Dad & BabyGet Started

Privacy Policy

Last updated: 5 May 2026

1. Who We Are

Dad & Baby is operated by Dad & Baby Limited, a company registered in England and Wales (Company Number: 15984321). We operate the website at dadandbaby.co.uk and the application at app.dadandbaby.co.uk (together, the "Service"). We are the data controller for the purposes of UK data protection legislation, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Email: privacy@dadandbaby.co.uk
Website: dadandbaby.co.uk

2. What Data We Collect

We collect the following personal data when you use the Service:

  • Account information: Email address and name.
  • Pregnancy information: Due date or birth date of your child/children, pregnancy progress and current week.
  • Children's information: Names, dates of birth, and gender of your children (as entered by you).
  • Wellbeing data: Mood and wellbeing check-ins for you and your partner.
  • Forum content: Posts and comments you submit to the community forum (displayed anonymously to other users).
  • Appointment details: Appointment information you choose to store in the app.
  • Checklist progress: Your progress through pregnancy checklists.
  • Birth plan preferences: Your birth plan choices and preferences.
  • Baby names: Names you save and your ratings of them.
  • Contraction timer data: Contraction timing records you create.
  • Midwife questions: Questions and answers you store for midwife appointments.
  • Budget plan data: Financial planning information you enter.
  • Sleep data: Sleep times, duration, and nap/night classification recorded through the Daily Tracker.
  • Nappy data: Nappy change timestamps and type (wet/dirty/mixed) logged through the Daily Tracker.
  • Activity data: Activity types (tummy time, bath, play, etc.), duration, and timestamps.
  • Medication data: Medication names, dosages, timestamps, and reminder settings logged through the Daily Tracker.
  • Growth data: Weight, height, and head circumference measurements recorded in the Child Health section.
  • Immunisation records: Vaccine completion dates, batch numbers, and locations as entered by you.
  • Developmental milestone data: Milestone observations and dates recorded against the ASQ-3 framework.
  • Health visitor review data: Review completion status, notes, and questions you store for health visitor appointments.
  • Push notification tokens: Firebase Cloud Messaging (FCM) device tokens used to send you push notifications (weekly tips and updates).
  • Subscription status: Whether you have an active Dad Pro subscription, expiry date, and a pseudonymous subscriber ID generated by RevenueCat. Apple and Google handle the actual payment; we never see your payment card details.
  • Advertising identifiers and ad interaction data (free-tier mobile users only): On the free tier of the mobile app, Google AdMob may process your device's advertising identifier (IDFA on iOS, GAID on Android), approximate location derived from your IP address, and ad interaction events to deliver and measure ads. On iOS this only occurs if you grant tracking permission via Apple's App Tracking Transparency prompt. Dad Pro subscribers never see ads and no advertising data is collected from them.
  • Device and technical information: Device model, operating system version, app version, language, and IP address. Some of this information is collected automatically by our backend (Supabase) when you use the Service.

3. What We Do NOT Collect

  • Photographs or images:The App does not collect, store, or process any photographs or images. There is no photo upload functionality in Dad & Baby.
  • Biometric data: We do not collect fingerprints, facial recognition data, or any other biometric information.
  • Payment card details: All subscription payments are processed by Apple (App Store) or Google (Play Store). We never see or store your payment card information.
  • Precise location data: We do not request location permissions or track your GPS location. Any Google Places API queries (e.g. for nearby services) are processed by Google and are not stored by us.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Provide core app functionality: Delivering week-by-week pregnancy content, daily baby tracking, NHS child health tools, checklists, and features that require your data to work.
  • Personalise content: Tailoring pregnancy guidance and tips based on your due date and stage.
  • Send push notifications: Delivering weekly pregnancy tips and important updates (with your consent).
  • Moderate forum content: Reviewing community posts via AI screening (OpenAI) and human review to maintain a safe environment.
  • Process account deletion requests: Fulfilling your right to erasure when you request account deletion.

5. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract (Article 6(1)(b) UK GDPR): Processing necessary to provide you with the Service you have signed up for. Core features such as pregnancy tracking, checklists, birth planning, and the contraction timer require your data to function. Subscription status is also processed on this basis when you have a Dad Pro subscription.
  • Consent (Article 6(1)(a) UK GDPR):Where you have given explicit consent, including push notifications, forum posting, advertising cookies on the website (Google AdSense), and personalised advertising in the mobile app (via Apple's App Tracking Transparency prompt on iOS, where applicable).
  • Legitimate Interests (Article 6(1)(f) UK GDPR): App improvement, performance monitoring, security, and serving non-personalised advertising in the free tier of the mobile app to support the Service. We have balanced our interests against your rights and do not believe this processing overrides your privacy.

