Privacy Policy

Last Updated: December 24, 2024

1. Introduction

Lily ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our newborn tracking mobile application.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password
  • Baby Profile Information: Baby's name, date of birth, pediatrician information (optional)
  • Health Tracking Data: Feeding records (times, amounts, types), sleep records (duration, location), diaper changes, doctor appointments, vaccinations, measurements, and medical notes
  • User-Generated Content: Notes, photos, and other information you choose to add

2.2 Automatically Collected Information

  • Device Information: Device type, operating system version, unique device identifiers
  • Usage Data: App features used, time spent in app, interaction patterns
  • Analytics Data: Screen views, feature usage (e.g., "user created feeding event"), app session information, button taps (anonymized, no personal content)
  • Error and Performance Data: Crash logs, error reports, performance metrics, app startup times (for improving app stability and user experience)

2.3 Information We Do NOT Collect

  • We do not track your location
  • We do not access your contacts or photos without your permission
  • We do not sell your personal information to third parties

3. How We Use Your Information

We use the collected information for the following purposes:

  • Core App Functionality: To provide tracking, reminders, charts, and multi-user features
  • Synchronization: To sync your data across your devices and with shared caretakers
  • Notifications: To send feeding reminders and appointment notifications (if enabled)
  • Account Management: To create and manage your account, authenticate users
  • Customer Support: To respond to your questions and troubleshoot issues
  • App Improvement: To analyze usage patterns and improve features (anonymized data only). We track which features are used and how often (e.g., "Analytics tab viewed 5 times") but never track the content you enter (baby names, notes, measurements, etc.)
  • Performance Monitoring: To measure app performance (startup time, screen loading speed) and identify slowdowns
  • Crash Reporting: To detect and fix app crashes and technical errors automatically
  • Security: To detect and prevent fraud, abuse, and security issues

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely using Google Firebase (a Google Cloud Platform service) with servers located in the United States. Firebase provides industry-standard security and encryption.

4.2 Security Measures

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Encryption at Rest: Your data is encrypted when stored on our servers
  • Authentication: Secure password hashing and token-based authentication
  • Access Controls: Only users you explicitly share with can access your baby profiles
  • Firestore Security Rules: Database-level rules prevent unauthorized access to other users' data

4.3 Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

5. Third-Party Services

We use the following third-party services to provide and improve our app:

5.1 Firebase (Google Cloud)

  • Purpose: Authentication, database, cloud storage, analytics, crash reporting, performance monitoring
  • Data Shared:
    • User Data: Account information, baby profiles, tracking data (encrypted and secured)
    • Analytics: App usage events (e.g., "user viewed Settings screen"), device type, app version, session duration (no personal content)
    • Crashlytics: Crash logs, error messages, device state at time of crash (for debugging)
    • Performance: App startup time, screen load times, network request performance
  • Privacy Policy: Firebase Privacy Policy
  • Data Protection: Firebase complies with GDPR, CCPA, and other privacy regulations

5.2 Apple Services

  • Apple Push Notifications: For feeding reminders and appointment alerts
  • Apple Calendar Integration: For syncing doctor appointments (optional, requires your permission)
  • StoreKit: For processing in-app purchases and subscriptions

5.3 Optional AI Features

If you choose to enable AI chat features, your questions may be sent to:

  • Claude AI (Anthropic) or ChatGPT (OpenAI)
  • Only your specific questions are sent - your baby's health data is NOT sent to AI services
  • You must provide your own API key for these services

6. Sharing Your Information

6.1 Multi-User Sharing (Your Control)

When you invite caretakers (partner, grandparents, babysitters) to access a baby profile, those users will be able to view and add data for that baby. You control who has access and can revoke access at any time.

6.2 We Do NOT Share Your Data With:

  • Advertisers or marketing companies
  • Data brokers or analytics companies
  • Social media platforms
  • Any third party for their own marketing purposes

6.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect the rights, property, or safety of Lily, our users, or the public.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

  • You can access all your data within the app at any time
  • You can request a copy of your data by contacting support@lilyapp.com

7.2 Correction and Deletion

  • You can edit or delete any tracking records within the app
  • You can edit baby profiles and account information in Settings
  • You can delete your account (Settings → Account → Delete Account)

7.3 Control Over Features

  • Disable push notifications in Settings → Reminders
  • Disable calendar integration in Settings → Calendar
  • Disable AI chat features in Settings → AI Chat

7.4 Do Not Sell My Personal Information

We do not sell your personal information. We never have and never will.

8. Children's Privacy

Lily is designed for use by parents and caretakers (ages 13+) to track information about their newborns and infants. We do not knowingly collect personal information directly from children under 13. The app stores information about babies (entered by parents), but does not target or collect data directly from children.

9. International Users

If you are located outside the United States, please be aware that your information will be transferred to and stored in the United States. By using Lily, you consent to this transfer and storage. We comply with applicable data protection laws, including GDPR for European users.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via in-app notification or email for significant changes
  • Request your consent if required by law

11. Opting Out of Analytics

While our analytics are anonymized and do not contain personal information, we respect your choice:

  • Analytics are used solely to improve the app experience and fix bugs
  • Currently, analytics cannot be disabled as they are essential for app stability monitoring
  • You can always delete your account to stop all data collection
  • We may add an opt-out setting in future updates

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

12. What Analytics We Collect (Details)

12.1 What We Track

  • Screen Views: Which screens you visit (e.g., "Tracking", "Analytics", "Settings")
  • Feature Usage: Which features you use (e.g., "created feeding event", "viewed chart")
  • App Events: Sign in, sign out, subscription purchases
  • Performance: App startup time, how long screens take to load
  • Crashes: When the app crashes or encounters errors

12.2 What We DON'T Track

  • ❌ Baby names, birthdates, or any identifying information
  • ❌ Content of your notes, measurements, or medical information
  • ❌ Specific times or amounts (we know you "created a feeding event", but not when or how much)
  • ❌ Your location or movement patterns
  • ❌ Contacts, photos, or other device data

12.3 Why This is Safe

Our analytics track patterns (e.g., "users tap Analytics 5 times per day on average"), not your specific data. This helps us know which features are popular and which need improvement, without seeing any of your baby's personal information.

Example: We can see that "500 users created a feeding event today" but we cannot see that "John's baby ate 4oz at 3pm."

13. Summary (Plain English)

What we collect: Your email, baby's name/birthdate, feeding/sleep/diaper records you track, + anonymous usage analytics (which screens you visit, which buttons you tap)

Why we collect it: To provide tracking, reminders, charts, sync across devices, and improve the app based on how people use it

Where we store it: Securely on Firebase (Google Cloud) servers with encryption

Who we share with: Only caretakers you explicitly invite. We don't sell your data.

Your control: You can view, edit, export, or delete your data anytime