Privacy Policy

Last Updated: April 13, 2026

1. Introduction

Welcome to Kiddico, a product of New Life Family Health Services. We are committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we handle information in our iOS application designed to help parents track their children's health.

Our Core Privacy Principle: Kiddico is device-first. Your health tracking data lives on your iPhone by default and never leaves it unless you choose to enable optional sync features. When you enable iCloud sync (Premium) or Family Sharing, data is transmitted to privacy-respecting infrastructure operated by us or our trusted processors — but only because you explicitly asked for it, and only to make those features work for you.

2. Information We Collect

We collect only what you give us. Depending on which features you use, that falls into four categories:

A. Data You Enter (stored on your device)

  • Child Profiles: Names, dates of birth, photos, and other identifying information you choose to add
  • Health Tracking Data: Illnesses, symptoms, medications, temperature readings, growth measurements, meals, fluid intake, sleep patterns, appointments, insurance card details, healthcare provider information, and notes
  • User Preferences: App settings and notification preferences, stored locally on your device

B. Account and Authentication Data (when you sign in)

If you create a Kiddico account (required for Family Sharing), we collect and store on our servers:

  • Email address (if you use magic link sign-in) or Apple user ID (pseudonymous, if you use Sign in with Apple) — used solely for authentication
  • Supabase user UUID — an internal identifier assigned to your account, not linked to personal identity
  • Display name and family role (owner or member) — so family members you invite can identify your account

C. Family Sync Data (only when Family Sharing is enabled)

When you enable Family Sharing and invite other family members, a copy of your health tracking data is synced to our servers so the people you invite can view it. This includes children's profiles, illnesses, log entries, appointments, growth records, insurance information, documents, and healthcare providers. This sync is entirely within your control — you can revoke access or delete your account at any time.

D. Service and Operational Data

  • Subscription status: Whether you are a Premium subscriber — managed by RevenueCat, which receives an anonymized user ID (not your email or health data)
  • Audit log entries: When family management actions occur (e.g., inviting a member, removing a member), we write a hashed, PII-free log record for security and support purposes. No plaintext names or emails are stored in these logs.

3. Device-First Data Storage

Your health data lives on your iPhone by default. Kiddico stores health tracking information locally using:

  • Core Data: Apple's native framework for secure local database storage
  • Keychain Services: For authentication tokens and sensitive credentials, with additional encryption layers
  • iOS Data Protection: Your data benefits from Apple's hardware-level encryption when your device is locked
  • Insurance Member ID Encryption: Insurance member IDs are encrypted with AES-GCM on your device before being stored locally or synced to our servers. Individual health fields (child names, illness notes, medication logs, appointment diagnoses) are not field-encrypted on our servers — they are protected by TLS in transit, infrastructure-level disk encryption at rest, and row-level security scoped to your family only.

When you enable family sharing or cross-device sync, your health data is transmitted to our Supabase backend hosted in the United States, where it is stored under row-level security policies scoped to your family. We do not share your data with third-party analytics, advertisers, or data brokers. See Section 4 for the sync features you control.

4. Optional Sync Features

A. iCloud Sync (Premium Feature)

Premium subscribers can optionally enable iCloud sync to back up their health data and access it across multiple devices signed into the same Apple ID.

  • User Control: Disabled by default. Must be manually enabled in app settings.
  • Apple's Infrastructure: When enabled, data is synced using Apple's CloudKit framework to your private iCloud account — not to our servers.
  • Encryption: Data synced to iCloud is encrypted using Apple's standard CloudKit encryption. It is not accessible to New Life Family Health Services.
  • Apple's Privacy Policy: iCloud data is subject to Apple's Privacy Policy.

You can disable iCloud sync at any time through app settings. Disabling sync stops future syncing but does not delete data already stored in iCloud. Manage iCloud data deletion through your device's iCloud settings.

B. Family Sharing (Premium Feature)

Family Sharing lets you invite another trusted adult — a co-parent, caregiver, or guardian — to view your children's health records in the Kiddico app. This requires syncing your health data to our servers (Supabase, SOC2 Type II certified) so the invited person's device can access it.

