← Back to Lullu

Privacy Policy

Last updated: April 16, 2026

1. Introduction

Lullu ("we," "our," or "us") is a baby tracking application designed to help parents and caregivers monitor their child's daily activities. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

By using Lullu, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

  • Email address (for authentication)
  • Name (as provided during signup)
  • Google account information (if you sign in with Google)

Baby & Family Information

  • Baby's name, date of birth, and gender
  • Family member names and roles
  • Tracking data: feeding, sleep, diaper, health, and developmental milestones

Usage Data

  • Device type and operating system
  • App usage patterns (anonymized)
  • Crash reports and performance data

3. How We Use Your Information

  • To provide and maintain the Lullu service
  • To sync your data across devices in real-time
  • To share tracking data with family members you invite
  • To provide developmental guidance based on your baby's age
  • To send push notifications (only with your permission)
  • To improve and optimize the app experience

We never sell your personal data to third parties.

4. Data Storage & Security

Your data is stored securely on Supabase (powered by PostgreSQL) with row-level security policies. All data is encrypted in transit (TLS/SSL) and at rest. We use industry-standard security practices to protect your information.

Your account is protected by authentication via magic link email or Google OAuth. We do not store passwords.

5. Data Sharing

We share your tracking data only with family members you explicitly invite. We do not share your data with advertisers or data brokers.

We may share anonymized, aggregated data for research purposes (e.g., sleep pattern trends). This data cannot be used to identify you or your family.

We use the following third-party services:

  • Supabase — database and authentication
  • Vercel — hosting and deployment
  • Google — OAuth authentication (optional)

6. Children's Privacy

Lullu is designed for use by parents and caregivers (adults). We do not knowingly collect personal information from children under 13. The baby-related data entered into the app is provided by the parent/caregiver, not by the child.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data
  • Withdraw consent for push notifications

To exercise any of these rights, contact us at privacy@lulluapp.com.

8. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access — Request a copy of all personal data we hold about you
  • Right to Rectification — Correct any inaccurate personal data
  • Right to Erasure — Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing — Request we limit how we use your data
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to processing of your personal data
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent

Legal basis for processing: We process your data based on (a) your consent, (b) contractual necessity to provide the service, and (c) our legitimate interest in improving the app.

Data Protection Officer: Contact privacy@lulluapp.com for any GDPR-related requests. We will respond within 30 days.

International transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

9. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — What personal information we collect and how we use it
  • Right to Delete — Request deletion of your personal information
  • Right to Non-Discrimination — We will not discriminate against you for exercising your rights
  • Right to Opt-Out of Sale — We do not sell your personal information

To exercise these rights, contact privacy@lulluapp.com or use the account deletion feature in Settings.

10. Cookie Policy

Lullu uses essential cookies and local storage for:

  • Authentication session management
  • User preferences (dark mode, selected baby, quick action customization)
  • App functionality (offline data caching)

We do not use advertising cookies or third-party tracking cookies. We do not use analytics tracking that identifies individual users.

11. Data Retention

We retain your data for as long as your account is active. If you delete your account, your profile and personal data are deleted immediately and irreversibly. Tracking events you logged that are shared with co-parents or family members in your household may be retained for those family members with your authorship removed, so that their timeline history is not disrupted. Anonymized, aggregated data may be retained for analytical purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via the app or email. Your continued use of Lullu after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

Email: privacy@lulluapp.com

For GDPR-specific inquiries, you also have the right to lodge a complaint with your local data protection authority.