Privacy Policy
BubSync (“we”, “us”, or “our”) is committed to protecting your family's privacy. This policy explains what we collect, how we use it, where it is stored and processed, and the main limits and risks you should understand when using the service.
1. Who we are
BubSync is a baby activity tracking service operated from Australia. This policy applies to the BubSync mobile apps, the BubSync web app / PWA, and the marketing website at bubsync.com where those products link to or rely on this policy.
2. What data we collect
- Account and profile data: email address, display name, caregiver role, Google profile details if you choose optional Google sign-in, and subscription or entitlement status metadata.
- Family and activity data: baby profiles, feeds, sleep, nappies, growth, notes, custom activities, timestamps, invite records, and family-sharing settings.
- Technical and service data: device push tokens, app/browser state needed for offline use and sync, diagnostics, and operational metadata needed to provide, secure, and support the service.
- AI interaction and output data:data used to generate AI-powered snapshot summaries, guidance, predictive notifications, and future chat-based Q&A, including relevant prompts, outputs, and feature-quality signals where those features are enabled.
We do not intentionally collect precise location data or full payment-card details.
3. How we use your data
- Create and authenticate your account.
- Store, display, and sync family and activity records.
- Support invitations, shared-care workflows, exports, notifications, and subscription features.
- Monitor reliability, security, and abuse prevention.
- Generate, improve, and safety-monitor AI-powered snapshot summaries, guidance, predictive notifications, and future chat-based Q&A features.
- Comply with legal obligations and respond to lawful requests.
We do not sell your personal data or use it for targeted advertising.
4. Where data is stored and processed
BubSync's primary production application data is hosted and processed mainly in AWS ap-southeast-2 (Sydney).
Some supporting website delivery, CDN, certificate, routing, or provider operations may also involve us-east-1 and global services such as CloudFront and Route 53. As a result, connection metadata such as IP address, request timing, user agent, and routing information may be processed outside Australia.
BubSync is also designed to work offline first. When sync is unavailable or disabled, a local copy of relevant data may remain on your device or in browser storage until you reconnect, re-enable sync, sign out, clear storage, or delete the relevant data.
5. Who we share data with
We share data only where needed to run BubSync, where you enable a feature, or where law requires it.
This can include providers that help us with:
- cloud hosting, authentication, storage, notifications, and email delivery
- optional diagnostics, analytics, and monitoring
- AI/ML model and language-processing providers (current or future)
- subscription management and app-store billing flows
- optional third-party sign-in
- legal or regulatory compliance
6. Security, retention, and important limitations
We use reasonable technical and organisational measures to protect personal information, including encryption in transit, access controls, and operational safeguards appropriate to the service.
Even so, no internet-connected service, device, or browser environment can be guaranteed to be perfectly secure. In particular:
- locally cached data may be exposed on a shared, lost, compromised, rooted, or jailbroken device
- service providers and infrastructure may process technical metadata and limited logs needed for routing, monitoring, support, and security
- push-notification providers receive device-token and transport metadata, and notification previews may be visible on lock screens or shared devices
- deleted data may remain temporarily in short-retention logs or encrypted disaster-recovery backups before those copies expire
- AI-enabled features may create short-retention prompts, outputs, and audit logs used for quality, abuse prevention, security, and legal compliance
We retain account, family, and activity data until you delete the relevant records or your account, subject to backup, security, and legal retention needs. We aim to remove active account data within 30 days after deletion requests are processed. Production disaster-recovery backups may remain for up to 35 days.
AI-related prompts, outputs, and audit logs follow the same retention principles and are retained only as needed for service operation, security, abuse prevention, legal compliance, and model-quality monitoring before deletion or de-identification.
7. International transfers
Because BubSync uses global infrastructure and third-party providers, your data may be transferred or made accessible outside Australia. We rely on contractual, technical, and organisational safeguards that are appropriate to the relevant provider relationship and required by applicable law.
8. Feature and service variations
BubSync is still in beta. Specific features, providers, workflows, and technical implementations may vary over time by platform, feature availability, provider availability, or legal and compliance requirements.
Where a change materially affects how personal information is handled, we will update this policy or provide additional notice where required by applicable law.
9. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, delete, restrict, or object to certain processing of your personal data. We aim to respond to valid privacy requests within 30 days.
Where available, you can disable optional AI-powered summaries, guidance, predictive notifications, or future chat features in-app. Some AI processing is still required when those features are enabled to deliver requested outputs and maintain security.
10. Contact
For privacy questions, rights requests, or complaints, contact:
- Email: privacy@bubsync.com
Australian users may also complain to the OAIC at oaic.gov.au.