← ParentPal

Legal

Privacy Policy

Last updated: 15 June 2026

This policy covers both the ParentPal website (parentpal.uk) and the ParentPal app. This is a working draft — a solicitor will review wording, lawful bases, and sub-processor details before full public launch. Two placeholders remain: our registered address and company number, which will be inserted once Companies House registration is confirmed.

1. Who we are

ParentPal is operated by ParentPal Technologies Ltd ("[REGISTERED ADDRESS]", company no. [NUMBER]). We are the data controller for the personal data described in this policy. Questions about your data: hello@parentpal.uk.

2. The data we process

You give us: your account (email address and an authentication identifier via Apple Sign In or email magic link — we do not store your password); your child's information that you choose to log (name, date of birth or due date, feeds, naps, nappies, night wakings, milestones, routines, activities, notes, and for expectant parents, pregnancy details); your household and Village (the co-parents or caregivers you invite and the shared care data you all contribute); conversations with our AI assistant Nina and Atlas (your messages and the context needed to answer them); and any support or feedback you send us. We also collect automatically: device and technical data (device type, OS version, app version, push-notification token if you enable notifications, and basic diagnostic information); and subscription status (active or expired — we never receive your card or payment details, Apple handles payment). We do not collect more than we need to run the service, and we do not sell your personal data. Ever.

3. How we use it, and our lawful bases (UK GDPR)

PurposeLawful basis
Provide the core app — log, sync, and show your day and predictionsPerformance of a contract
Sync data across your devices and household membersPerformance of a contract
The AI assistant — answer your questionsPerformance of a contract
Send push notifications you have enabledConsent (you can disable any time)
Improve and secure the service; prevent abuseLegitimate interests
Process subscriptionsPerformance of a contract
Respond to support and legal requestsLegitimate interests / legal obligation

Where we use aggregated, de-identified patterns to improve predictions for everyone, that data cannot identify you or your child.

4. Your child’s data

The information you log is about your child but provided by you as their parent or guardian. We treat it as sensitive and apply the same protections throughout. You are responsible for the data you enter and for who you invite into your household. You can export or delete this data at any time (see §7).

5. The AI assistant

When you use Nina or Atlas, your message and the context needed to answer it are sent to our AI provider, Anthropic (Claude), to generate a response. We instruct our provider not to use your data to train their models, and your conversations are not used to train any third-party model. The assistant offers general parenting support — it is not medical, diagnostic, or emergency advice (see the Terms of Use).

6. Subscriptions

Paid plans (ParentPal Together) and optional supporter purchases are processed by Apple via the App Store, with subscription status managed through RevenueCat. We receive your subscription status (active or expired) and an anonymous purchaser identifier — never your payment-card details. Manage or cancel any subscription in your Apple ID settings.

8. Your rights

You can at any time: access, export, correct, or delete your data; object to or restrict processing; and withdraw consent. ParentPal provides in-app data export and account deletion; you can also email hello@parentpal.uk. We will respond within one month as required by UK GDPR. You may also complain to the Information Commissioner's Office at ico.org.uk.

7. Who we share it with

We share data only with the service providers needed to run ParentPal, under contract and only for these purposes. We also share data with the household members you invite — that is the whole point of shared care; only invite people you trust. We may disclose data if required by law or to protect safety. We do not sell or rent your data, and we do not share it for third-party advertising.

ProviderPurposeData
SupabaseDatabase, authentication, file storage, backend functionsAccount and logged data
AppleSign In, push notifications (APNs), paymentsAuth, device token, subscription status
RevenueCatSubscription managementSubscription status, anonymous purchaser ID
AnthropicAI assistant responses (Nina / Atlas)Your AI messages and context
VercelWebsite hosting and aggregate analyticsPage views, device type, country (no cookies, no cross-site tracking)
ResendTransactional email deliveryEmail address

9. Retention

We keep your data while your account is active. When you delete your account, we delete or de-identify your personal data within 30 days, except where we must retain limited records for legal, security, or accounting reasons.

10. Security and location

Data is encrypted in transit and at rest, with access restricted to authorised systems. Our backend is hosted by Supabase in the European Union. Where data is processed outside the UK or EEA, we rely on appropriate safeguards including Standard Contractual Clauses.

11. Children using the app

ParentPal is intended for adults (18+). It is not designed for or directed at children as users, and we do not knowingly create accounts for under-18s. The data you log about your child is provided by you as their parent or guardian.

12. Changes

We will update this policy as the app evolves and post the new date above. Significant changes will be notified in-app or by email.

14. Regional privacy rights

ParentPal is available worldwide. The rights described in §8 apply to all users. In addition, if you are in one of the following regions you have the specific rights listed below. To exercise any right, email hello@parentpal.uk.

United States — COPPA

ParentPal is directed exclusively at adults (18+) and is not a service directed at children. All data about a child is entered by their parent or guardian using an adult account — we do not collect personal information from children themselves. This means the Children’s Online Privacy Protection Act (COPPA) does not apply to ParentPal in the way it applies to child-directed services. We do not knowingly allow anyone under 18 to create an account. If you believe a child has created an account, contact us immediately at hello@parentpal.uk and we will delete it. As a parent or guardian using ParentPal, you control all data about your child and can request its deletion at any time.

California and US State Privacy Laws — CCPA / US CPLs

California residents (and residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws) have the right to: know what personal data we collect and how we use it; access a copy of your data; correct inaccurate data; delete your data; and opt out of any sale or sharing of personal data. We do not sell personal data. We do not share it for cross-context behavioural advertising. These rights apply regardless of whether the statutory thresholds of the CCPA formally apply to us — we honour them as a matter of policy. To exercise any right, email hello@parentpal.uk. We will not discriminate against you for exercising privacy rights.

European Union — EU GDPR

If you are in the EU, EU GDPR applies to our processing of your personal data in addition to UK GDPR. Your rights under EU GDPR mirror those in §8. You may complain to the data protection supervisory authority in your EU member state. Where we transfer your data outside the EEA we rely on Standard Contractual Clauses approved by the European Commission. We are a UK-established controller; an EU representative will be appointed as required once our EU user base grows to a level that formally triggers that obligation.

Australia — Privacy Act 1988 / Australian Privacy Principles

ParentPal handles health-related information (baby feeding, sleep, and developmental data) which is treated as sensitive under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Australian residents have the right to access the personal information we hold about them, correct it, and know how it is used and disclosed. We handle Australian residents’ data in accordance with the APPs. If you believe we have mishandled your personal information, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au) after first raising the matter with us at hello@parentpal.uk.

Canada — PIPEDA

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) governs how we handle personal information of Canadian residents for commercial purposes. Under PIPEDA you have the right to access the personal information we hold about you and to challenge its accuracy. You may withdraw consent to our processing at any time (subject to legal and contractual obligations). If you have a privacy concern, email hello@parentpal.uk. If we cannot resolve your concern, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca).

15. Contact

ParentPal Technologies Ltd · hello@parentpal.uk · parentpal.uk/contact