Skip to content

Legal document

Privacy Policy

Last updated: May 9, 2026

Bebblo is built local-first. This policy explains what data is collected, why, where it is stored and what rights you have under the General Data Protection Regulation (GDPR, EU Regulation 2016/679).

1. Data Controller

FAINTECH SRL ("FAINTECH", "we"), with registered office in Romania, is the data controller for the Bebblo app. For any request about your data, contact us at support@bebblo.com.

2. Lawful basis for processing

We process your data based on:

  • Art. 6(1)(b) GDPR — performance of contract: providing the app functionality you install and use.
  • Art. 6(1)(a) GDPR — consent: for cloud sync, family sync and any optional feature involving data transmission to our servers.
  • Art. 6(1)(f) GDPR — legitimate interest: for pseudonymous technical crash logs needed to keep the app stable.

3. What data we collect

Bebblo keeps data local by default. Child data stays on your device unless you explicitly enable cloud features.

Data stored locally on the device

  • Child profile: first name, date of birth, sex (optional).
  • Care journal: sleep, meals, diapers, growth, temperature, medications, vaccinations, development milestones, notes, photos.
  • App settings, reminders and preferences.

Data sent to the cloud (only if you enable it)

  • Account email, used for authentication and data recovery.
  • Encrypted journal backup, isolated per user via Row-Level Security (RLS) rules.
  • Family sync invites: invited person's email, role (parent or caregiver) and invite status.

What we do not collect

  • We do not use ad trackers, marketing cookies or advertising analytics.
  • We do not collect data directly from children — the app is used by adults to log their own caregiving activities.
  • We do not sell children's data and do not rent your data.
  • We do not use journal data for advertising, profiling or marketing.

4. Where data is stored

  • On device: local app storage (MMKV) inside the operating system's app sandbox and device security controls.
  • In the cloud (optional): Supabase, European Union region. Data is encrypted in transit (TLS) and at rest.

5. How long we keep data

  • Local: data stays on the device indefinitely or until you delete it from the app, clear app data or uninstall the app.
  • Cloud: data persists until you delete your account. After deletion, the cloud backup is permanently removed within 30 days.

6. Your rights under GDPR

You have the following rights regarding your personal data:

  • Access (Art. 15) — find out what data we hold about you.
  • Rectification (Art. 16) — correct inaccurate data.
  • Erasure (Art. 17, "right to be forgotten") — request deletion of your data.
  • Restriction of processing (Art. 18).
  • Portability (Art. 20) — local or cloud export in a structured format.
  • Objection (Art. 21).
  • Withdraw consent (Art. 7) — at any time, without affecting prior processing.
  • Complaint to a supervisory authority — to ANSPDCP (www.dataprotection.ro), the Romanian DPA, or your national authority.

To exercise your rights, write to support@bebblo.com. We respond within 30 days.

7. Cookies and similar technologies

The Bebblo app uses essential local storage (MMKV) for your session and journal. If you consent in the app, we use PostHog EU for pseudonymous usage events, without child journal content, names, birth dates, photos, notes, invite tokens or medical entries. You can withdraw consent from Profile. The bebblo.com website does not set non-essential cookies.

8. Children's privacy

Bebblo is an app about children, but it is used exclusively by adults (parents, grandparents, caregivers). We do not collect data directly from children. Child data is entered voluntarily by the responsible adult. We recommend deleting photos or sensitive data if you stop using the app.

9. International transfers

Our cloud backend (Supabase) and product analytics (PostHog EU, only with consent) are hosted in the European Union region. Some processors, such as Sentry, RevenueCat, Apple or Google, may process limited account, diagnostic or purchase data outside the EU under contractual safeguards. If we change the region or processor, we will notify you in advance and ensure equivalent safeguards under Chapter V GDPR.

10. Sub-processors

We use a minimal set of processors bound by GDPR (signed DPA):

  • Supabase — authentication, backup storage and family sync.
  • Apple App Store and Google Play — distribution and subscription management (via RevenueCat).
  • RevenueCat — Premium subscription management (does not receive child data).
  • Sentry — crash reporting and diagnostic stability data.
  • PostHog EU — pseudonymous product analytics, only if you consent in the app.

11. Security

We apply reasonable technical measures: encryption in transit (TLS), encrypted optional cloud backups, per-user isolation via RLS and least-privilege admin access. Local journal data stays in the app's on-device storage and is protected by the device and operating system controls. No system is absolutely secure — if you spot a vulnerability, please report it to support@bebblo.com.

12. Policy changes

We may update this policy occasionally. We will mark the last-updated date at the top. For significant changes, we will notify you in-app or by email.

13. Contact

For any privacy question: support@bebblo.com.