Version 1.0 - Last updated: 2/7/2026
Pocket Baby ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
Pocket Baby is operated by NandTek.
Contact: mail@nandtek.de
Address: Am Hangelstein 20, 65812 Bad Soden am Taunus
Website: https://pocketbaby.app
We collect information that you provide directly to us, including:
• Account information (email address, password)
• Baby profile information (name, birth date, photos, milestones, diary entries, words)
• Family member information (for the Family Circle feature)
• Usage data and preferences
We use the information we collect to:
• Provide, maintain, and improve our services
• Process transactions and send related information
• Send you technical notices and support messages
• Respond to your comments and questions
• Monitor and analyze trends and usage
• Detect, prevent, and address technical issues
We process your personal data based on the following legal bases:
(1) Your Consent: When you create an account and accept this Privacy Policy, you consent to our processing of your data.
(2) Contractual Necessity: We need to process your data to provide the services you have requested (e.g., storing milestones, generating avatars).
(3) Legitimate Interest: We process data for service improvement, security, fraud prevention, and technical support, which are necessary for our legitimate business interests.
We use industry-standard security measures to protect your personal information. Your data is stored securely using encryption and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure.
Media files such as photos, keepsakes, and avatars are stored in Amazon Web Services (AWS) Simple Storage Service (S3) in the European Union and are encrypted at rest using strong industry-standard encryption (AWS KMS). All files are accessed only over HTTPS.
Uploads to S3 use short-lived, scoped presigned URLs generated by our backend. Your device never receives AWS access keys, and each presigned URL can only be used to upload a single file with a specific path and content type. Some media files are served via long, unguessable S3 URLs for performance reasons; access to these URLs is governed by your sharing choices in the app.
Important note on sharing: While we use unguessable URLs to protect your media, if you choose to share these links or your content with others (e.g., via the Family Circle or external sharing features), those individuals may be able to save or further distribute your images. We cannot control the actions of individuals with whom you choose to share your content.
We do not sell your personal information. We may share your information only:
• With family members you explicitly invite through the Family Circle feature
• With service providers who assist us in operating our services (under strict confidentiality agreements)
• When required by law or to protect our rights
We do not share your data with third parties for advertising or behavioural tracking purposes.
We use the following third-party services to operate Pocket Baby. Each service has a data processing agreement in place to protect your data:
Supabase (Database, Authentication, Backend Services)
• Purpose: Stores your account data, baby profiles, milestones, and other structured app data, and powers authentication and backend logic.
• Data shared: App data needed to provide the service
• Privacy Policy: https://supabase.com/privacy
• Location: European Union
Amazon Web Services (AWS) (Cloud Infrastructure, Media Storage)
• Purpose: Hosts media files such as photos, keepsakes, and avatars in Amazon S3, and provides underlying cloud infrastructure.
• Data shared: Encrypted media files and related metadata needed to store and serve your content
• Privacy Policy: https://aws.amazon.com/privacy/
• Location: European Union (S3 buckets in EU region)
Resend (Email Service)
• Purpose: Sends invitation emails and notifications
• Data shared: Email addresses and names (for email content only)
• Privacy Policy: https://resend.com/legal/privacy-policy
• Retention: No data stored beyond email delivery
Sentry (Error Tracking)
• Purpose: Monitors app errors and performance
• Data shared: Error logs (all personally identifiable information is automatically redacted)
• Privacy Policy: https://sentry.io/legal/privacy/
• Privacy: No PII is sent to Sentry
AI Avatar Generation Service
• Purpose: Generates artistic avatars from photos
• Provider: NandTek (self-operated service)
• Location: Data is processed in data centers located in the European Union (currently Frankfurt, Germany)
• Data shared: Photos temporarily (for processing only, deleted immediately after processing)
• Processing method: Asynchronous internal processing (2-5 minutes)
• Retention: Photos are not stored permanently - deleted immediately after processing
• GDPR compliance: ✅ Fully compliant - all processing within EU, no third-party involved
All third-party services are bound by data processing agreements that require them to protect your data and use it only for the purposes specified. The AI Avatar Service is self-operated by NandTek and does not involve any third-party providers.
