Privacy Policy

Pippin ("we," "us," or "our") knows that you care about how your information is collected, used, shared and retained. This Privacy Policy applies to information collected when you use our mobile application ("App") or access or use services that we make available from time to time through our platform ("Platform"), through our website or through our App (our Platform, website and App are sometimes collectively referred to herein as "Services").

By using our Services, you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service. If you do not agree with this Policy or our Terms of Service, please do not use our Services or provide any Personal Information to us.

We reserve the right to change the provisions of our Privacy Policy at any time. We will alert you to these changes by indicating the date that the Privacy Policy was last updated. We encourage you to review our Privacy Policy from time to time to make sure that you understand how any Personal Information you provide will be used.

This Privacy Policy is intended to meet requirements globally, including those in Brazil (LGPD), the European Union (GDPR), the United States (including CCPA), and other jurisdictions.

1. Controller Information

The data controller responsible for your personal information is:

Pippin
Individual Developer
Location: Brazil
Contact Email: [email protected]

Note: As this is an early-stage application developed by an individual, formal Data Protection Officer (DPO) designation under LGPD Art. 41 is not yet required. All privacy inquiries should be directed to the contact email above.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name or nickname - to personalize your experience
• Email address - for account authentication and communication
• Authentication credentials - password (encrypted) or third-party authentication tokens (Apple, Google)
• Account creation date and last login timestamps

Legal basis (LGPD Art. 7, I; GDPR Art. 6(1)(a)): Consent provided upon account creation. You may withdraw consent at any time by deleting your account.

2.2 Baby Profile Information (Sensitive Data)

IMPORTANT: Information about children is considered sensitive personal data under LGPD Art. 11 and GDPR Art. 9 and requires specific parental consent.

You may optionally provide the following information about your baby:

• Baby's name or nickname
• Date of birth or age
• Gender/sex (if provided)
• Weight and height measurements (if provided)
• Food introduction records - including dates, food names, acceptance status, preparation methods
• Health observations - notes about reactions, allergies, or feeding observations
• Photos - uploaded images of meals or feeding moments

Legal basis (LGPD Art. 11, II, (a); GDPR Art. 9(2)(a)): Specific, highlighted consent from the parent/legal guardian for processing of children's data. By adding baby profile information, you confirm you are the parent or legal guardian and consent to this processing for the purposes of tracking feeding progress.

2.3 Usage and Analytics Data

We use analytics services (such as PostHog) to understand app usage patterns:

• Device information - device type, operating system version, device identifiers
• App interactions - screens viewed, buttons clicked, features used
• Session data - timestamps, session duration, app version
• Performance data - crash reports, error logs, loading times
• Anonymized location data - country/region (if enabled for localization)

Legal basis (LGPD Art. 7, IX; GDPR Art. 6(1)(f)): Legitimate interest in improving app functionality, performance, and user experience. Analytics data is processed in anonymized/pseudonymized form whenever possible.

2.4 Payment and Subscription Data

We use RevenueCat as our payment processor for in-app purchases and subscriptions. We DO NOT directly process or store credit card information or payment details.

RevenueCat may collect:

• Apple ID or Google Play account identifiers
• Purchase transaction IDs
• Subscription status and renewal dates
• Product IDs and pricing information

All payment information is handled exclusively by Apple App Store or Google Play Store in accordance with their respective privacy policies. RevenueCat processes subscription data as described in their Privacy Policy.

Legal basis (LGPD Art. 7, V; GDPR Art. 6(1)(b)): Processing necessary for contract execution (providing premium features you've purchased).

2.5 Communications Data

If you contact us for support or provide feedback:

• Your email address and name
• Content of your messages
• Any attachments or screenshots you provide

Legal basis (LGPD Art. 7, V; GDPR Art. 6(1)(b)): Processing necessary to fulfill our contractual obligation to provide support.

