How we collect, use, and protect your information
Welcome to Babella ("Babella," "we," "our," or "us"), a baby- and parent-tracking application developed and operated by Lizaveta UN, an independent developer based in the Republic of Türkiye. This Privacy Policy explains what information we collect when you use the Babella mobile app or visit babella.org, how we use that information, who we share it with, how long we keep it, and what choices and rights you have.
By creating an account or otherwise using Babella, you agree to the practices described in this policy. If you do not agree, please do not use the app. Words like "you" and "your" refer to the parent or caregiver who is signed in to Babella. Words like "your baby" or "your child" refer to the child whose tracking data you record in the app.
1.1 Account information. When you create a Babella account we collect:
1.2 Baby tracking data you enter. Babella stores the data you choose to record about your child:
1.3 Mom/parent tracking data (optional). If you use the Mom Care section, we store mom-specific entries: water intake, mood, exercise, sleep, vitamin intake, and freeform notes.
1.4 Device & usage signals.
1.5 Optional location. If you open the Dress recommendation screen, Babella requests one-shot access to your device's approximate location to fetch local weather from OpenWeather. The coordinates are sent to OpenWeather and discarded after the request — we do not store them on our servers, nor do we log them.
1.6 Local data on your device. Babella stores a small amount of preference data in your device's local storage: theme choice, palette, preferred language, units, an acknowledgement timestamp for the medical-disclaimer consent gate, and an acknowledgement timestamp for the data-and-privacy consent banner. None of this leaves your device unless you explicitly back it up via the app's data export.
We use the information you provide solely to operate and improve the app. Specifically:
We do not use your data to serve advertising, build a marketing profile, sell to data brokers, or share with third-party advertisers.
The first time you open Babella, before any tracking data can be entered, you see a non-skippable Medical Disclaimer screen that explains the app is educational and not a substitute for medical advice. Tapping "I understand" stores a timestamp locally on your device confirming the acknowledgement.
The first time you sign in, a Data & Privacy banner appears at the bottom of the screen reminding you that tracking data is stored on Firebase and that AI features send recent entries to Anthropic. Tapping "Got it" stores a separate timestamp locally. These acknowledgements never leave your device.
Babella's AI features — Ask, Focus today, Weekly, and Overall — produce text answers by combining a summary of your tracked data with a generative language model.
Provider. The model is Claude Haiku 4.5, operated by Anthropic, PBC. Calls are made from our Firebase Cloud Function (server side), not directly from your device.
What is sent. Your typed question plus a numeric, structured summary of recent entries (ages in months, weights in kg, recent feeding/sleep aggregates, etc.). We strip personal identifiers — your name, email, baby photos — before the request leaves our server. Anthropic receives the summary and your question, and returns a text reply.
What is not sent. Photos, audio, diary text, contact details, location data, and any field you have not actively logged.
How Anthropic handles it. Per Anthropic's policy, API inputs and outputs are not used to train their models. Anthropic retains request data only as needed for abuse-monitoring and operational debugging. See anthropic.com/privacy.
Server-side guardrails. The system prompt we send to Claude explicitly tells the model: never diagnose, never prescribe medication or dosage, never recommend stopping or starting a treatment, and for any symptom the parent mentions, instruct them to call their pediatrician.
Quotas. AI features are rate-limited per user per day (per-feature quotas) to prevent abuse and to keep operating costs predictable.
Babella can send remote push notifications (via Firebase Cloud Messaging) and local notifications (scheduled on your device) only if you opt in from Profile → Notifications. Until you opt in, no notification token is created and we cannot reach your device.
When you opt in, we store a token for each device you opt in from at users/{your-uid}/fcmTokens/{token}. Each token document includes the platform (iOS or Android), the date it was issued, and the token string itself. Tokens are used only for notifications you have configured.
You can revoke notifications at any time from your device's Settings app (iOS or Android). Revoking removes the OS-level permission; the stored token is automatically pruned on next failed delivery.