  • Your explicit choice: Family Sharing is disabled by default. You generate an invite code and share it directly with the person you trust.
  • What gets synced: Children's profiles, illnesses, log entries, appointments, growth records, insurance information, documents, and healthcare providers.
  • Data protection: All data is encrypted in transit via TLS. Data at rest is encrypted by Supabase's managed Postgres infrastructure. Row Level Security (RLS) policies ensure each family can only access their own data — no cross-family data access is possible at the database layer.
  • Revoking access: You can remove a family member at any time through Settings. Their access is revoked immediately. Deleting your account removes all synced data from our servers within 14 days.

5. Information We Do NOT Collect

Unlike many mobile applications, Kiddico does not collect:

  • Personally Identifiable Analytics: We do not collect identifiable usage data. Kiddico optionally uses TelemetryDeck for anonymous, privacy-first analytics (no personal data, no device identifiers, no health data). This can be disabled in Settings.
  • Device Identifiers: We do not collect IDFA, IDFV, device type, OS version, or hardware specifications.
  • Location Data: We do not access, collect, or track your location.
  • Contacts or Calendar: We do not access your contacts, calendar, or other personal information stored on your device.
  • Advertising IDs: We do not integrate advertising SDKs or track users for advertising purposes.
  • Third-Party Tracking: We do not use social media SDKs, advertising networks, or tracking pixels.
  • Health Data from Servers (by default): Health content is never collected or transmitted to our servers unless you explicitly enable Family Sharing.

6. Third-Party Data Processors

We work with a small number of carefully chosen processors. None of them receive your health content unless you have enabled Family Sharing:

  • Supabase (database, authentication, Edge Functions): Stores account data and, when Family Sharing is enabled, health tracking data. SOC2 Type II certified. Data hosted in US East and US West regions. Subject to Supabase's Privacy Policy.
  • Apple (iCloud / CloudKit) — optional: Stores a device-sync copy of your data when iCloud sync is enabled. Not accessible to us. Governed by Apple's Privacy Policy.
  • Apple (Sign in with Apple): Handles authentication when you choose Apple sign-in. We receive only a pseudonymous user ID.
  • RevenueCat: Manages Premium subscription entitlements. Receives an anonymized user ID and subscription status. Does not receive health data, your name, or your email address. Subject to RevenueCat's Privacy Policy.
  • TelemetryDeck (optional): Anonymous, privacy-first usage analytics. No personal data, no device identifiers, no health data ever transmitted. You can disable this at any time in Settings. Governed by TelemetryDeck's Privacy Policy.

We do not integrate advertising networks, data brokers, social media SDKs, or customer support chat systems of any kind.

7. Children's Privacy (COPPA Compliance)

Kiddico is designed for use by parents and guardians (ages 18 and older) to track health information for their children. The app complies with the Children's Online Privacy Protection Act (COPPA):

  • Adults Only: The app is for adults. Children do not create accounts, log in, or interact with Kiddico directly. Parents and guardians are responsible for all data entered.
  • No Direct Collection from Children: Kiddico does not directly collect personal information from children under 13. All information about children is entered by their parent or guardian.
  • No Targeted Advertising to Children: We do not use any advertising SDKs or show targeted ads. We do not profile children for any commercial purpose.
  • Data Location: Children's health information is stored on the parent's device by default. It is transmitted to our servers only when the parent explicitly enables Family Sharing.
  • Parental Rights: Parents have full control — export, modify, or delete all health data at any time through the app.

8. Data Security

We implement layered security measures to protect your data:

  • Device Encryption: All data stored by Kiddico benefits from iOS device-level encryption (Data Protection) when your device is locked.
  • Insurance Member ID Encryption: Insurance member IDs are encrypted with AES-GCM on your device before being stored locally or synced. This is the only field-level encryption we apply; other health fields rely on TLS in transit and infrastructure-level encryption at rest.
  • Encryption Posture Statement: Kiddico's data is protected in transit with TLS, at rest through infrastructure-level encryption, and access is restricted through row-level security. Individual health fields are not field-encrypted on our servers. Server-side envelope encryption of individual health fields is on our roadmap for a future release.
  • Keychain Storage: Authentication tokens and credentials are stored in the iOS Keychain.
  • TLS in Transit: All communication between the app and our servers is encrypted using TLS.
  • Row Level Security (RLS): Our Supabase database enforces RLS policies on every table. A user can only read and write data belonging to their own family. Cross-family data access is not possible at the database layer.
  • Biometric Lock: You can enable Face ID or Touch ID to require authentication before accessing the app.
  • Jailbreak Detection: The app warns you if it detects the device may be jailbroken, since a jailbroken device may have weakened OS-level security protections.