3. How We Use Your Information

We process your personal data only for the following purposes:

To Provide and Maintain the Service:

• Create and manage your account
• Store and sync your baby's feeding data across devices
• Enable caregiver collaboration features
• Generate feeding reports and statistics

To Improve and Personalize Your Experience:

• Provide age-appropriate food suggestions
• Customize content based on your baby's progress
• Send reminders for food re-exposure (if enabled)

To Analyze and Improve the Application:

• Understand usage patterns and feature adoption
• Identify and fix bugs and performance issues
• Develop new features based on user needs

To Communicate with You:

• Send important service updates and security notices
• Respond to your support requests
• Notify you about changes to this Privacy Policy or Terms of Service
• Send optional promotional content (only with explicit consent)

Email Opt-Out: To opt out of promotional emails:

• Click the "unsubscribe" link at the bottom of any marketing email
• Adjust your notification preferences in the app's Settings → Notifications
• Contact us at [email protected]

Note: You cannot opt out of transactional emails (purchase confirmations, security alerts, important service updates) as these are necessary to provide the Services.

To Ensure Security and Prevent Fraud:

• Detect and prevent unauthorized access
• Monitor for suspicious activity
• Comply with legal obligations

We will NEVER:

• Sell your personal information to third parties
• Use your baby's data for advertising or marketing to third parties
• Share your baby's photos with anyone without your explicit permission
• Use your data for purposes incompatible with those described in this policy

4. Data Sharing and Disclosure

We may share limited personal data with the following categories of recipients:

4.1 Service Providers (Data Processors)

We engage third-party companies to perform services on our behalf. These service providers process your data only according to our instructions and are contractually obligated to maintain confidentiality:

• Cloud Infrastructure & Storage: Your data is stored on secure cloud servers. We use encrypted storage for all sensitive information including photos and health data.
• Analytics Provider (PostHog): Processes anonymized usage data to help us understand app performance and user behavior.
• Authentication Services (Apple, Google): If you choose third-party sign-in, these providers share basic profile information (name, email) with us per their respective privacy policies.
• Payment Processor (RevenueCat): Manages subscription status and purchase verification. Does not have access to your baby's feeding data or photos.

4.2 Invited Caregivers

When you invite other users (partner, family member, nanny) to collaborate on your baby's profile, they will have access to all information you've entered about that baby, including:

• Baby's name, age, and profile details
• All food introduction records and notes
• Photos you've uploaded
• Any health observations or allergy information

You are responsible for managing who has access to your baby's profile. You can remove caregivers at any time through the app settings.

4.3 Legal Requirements and Safety

We may disclose your information if required to do so by law or if we believe such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or investigate potential violations
• Protect the rights, property, or safety of Pippin, our users, or the public
• Respond to claims that content violates third-party rights
• Detect, prevent, or address fraud, security, or technical issues

4.4 Business Transfers

In the event that Pippin is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you via email and/or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or your baby. For example, we might publish statistics about overall food introduction trends. This does not contain any personally identifiable information.

5. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries other than Brazil, including countries that may not have the same level of data protection laws as Brazil or your country of residence.

When we transfer personal data outside of Brazil or the European Economic Area, we ensure appropriate safeguards are in place as required by LGPD Art. 33 and GDPR Chapter V, such as:

• Using service providers that comply with international data protection standards
• Implementing standard contractual clauses or data processing agreements
• Ensuring the destination country has been recognized as providing adequate data protection

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless:

• A longer retention period is required by law (e.g., tax, accounting, or other legal obligations)
• We need to preserve it for legal claims or dispute resolution
• You have explicitly requested us to keep certain data

6.2 Retention Periods by Data Type

• Account Information: Retained while your account is active and for up to 90 days after deletion request to allow for account recovery if deletion was accidental.
• Baby Profile & Feeding Data: Retained while your account is active. Permanently deleted within 90 days of account deletion request.
• Photos: Deleted immediately upon account deletion or individual photo deletion.
• Analytics Data: Anonymized analytics may be retained indefinitely for product improvement. Data linked to your account is deleted within 90 days of account deletion.
• Backup Copies: Backup systems may retain data for up to 180 days for disaster recovery purposes. After this period, all backup copies are permanently deleted.

