Privacy Policy for Nubu: Baby Tracker

Effective Date: January 15, 2025 Last Updated: March 5, 2026

Humando AB ("we", "our", or "us") provides the Nubu: Baby Tracker application, related websites, and support channels (the "Services"). This notice explains how we handle personal information. Nubu: Baby Tracker is a caregiver journaling tool only; it does not provide medical advice. By using the Services you agree to this Privacy Policy.

1. Who We Are & How To Reach Us

• Controller: Humando AB
• Organization Number: 556944-4762
• Website: https://nububaby.com
• Privacy Email: [email protected]
• Support Email: [email protected]
• Postal Requests: Contact us by email to arrange secure delivery of physical mail.

2. Information We Collect

We collect only what we need to run the Services:

• Account & Subscription Data (optional): If you create an account or start a trial/subscription, we collect your email, authentication credentials, StoreKit purchase confirmations, and Apple ID region.
• Baby Journals: Information you enter about babies and care activities (for example names or nicknames, dates, activity logs, notes, caregiver invites, and attachment metadata). This data stays on your device unless you enable Premium/Trial sync.
• Device & Diagnostics: Device model, OS version, app configuration, and crash reports. Crash reporting is on by default and can be turned off in Settings.
• Optional Analytics (opt-in): Minimal, aggregated usage analytics are collected only if you explicitly opt in (and, where required, after consent prompts).
• Support Messages: Information you send to our support, legal, or privacy teams.

We do not collect precise geolocation or payment card data. We do not currently collect advertising identifiers; if we introduce advertising features, we may request permission to access advertising identifiers where required by law or platform rules.

3. Why We Use This Information

We use personal information to:

1. Provide, secure, and troubleshoot the Services, including cloud features and caregiver sharing (contract performance). 2. Process subscriptions via Apple and enforce free-tier limits (contract performance & legitimate interest). 3. Respond to support or safety requests and comply with legal obligations. 4. Improve stability and debug issues through crash reports (legitimate interest; you can disable this in Settings). 5. Improve features through aggregated analytics when you opt in (consent where required).

We do not sell personal data. We do not use personal data for targeted advertising unless we provide notice and obtain any required consent.

4. Sharing & Transfers

We share data only with:

• Service Providers: Supabase Auth, Database, and Storage for sync/backups; email delivery partners for exports/support; and analytics/crash reporting providers if you opt in. These providers act under contract and may process data outside the EU/UK using Standard Contractual Clauses.
• Caregivers You Authorize: People you invite can access shared baby data while they have access. If access is revoked, their server access ends; we do not control copies stored on their device.
• Legal Authorities: When required by law or to protect safety.

We do not permit cross-context behavioral tracking without required consent. If we introduce advertising partners, we will update this policy and provide the choices required by law.

5. Retention & Security

• Free Tier (local-only): Baby journal data is stored on your device only and is not retained on our servers unless you enable Premium/Trial sync.
• Premium/Trial: Data is retained while your account is active; after cancellation we keep it up to 30 days before deletion or irreversible anonymization, unless we must retain it longer to comply with legal obligations or resolve disputes.
• Cloud Features: If you enable cloud features, we store data in our systems to provide syncing, restore, and related functionality. We may delete or overwrite cloud data when no longer needed.
• Exports: Generated on your device and stored temporarily; we do not store export files on our servers.
• Support Records & Audit Logs: Retained up to 12 months for compliance and security, unless a legal hold requires longer.

We may delete data sooner when it is no longer needed.

We use technical and organizational measures to protect data, such as encryption in transit (TLS/HTTPS) and access controls. No security program is perfect—use device passcodes and contact us if you suspect unauthorized access.

6. Your Rights & Choices

Depending on where you live, you may have privacy rights (such as access, correction, deletion, restriction, portability, objection, or withdrawal of consent). To exercise these rights, email [email protected]; we verify identity and may deny requests where permitted by law. Where available, certain controls may also be managed in the App. If you are not satisfied with how we handle your request or personal information, you may lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or, where applicable, the data protection authority in your country of residence.

7. Updates & Contact

We will post any Privacy Policy updates here and update the "Last Updated" date. Material changes will be communicated through reasonable means, which may include in-app notice or posting on our website, and are effective upon notice. Questions about this notice can be sent to [email protected]. If you disagree with changes, please discontinue use of the Services.

Version: 1.2