |
| Supabase Database (PostgreSQL) | Journal and entry storage | supabase.com/privacy |
| Supabase Storage | Photo storage | supabase.com/privacy |
| Firebase Analytics (Google) | Usage analytics | firebase.google.com/support/privacy |
| Firebase Crashlytics (Google) | Crash reporting | firebase.google.com/support/privacy |
| Google Sign-In | Social authentication | policies.google.com/privacy |
| Apple Sign-In | Social authentication | apple.com/legal/privacy |
11. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell personal information)
- Not be discriminated against for exercising your rights
To exercise these rights, contact us at privacy@tinycorestudios.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this document and, where required by law, by providing more prominent notice (such as an in-app notification). Continued use of the App after changes constitutes your acceptance of the updated policy.
13. Contact Us
For any privacy-related questions, requests, or concerns:
Tinycore Studios
Email: privacy@tinycorestudios.com