6.3 Account Deletion

You may delete your account at any time through the app settings. Upon account deletion:

1. Your account will be immediately deactivated
2. All baby profiles, feeding records, and photos will be queued for deletion
3. Data will be permanently deleted from active systems within 30 days
4. Backup copies will be purged within 180 days
5. Some anonymized analytics data may be retained (without personal identifiers)

Warning: Account deletion is permanent and cannot be undone. Please export any data you wish to keep before deleting your account.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, as required by LGPD Art. 46-49 and GDPR Art. 32.

7.1 Security Measures Include:

Encryption:

• Data in transit: TLS/SSL encryption for all data transmission
• Data at rest: Encrypted storage for sensitive data including photos and health information
• Password storage: Passwords are hashed using industry-standard algorithms (never stored in plain text)

Access Controls:

• Role-based access control limiting who can access your data
• Authentication required for all account access
• Regular access audits and permission reviews

Infrastructure Security:

• Secure cloud infrastructure with regular security updates
• Firewall protection and network segmentation
• Regular security vulnerability assessments
• Automated backups with encryption

7.2 Important Security Limitations

No system is 100% secure. Despite our security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data. Unauthorized access, hardware/software failures, human error, and other factors may compromise data security.

We are not liable for any data breaches, unauthorized access, or loss of data except as required by applicable law.

7.3 Data Breach Notification

In accordance with LGPD Art. 48 and GDPR Art. 33-34, in the event of a security incident that may result in significant risk or harm to your rights and freedoms, we will:

1. Notify the relevant data protection authority within the required timeframe
2. Notify affected users via email and/or in-app notification
3. Provide information about the nature of the breach and steps being taken
4. Offer guidance on measures you can take to protect yourself

7.4 Your Security Responsibilities

You play an important role in keeping your data secure:

• Use a strong, unique password for your account
• Do not share your login credentials with anyone
• Log out of shared devices
• Keep your device's operating system and app updated
• Use device-level security (passcode, biometric authentication)
• Be cautious about who you invite as caregivers (they will have full access to your baby's data)
• Report any suspected unauthorized access immediately to [email protected]

8. Your Rights

Depending on your location, you have certain rights regarding your personal data under applicable data protection laws including LGPD (Brazil), GDPR (European Union), and CCPA (California).

8.1 Rights Under Brazilian LGPD (Art. 18)

• Right to Confirmation and Access: You have the right to know if we process your data and to access your personal data.
• Right to Correction: You can request correction of incomplete, inaccurate, or outdated data.
• Right to Anonymization, Blocking, or Deletion: You can request deletion of unnecessary, excessive, or unlawfully processed data.
• Right to Data Portability: You can request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Information About Data Sharing: You can request information about public and private entities with which we share your data.
• Right to Withdraw Consent: You can withdraw consent for data processing at any time.
• Right to Object: You can object to processing based on legitimate interest.
• Right to Review Automated Decisions: If we make automated decisions that affect you, you can request review by a human.

8.2 Rights Under EU/UK GDPR

If you are in the European Economic Area or United Kingdom, you also have:

• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: Request that we limit how we use your data.
• Right to Object to Processing: Object to processing for direct marketing or based on legitimate interests.

8.3 Rights Under California CCPA

If you are a California resident, you have:

• Right to Know: Request information about what personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: Opt out of the sale of your personal information. Note: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8.4 How to Exercise Your Rights

To exercise any of the above rights, you may:

• Use the in-app tools in "Account Settings" → "Privacy & Data"
• Email us at [email protected]

We will respond to your request within 15 days (LGPD) or 30 days (GDPR/CCPA) as required by applicable law. If we need more time, we will notify you.

We may ask you to verify your identity before processing requests to ensure data security.

