Your Data, Your Control
Zero photo retention. Offline-first architecture with instant cold start. Face ID biometric lock. Jailbreak detection. Row Level Security. End-to-end encrypted family sync. No tracking, no ads, no data selling. Trusted by families across 241 countries & territories.
Security Features
Multiple layers of protection built into every aspect of the app
Zero Photo Retention
Parent photos are processed and deleted within seconds. Not minutes, not hours — seconds. No facial embeddings retained. No photo metadata kept. Verified by data export and annual security audits.
Offline-First Architecture
SwiftData local-first design means your core data never leaves your device unless you explicitly sync. Instant cold start, zero network latency for local operations.
Biometric Authentication
Face ID and Touch ID with configurable lock timeouts. 1 in 1,000,000 false match rate. Secure Enclave processing ensures biometric data never leaves your device hardware.
Jailbreak Detection
Blocks compromised devices entirely — no bypass option. Protects against disabled sandboxing, malware, encryption bypass, and code injection on jailbroken devices.
Screenshot & Recording Protection
App blocks usage while screen recording is active. Screenshots trigger privacy warnings on sensitive screens. App preview blurred in multitasking view.
Bank-Grade Encryption
AES-256 at rest, TLS 1.3 in transit with perfect forward secrecy. Certificate pinning prevents interception. iOS Keychain with Secure Enclave hardware-backed keys.
Data Protection
Database-level isolation and encryption for your family's data
Row Level Security
Supabase RLS enforces data isolation at the PostgreSQL database engine level. Even if application code had a bug, the database itself blocks unauthorized access.
End-to-End Family Sync
Family data encrypted before leaving your device. Only family members with valid keys can decrypt. Server cannot read family data in transit or at rest.
No Tracking, No Ads
Zero advertising SDKs. No cross-app tracking. No device fingerprinting. No analytics with data access. Our business model is subscription-based — we earn from you, not your data.
Compliance & Standards
Meeting the highest industry standards worldwide
HIPAA-Grade Security
We voluntarily implement HIPAA-grade technical, physical, and administrative safeguards. Access controls, encryption, audit controls, and 24-hour breach notification commitment.
GDPR Rights for All Users
We extend GDPR protections to all users worldwide — not just EU citizens. Right to access, erasure, portability, and restriction of processing in all 241 countries & territories.
CCPA Compliant
Full California Consumer Privacy Act compliance. We never sell data — the right to opt out of data sales is not applicable because we never sell.
Your Data Rights
Full control over your personal information — extended to all users worldwide
Access & Export
Request all data we hold about you in JSON, CSV, or PDF format. Portable, machine-readable, free of charge. Response within 30 days.
Data Portability
Export everything: tracking data, predictions, settings, observations. Verify no source photos are present — because we delete them immediately.
Permanent Deletion
Delete your account and all data permanently. Active data removed immediately, backend purged within 30 days, backups within 90 days. Irreversible.
Privacy FAQ
Common questions about how we protect your data