While we implement robust security measures, no system is completely secure. You are responsible for protecting your device with a passcode and keeping your iOS software updated.

9. Your Rights and Data Control

You have meaningful control over your data in Kiddico:

  • Access: View all data at any time through the app. For data stored on our servers (account and family sync data), contact us at contact@kiddico.app.
  • Portability / Export: Export all health data as JSON or PDF at any time via Settings.
  • Correction: Edit or update any health entry directly in the app.
  • Deletion: Delete individual entries, child profiles, or your entire account through Settings. Account deletion initiates a 14-day grace period, after which all data — on device and on our servers — is permanently and irreversibly deleted.
  • Opt Out: You can disable Family Sharing, iCloud sync, and anonymous analytics at any time in Settings without losing access to core app features.
  • Revoke Family Access: Remove any family member from your account in Settings. Their access is revoked immediately.

10. Data Retention

Device data: Retained on your device until you delete it. We do not automatically expire data, so you can maintain a complete health history for your children.

Account and server data: Retained as long as your account is active. When you delete your account through the app, all server-side data (account, family sync data, audit logs) is permanently deleted within 14 days of the request.

iCloud data: If iCloud sync is enabled, data is retained in your iCloud account according to Apple's iCloud storage policies. You manage iCloud deletion through your device's iCloud settings.

11. International Users and Data Transfers

Your health data stays on your device by default, with no international transfer.

When Family Sharing is enabled, account and health sync data is stored on Supabase servers located in the United States (US East and US West regions). If you are located outside the United States, your data is transferred to and processed in the US. We rely on standard contractual clauses and Supabase's SOC2 Type II certification as the legal basis for these transfers where required by applicable law.

If iCloud sync is enabled, data may be stored on Apple's servers in various countries according to Apple's infrastructure.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through:

  • An in-app notification when you next open the app
  • An updated "Last Updated" date at the top of this policy
  • A notice on our website at https://kiddico.app/privacy

Continued use of Kiddico after changes to this Privacy Policy constitutes acceptance of the updated terms. If you do not agree to material changes, you should stop using the app and delete your account.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request a summary of the personal information we hold about you, the categories of sources, and how it was used. Most data is on your device; server-side data is limited to account and family sync data as described in Section 2.
  • Right to Delete: Delete all data through Settings or by contacting us. Account deletion triggers permanent deletion of all server-side data within 14 days.
  • Right to Opt-Out of Sale: We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.
  • Non-Discrimination: We do not discriminate against users who exercise their CCPA rights.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

  • Legitimate interest: Core health tracking functionality — processing data you enter to power the app features you use.
  • Consent: Optional features — iCloud sync, Family Sharing, and anonymous analytics — are processed only when you explicitly enable them. You may withdraw consent at any time through Settings.
  • Contract performance: Account and subscription management — processing necessary to deliver the Premium service you have purchased.

Your GDPR Rights

  • Right to Access: Request a copy of personal data we hold about you by contacting contact@kiddico.app.
  • Right to Rectification: Edit any data through the app interface, or contact us for server-side corrections.
  • Right to Erasure: Delete your account through Settings. All server-side data is permanently deleted within 14 days.
  • Right to Data Portability: Export your data as JSON or PDF via Settings.
  • Right to Object: Object to processing based on legitimate interest by contacting us. You can also opt out of consent-based features at any time through Settings.
  • Right to Restrict Processing: Contact us to request restriction of processing while we address a dispute or complaint.

Data Controller

The data controller is New Life Family Health Services, contactable at contact@kiddico.app. We will respond to GDPR rights requests within 30 days.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how Kiddico handles your data, please contact us:

New Life Family Health Services

Email: contact@kiddico.app

Website: https://kiddico.app

We will respond to privacy-related inquiries within 30 days.

Back to Home · Terms of Service · Request Data Erasure