Pocket Baby complies with the Children's Online Privacy Protection Act (COPPA). We take the privacy of children's information seriously.
Parental Control: Pocket Baby is designed for parents and guardians, not children directly. All accounts must be created by a parent or guardian who controls all data associated with the account.
No Direct Collection: We do not knowingly collect personal information directly from children under 13. All data is entered and controlled by the account owner (parent/guardian).
Parental Rights: Parents and guardians have full access to view, edit, export, and delete all data associated with their account and their children's profiles.
For COPPA inquiries, please contact us at: mail@nandtek.de
Pocket Baby uses automated processing in the following ways:
• AI Avatar Generation: When you upload a photo, we use automated AI processing to generate artistic avatars. This is an automated decision that creates a visual representation based on your baby's traits and evolution stage.
• Developmental Insights: The app provides developmental insights and trait analysis based on logged milestones. These are informational only and not medical advice.
Your Rights: You have the right to request human review of any automated decision, contest automated decisions, and opt-out of automated processing (though this may limit some features). To exercise these rights, contact us at mail@nandtek.de.
Under GDPR, CCPA, and other applicable data protection laws, you have the right to:
• Access: Request a copy of your personal information (available via Settings → Privacy → Request Data Export)
• Rectification: Correct inaccurate information (available throughout the app via edit functionality)
• Erasure: Request deletion of your account and data (available via Settings → Privacy → Delete Account)
• Data Portability: Export your data in a machine-readable format (available via Settings → Privacy → Request Data Export)
• Object: Opt-out of certain data processing (available via Settings → Privacy and Notification settings)
• Withdraw Consent: Delete your account at any time (available via Settings → Privacy → Delete Account)
We retain your information for specific periods based on the type of data:
• Account Data: Retained until you delete your account
• Baby Profiles, Milestones, Diary Entries: Retained until you delete them or delete your account
• Photos and AI Avatars: Retained until you delete them or delete your account
• Data Export Requests: Export files are available for 7 days after completion, then automatically deleted
• Account Deletion Requests: Account is deleted after a 30-day grace period (you can cancel during this period)
• System Logs: Retained for 90 days for security and troubleshooting purposes
If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law (e.g., for tax or legal compliance purposes).
Encrypted backups and S3 object versioning may retain deleted data for a limited period before being automatically overwritten or purged. These backups are used only for security and disaster-recovery purposes and are not used to restore your account after you request deletion.
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.
Data Storage Location: Your data is primarily stored in the European Union. This ensures your data is processed within the EU in compliance with GDPR requirements.
Safeguards: We use Standard Contractual Clauses (SCCs) and data processing agreements with our service providers (including Supabase, Resend, and Sentry) to ensure your data receives adequate protection regardless of where it is processed. These agreements require our service providers to maintain the same level of data protection as required by GDPR and other applicable laws.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
If you access Pocket Baby through a web browser, we may use cookies and similar technologies:
• Essential Cookies: Required for the app to function (authentication, session management)
• Analytics Cookies: Only used if you opt-in to analytics (currently opt-in only, not required)
• Error Tracking: Used for error monitoring (PII is automatically redacted)
You can manage cookies through your browser settings. Note that disabling essential cookies may limit app functionality.
We do not use third-party advertising cookies or similar trackers to build behavioural profiles or show targeted ads.
If you have any questions about this Privacy Policy, wish to exercise your rights, or have privacy concerns, please contact us:
NandTek
Email: mail@nandtek.de
Address: Am Hangelstein 20, 65812 Bad Soden am Taunus
Website: https://pocketbaby.app
By using Pocket Baby, you acknowledge that you have read and understood this Privacy Policy.