Babella's backend runs on Google Firebase:
analyzeBaby proxies AI requests to Anthropic. The Anthropic API key is stored in Google Secret Manager and is never sent to your device.Encryption. All traffic between your device and our servers uses HTTPS (TLS 1.2 or higher). Data at rest is encrypted by Google Cloud at the storage layer.
Access controls. Firestore security rules enforce that only your authenticated user ID can read or write your data — no other user, and no anonymous request, can read your records. Storage rules apply the same per-user gate to photos and audio. Administrative access (the hidden /sm support panel) is limited to a small UID allow-list and additionally gated by a server-validated passphrase.
Server regions. Firebase is configured to run in the United States (us-central1) and the European Union. Data may be transferred between these regions for redundancy and to deliver the app to users worldwide. Where you are located in the EU/EEA/UK, our transfer relies on Google Cloud's Standard Contractual Clauses as the legal basis for the transfer.
Babella relies on the following third-party services. Each receives only the data needed for its specific function:
We keep your data for as long as your account remains active. You can manage your data three ways:
If you need a manual data deletion sweep, or have a question about retention, email info@babella.org and we will confirm receipt within 48 hours and complete the request within 30 days.
We may retain anonymised, aggregated statistics (e.g., total active users per month) after individual account deletion. These statistics contain no information that can identify you.
9.1 EU / EEA / UK residents (GDPR). Under the General Data Protection Regulation (and the UK GDPR for UK residents) you have the right to:
You can exercise most of these rights directly from the app (Profile → Download my data and Profile → Delete account). For any other request, email info@babella.org.
9.2 California residents (CCPA / CPRA). If you are a California resident you have the right to:
To exercise these rights, use the in-app options or email info@babella.org with the subject "California privacy request."
Babella is intended for use by adult parents and caregivers (18+). The app stores information about a child but is not directed at children. We do not knowingly collect personal information directly from children under 13.
The data stored in Babella about your baby — name, date of birth, growth measurements, feeding patterns, etc. — is entered by you, the parent or guardian, and used only to power the tracking features. We do not use it for advertising, profiling, or any purpose outside the app's stated functionality.
If you believe a child has provided personal information to us directly, please contact info@babella.org and we will delete it promptly.
Babella is operated from the Republic of Türkiye. Your data is processed and stored on Google Firebase infrastructure located in the United States (us-central1) and the European Union. When data is transferred from the EU/EEA/UK to the United States, Google Cloud relies on Standard Contractual Clauses (Module 2 — Controller to Processor) as the legal basis for the transfer, per the European Commission's 2021/914 decision.
If you are located in a country whose data protection regulator requires us to take additional measures, contact info@babella.org and we will document the safeguards.
Babella does not currently send marketing emails. The only emails you may receive from us are:
If we ever add a marketing newsletter, it will be strictly opt-in.
The Babella mobile app does not use third-party advertising cookies, tracking pixels, or fingerprinting libraries.
The babella.org marketing website uses only essential cookies for language preference (the babella_lang key in localStorage) and standard server logs. We do not load Google Analytics, Facebook Pixel, or any third-party analytics tag on babella.org.
If we become aware of a data breach that affects your personal information, we will notify affected users by email and, where required, the relevant supervisory authority within 72 hours of discovery, per GDPR Article 33 and applicable state notification laws.
We may update this Privacy Policy from time to time as Babella evolves. The "Last updated" date at the top reflects the most recent revision. For material changes — changes that meaningfully expand the categories of data we collect, the third parties we share with, or our retention period — we will notify you by email (to the address on file) and via an in-app banner the next time you open the app.
Continued use of the app after the effective date of a change constitutes acceptance of the revised policy.
This Privacy Policy is governed by the laws of the Republic of Türkiye, without regard to its conflict of law principles. Notwithstanding the above, where mandatory consumer-protection law in your country of residence grants you greater protections, those provisions prevail.
If you have questions about this Privacy Policy, want to exercise a data right, or report a concern: