🔒 Your Privacy Matters
AvaLog is committed to protecting your privacy. We only collect the minimum data necessary to provide you with a great baby tracking experience, and we never sell your data to third parties.
1.1 Account Information
When you create an account with AvaLog, we collect:
- Email address: Used for authentication, account recovery, and important service notifications
- Password: Securely hashed and stored by Firebase Authentication (we never see your plain text password)
- Google account information: If you sign in with Google, we receive your email address and profile information (name, profile picture)
1.2 Baby Care Data
To provide tracking functionality, we store the following information you enter:
- Child profiles: Names, birthdates, photos, and optional notes
- Feeding records: Type (breast, formula, pumping), time, duration, amount, side (for breastfeeding), and notes
- Diaper changes: Time, type (wet, dirty, both, dry), and notes
- Sleep sessions: Start time, end time, duration, type (sleep/nap), quality rating, and notes
- Pumping sessions: Time, duration, volume per breast, total volume, and notes
1.3 Usage Data
- App settings and preferences: Measurement units, time format, theme preferences, default active tab
- Device information: Device type, browser, and app version (used only for debugging and support)
- Local storage data: We cache data locally on your device for offline functionality and faster performance
- Active timers: Timer states for tracking ongoing activities
1.4 Feedback and Support
When you send feedback through the app, we collect:
- Your feedback message and subject
- Email address (if provided)
- User agent (browser information)
- App version
- Timestamp of submission
2. How We Use Your Information
We use your data exclusively to:
- Provide core functionality: Log, store, and display your baby's feeding, diaper, sleep, and pumping activities
- Sync across devices: Keep your data synchronized when you access AvaLog from multiple devices
- Authenticate your account: Verify your identity and protect your account from unauthorized access
- Generate insights: Calculate statistics and patterns about your baby's routines (feeding frequency, sleep patterns, etc.)
- Respond to feedback: Address your questions, bug reports, and feature requests
- Improve the app: Fix bugs, enhance performance, and develop new features based on usage patterns
- Send service notifications: Alert you about important updates, security issues, or changes to our terms
⛔ What We DON'T Do
- We do NOT sell your data to advertisers, data brokers, or any third parties
- We do NOT use your data for marketing or advertising purposes
- We do NOT share your baby's information with anyone outside of this service
- We do NOT track your location or collect location data
- We do NOT use analytics or tracking tools from third parties
- We do NOT display advertisements in the app
3. Data Storage and Security
3.1 Cloud Storage
Your data is stored securely using Google Firebase (Firestore):
- Encryption in transit: All data transmission between your device and our servers uses HTTPS/TLS encryption
- Secure database: Data is stored in Firebase Firestore with strict security rules that prevent unauthorized access
- User-specific access: Only you can access your data through authentication. No one else, including other users or unauthorized parties, can view your information
- Compliant infrastructure: Firebase data centers comply with industry-standard security certifications (SOC 2, ISO 27001)
3.2 Local Storage
We cache data on your device using browser local storage for:
- Offline access: View your data even without an internet connection
- Performance: Load the app faster by caching frequently accessed data
- Privacy: Local storage is only accessible to you and is protected by your device's security
Note: Clearing your browser data will remove locally cached information, but your data remains safely stored in the cloud.
3.3 Security Rules
Our Firebase security rules ensure:
- You can only read and write your own data (authenticated by your user ID)
- Data validation prevents malformed or malicious entries
- System fields (user IDs, creation timestamps) cannot be tampered with
- Admin functions are restricted to authorized personnel only
- Each user's children and activity data are isolated in their own document tree
3.4 Security Best Practices
- Strong passwords: We require passwords to be at least 6 characters (we recommend using longer, complex passwords)
- Secure authentication: Firebase Authentication is used, which includes protections against common attacks
- Regular updates: We keep our dependencies and security measures up to date
- No sensitive data exposure: Your data is never logged or displayed in ways that could compromise your privacy
4. Data Retention and Deletion
4.1 Data Retention
We retain your data for as long as your account is active. You have full control over your data at all times and can:
- View all your data within the app
- Edit or delete individual records
- Export all your data as a backup
- Delete all data or your entire account
4.2 How to Delete Your Data
You have two deletion options:
Option 1: Delete All Data (Keep Account)
This permanently removes:
- All children profiles
- All feeding, diaper, sleep, and pumping records
- All settings and preferences
Your account remains active, and you can continue using AvaLog with fresh data.
Option 2: Delete Account (Delete Everything)
This permanently removes:
- Your entire account
- All data (same as Option 1)
- Access to AvaLog using this email address
You will be signed out immediately and cannot sign in again unless you create a new account.
4.3 Deletion Process
To delete your data or account:
- Open the AvaLog app and sign in
- Tap the menu icon (☰) and select Settings (⚙️)
- Scroll down to the "Danger Zone" section
- Choose either "Delete All Data" or "Delete Account"
- Follow the confirmation prompts (you'll need to type specific phrases and your email address to confirm)
⚠️ Important: Data Deletion is Permanent
Once deleted, your data cannot be recovered. We recommend exporting a backup before deletion if you want to keep a copy of your records.
4.4 Inactive Accounts
We do not automatically delete inactive accounts. Your data remains available indefinitely unless you choose to delete it.
5. Third-Party Services
AvaLog uses the following third-party services to function:
5.1 Firebase (Google Cloud Platform)
- Purpose: Authentication, database storage, and hosting
- Data shared: All account information and app data
- Privacy policy: Firebase Privacy & Security
- Location: Data may be stored in Google Cloud data centers worldwide
5.2 Google Sign-In (Optional)
- Purpose: Optional authentication method for convenience
- Data shared: Email address, name, and profile picture
- Privacy policy: Google Privacy Policy
5.3 What We Don't Use
Unlike many apps, we do NOT use:
- Google Analytics or any analytics services
- Advertising networks (Google Ads, Facebook Ads, etc.)
- Social media tracking pixels
- Third-party cookies
- Crash reporting services that collect personal data
6. Children's Privacy
AvaLog is designed for parents and caregivers to track their children's activities. The app itself is not directed at children under 13, and we do not knowingly collect personal information from children.
The baby care data you enter (feeding times, diaper changes, sleep sessions, etc.) is considered your personal data as the caregiver, not data about your child as an individual user of the service.
COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected information from a child under 13, please contact us immediately.
7. Your Rights
Under privacy laws including GDPR (Europe) and CCPA (California), you have the following rights:
7.1 Right to Access
You can view all your data at any time within the AvaLog app. Every piece of information we store about you is visible in the app interface.
7.2 Right to Rectification
You can edit or correct any data by tapping on individual records or updating your profile and settings.
7.3 Right to Erasure ("Right to be Forgotten")
You can permanently delete all your data or your entire account at any time through the Settings menu.
7.4 Right to Data Portability
You can export all your data in JSON format by tapping the "💾 Backup Data" button. This allows you to transfer your data to other services or keep personal records.
7.5 Right to Restriction of Processing
We only process your data for the purposes outlined in this policy. You can stop using the service at any time.
7.6 Right to Object
If you object to any data processing, you can delete your account and all associated data.
7.7 Right to Withdraw Consent
You can withdraw consent by deleting your account. This immediately stops all data processing.
8. International Users
AvaLog is hosted on Firebase infrastructure, which operates data centers in multiple locations worldwide. By using AvaLog, you consent to the transfer and storage of your data in accordance with this privacy policy.
8.1 European Users (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland:
- Your data is processed lawfully based on your consent and our legitimate interest in providing the service
- You have all the rights listed in Section 7
- You can lodge a complaint with your local data protection authority
- Data transfers comply with GDPR requirements
8.2 California Users (CCPA)
If you are a California resident:
- You have the right to know what personal information we collect and how it's used
- You have the right to delete your personal information
- You have the right to opt-out of the "sale" of personal information (we don't sell data)
- You have the right to non-discrimination for exercising your rights
9. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in:
- Our practices
- Legal or regulatory requirements
- New features or services
When we make changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify users of significant changes through the app (toast notification)
- For material changes, we may require you to review and accept the updated policy
We encourage you to review this policy periodically. Your continued use of AvaLog after policy updates constitutes acceptance of the changes.
11. Open Source and Transparency
AvaLog is committed to transparency. Our code and security practices are designed with your privacy in mind.
- Open approach: Our Firebase security rules demonstrate our commitment to protecting your data
- Security reviews: We welcome responsible disclosure of security vulnerabilities
- No hidden tracking: We don't use hidden trackers or analytics
🛡️ Our Security Promise
We take your privacy and security seriously. Every decision we make prioritizes protecting your family's data. All data transmission is encrypted, access is strictly controlled through authentication, and we follow industry best practices. Your baby's data is private and stays private—that's our commitment to you.
12. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of becoming aware of the breach
- Provide details about what data was affected
- Explain what steps we're taking to address the breach
- Advise on steps you can take to protect yourself
- Notify relevant authorities as required by law
13. Your Consent
By using AvaLog, you consent to this privacy policy. If you do not agree with this policy, please do not use the app.
For new users: Creating an account indicates your acceptance of this privacy policy.
For existing users: Continued use after policy updates indicates acceptance of changes.