Legal

Privacy policy.

Last updated: 29 May 2026

Little Bean ("Little Bean", "we", "us") makes a mobile app for parents to track their baby's feeding, sleep, diapers, and growth. This policy explains what personal data we collect, why, who we share it with, and the rights you have. It covers both the app and this website. We are the data controller for this data. Questions: [email protected].

What we collect

When you join the waitlist: your email address, your position in the waitlist, the page you came from, your device type, and the time you signed up.

When you create an account: your email address, a password (stored only in hashed form, never in plain text) or a magic-link sign-in, your name, and an optional profile photo.

About your baby, entered by you: your baby's name, date of birth, and sex, an optional photo, and the entries you log: feedings, diaper changes, sleep, and growth measurements, each with optional notes. Some of this relates to your child's health.

When you invite a caregiver: the email address of the person you invite.

Technical and subscription data: your subscription status and, if you enable notifications, a device push token. If the app crashes, we receive a report tied only to an anonymous account identifier, with no name, email, or baby data attached.

We do not collect your location, we do not run advertising, we do not use an analytics tracking SDK in the app, and we do not send any data about you or your baby to any artificial-intelligence service. The in-app weekly advice is fixed content written in advance, not generated from your data.

How we use it

We use it to create and run your account, store and show the entries you log, sync data with caregivers you invite, manage your subscription and free trial, send service messages, keep the app secure, and diagnose crashes. Our legal bases under the GDPR are performing our contract with you, your consent, and our legitimate interest in keeping the service secure. We do not sell your personal data, and we never will.

Who we share it with

We use a small number of providers purely to operate the service. Each receives only what it needs:

  • Supabase — database, authentication, and file storage, hosted in the European Union.
  • RevenueCat — subscriptions; receives an anonymous account identifier and transaction details, no name, email, or baby data.
  • Sentry — crash and error reporting, hosted in the EU; receives only an anonymous identifier and your subscription status.
  • Resend — sends caregiver invitation emails; receives the inviter's name, the baby's first name, and the invited email address.
  • Cloudflare — hosts this website and provides privacy-first Web Analytics. It sets no cookies, collects no personal data, and does not track you across sites; it only counts aggregate page views and where visits come from.
  • Expo — delivers push notifications, when you enable them; receives a device push token.
  • Apple App Store and Google Play — process subscription payments. We never see or store your card details.

We may also disclose data if the law requires it. We do not sell your data to anyone, ever.

Where your data is held

Your account data, baby logs, and photos are stored in the European Union. If you use the app from outside the EU, your data is still processed in the EU.

How long we keep it

We keep your account data and logs for as long as your account exists. When you delete your account from within the app, we immediately delete your profile, your baby profiles, your logs, your photos, and your sign-in record. Copies in routine encrypted backups are purged on our provider's normal backup cycle. Crash reports are deleted on Sentry's standard retention schedule. Caregiver invitations expire after 7 days. Waitlist data is kept until you ask us to delete it, or until one year after the app launches, whichever comes first.

Your rights

If you are in the European Union or the United Kingdom, you have the right to access your data, correct it, delete it, restrict or object to how we use it, withdraw consent, and ask for a copy of your data. You can act on most of these directly in the app: edit your profile and baby details, export your data from Settings as a PDF report or a CSV file (choose a date range; the CSV is machine-readable, one row per entry), and delete your entire account from Settings. For any other request, email [email protected] and we will respond within 30 days. You also have the right to complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

For users in California (CCPA): you have the right to know what personal information we collect, to request its deletion, and to not be discriminated against for exercising your rights. We do not sell personal information, so there is no sale to opt out of.

Children

Little Bean is for use by parents and guardians. The account holder is an adult or, if under 18, acts with their own parent or guardian's agreement. Data about a baby is entered by the parent or guardian about their own child. The app is not directed to children, and we do not knowingly collect personal information directly from a child under 13 (or under 16 in the EU/EEA). The information recorded about a baby is provided by you, the parent or guardian, not by the child. If we learn that a child has created an account, we will delete it.

Changes to this policy

If we change this policy, we will update the date at the top and, for significant changes, notify you in the app or by email.

Contact

Questions or requests: [email protected]. Little Bean, Netherlands.