8.5 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the relevant data protection authority:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) - www.gov.br/anpd
• EU: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)

9. Children's Privacy (Data About Minors)

Important Clarification: Pippin is designed for use by PARENTS and CAREGIVERS (adults). The application collects information about babies and young children, but it is NOT intended for direct use by minors.

9.1 Parental Consent Required

By creating a baby profile and entering information about your child, you represent and warrant that:

• You are the parent or legal guardian of the child
• You have the legal authority to consent to the collection and processing of the child's data
• You understand and consent to the processing of sensitive data about your child as described in this Privacy Policy

9.2 Enhanced Protection for Children's Data

We recognize that information about children requires special protection under LGPD Art. 14 and GDPR Recital 38. We implement additional safeguards:

• We collect only data necessary for the app's feeding-tracking functionality
• We do not use children's data for marketing or advertising
• We do not share children's data with third parties except as necessary to provide the service (and only with appropriate safeguards)
• Parents can delete all data about their child at any time
• We maintain strict access controls to limit who can view children's data

9.3 No Direct Collection from Children

Pippin does not knowingly collect personal information directly from children under 13 years of age (or the applicable age of digital consent in your jurisdiction). If we become aware that we have inadvertently collected personal information from a child without proper parental consent, we will take steps to delete that information as quickly as possible.

10. Cookies and Tracking Technologies

Pippin is primarily a mobile application and does not use browser cookies. However, we use similar tracking technologies:

10.1 Analytics Trackers

We use analytics services (such as PostHog) that may store identifiers on your device to track app usage over time. These help us understand which features are most used, where users encounter problems, and how to improve the user experience.

You can opt out of analytics tracking in the app's "Privacy Settings" section.

10.2 Authentication Tokens

We store authentication tokens on your device to keep you logged in. These are necessary for the app to function and cannot be disabled.

10.3 Local Storage

The app caches certain data locally on your device to improve performance and enable offline functionality. This data is encrypted and deleted when you log out or uninstall the app.

11. Third-Party Services and Links

Pippin may contain links to third-party websites, services, or content (such as educational articles about baby nutrition). This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.

12.1 Notification of Changes

When we make changes, we will:

• Update the "Updated as of" date at the top of this policy
• Post the new Privacy Policy on our website and in the app
• For material changes: notify you via email or prominent in-app notification at least 30 days before the changes take effect

12.2 Your Options

If you do not agree with the updated Privacy Policy, you may:

• Stop using the app
• Delete your account before the changes take effect
• Contact us to discuss your concerns

Continued use of Pippin after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: Pippin
Location: Brazil
Privacy Contact: [email protected]

We aim to respond to all inquiries within 15 business days. For urgent security concerns, please mark your email as "URGENT - SECURITY" in the subject line.

14. Disclaimer and Limitation of Liability

14.1 No Warranties: We make no representations or warranties about the completeness, accuracy, or adequacy of this Privacy Policy or our data protection practices. We do not warrant that our security measures will prevent all unauthorized access or data breaches.

14.2 Limitation of Liability: To the maximum extent permitted by applicable law, we shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from privacy violations or data breaches. Our total liability for any claims related to privacy or data protection shall not exceed the amount you paid to Pippin in the 12 months preceding the claim.

14.3 Consumer Rights: Nothing in this Privacy Policy limits your statutory rights under applicable consumer protection or data protection laws to the extent such limitations would be unenforceable.

15. Governing Law and Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the Federative Republic of Brazil, including the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018), Brazilian Consumer Protection Code (CDC - Law No. 8.078/1990), and Brazilian Internet Framework (Marco Civil da Internet - Law No. 12.965/2014).

For users in the European Union, this Privacy Policy also complies with the General Data Protection Regulation (GDPR - Regulation 2016/679).

Any disputes arising from this Privacy Policy or our data practices shall be subject to the jurisdiction of the courts as determined by applicable law in your country of residence.