6. Data Processors

We use the following third-party data processors to operate the Service:

  • Supabase: Database hosting and backend infrastructure. Data is stored in the EU region.
  • Vercel: Web hosting and application delivery. Based in the US with Standard Contractual Clauses in place.
  • Resend: Transactional email delivery (e.g. magic link authentication emails).
  • Google AdSense (website only): Web advertising, loaded only with your cookie consent.
  • Google AdMob (mobile app, free tier only): In-app advertising for free-tier users. AdMob processes your device's advertising identifier and limited interaction data to deliver and measure ads. Dad Pro subscribers never see ads and no data is sent to AdMob from their devices. On iOS, personalised ads only occur with your consent via Apple's App Tracking Transparency prompt.
  • Google Firebase Cloud Messaging (FCM):Push notification delivery for the mobile app. FCM processes your device's push token to deliver notifications.
  • Google Maps / Places API: Location-based features (e.g. finding nearby services). Queries are processed by Google and not stored by us.
  • OpenAI: Content moderation only. Forum post text is analysed for safety purposes. Content is processed transiently and is not stored by OpenAI.
  • RevenueCat: Subscription lifecycle management for Dad Pro. RevenueCat receives a pseudonymous subscriber ID and your subscription events (purchase, renewal, cancellation) from Apple or Google. They do not receive your name, email, or any pregnancy/child data.
  • Apple / Google: Subscription management for Dad Pro via the App Store and Google Play Store respectively.

7. Data Sharing

We do NOT sell your personal data. We never have and we never will.

We share your data only with the data processors listed in Section 6 above, and only to the extent necessary to provide the Service.

We may disclose your personal data if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or safety, or prevent fraud.

8. Data Retention

  • Account data: Retained for as long as your account is active.
  • Account deletion: When you request account deletion (via the app or by emailing us), your personal data is deleted within 72 hours.
  • Forum posts: On account deletion, forum posts are anonymised (not deleted) to preserve the continuity of community conversations. No personally identifiable information remains associated with anonymised posts.
  • Push notification tokens: Deleted immediately upon account deletion.

9. Children's Data

Dad & Baby collects data about children (names, dates of birth, gender, growth measurements, immunisation records, developmental milestones, sleep patterns, feeding records, and health data) as entered by adult parents and guardians. This data is used to personalise pregnancy content, milestones, and post-birth tracking features.

We do not collect data from children. No child under the age of 18 can create an account with Dad & Baby. The Service is designed for use by adult parents and expectant parents only.

10. Cookies & Tracking

Website (dadandbaby.co.uk):

  • Essential cookies: Authentication session cookies that keep you signed in. These are strictly necessary for the Service to function and do not require consent.
  • Advertising cookies: Google AdSense cookies, used to serve relevant advertisements and support our free service. These are loaded only with your explicit consent via our cookie consent banner.

Mobile app:The mobile app does not use cookies. On the free tier, Google AdMob displays advertisements and may access your device's advertising identifier to deliver and measure ads. On iOS, personalised ads require your consent via Apple's App Tracking Transparency prompt — you can decline and still use the app, in which case ads will be non-personalised. You can reset or limit your advertising identifier at any time via your device settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads).

Dad Pro subscribers see no ads on either platform — no AdMob calls are made and no advertising identifiers are shared while a subscription is active.

We do not use any other tracking, analytics, or third-party cookies.

11. International Transfers

Some of our data processors are located outside the UK. We ensure appropriate safeguards are in place for all international transfers:

  • Supabase: EU region — covered by the UK adequacy decision for the EU.
  • Vercel: US — Standard Contractual Clauses (SCCs) in place.
  • Google (AdSense, AdMob, Firebase, Maps): US — adequate safeguards including Standard Contractual Clauses.
  • RevenueCat: US — Standard Contractual Clauses in place. Only pseudonymous subscriber IDs and subscription events are processed.
  • OpenAI: US — data is processed transiently for content moderation only and is not stored.

12. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure:Request deletion of your personal data. You can do this directly in the app (Settings > Delete Account) or by emailing us.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at privacy@dadandbaby.co.uk. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Row-level security: Database-level access controls ensure users can only access their own data.
  • Secure authentication: Passwords are hashed by our authentication provider (Supabase) using industry-standard algorithms. We never store or see plaintext passwords.
  • Regular security audits: We regularly review and improve our security practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via an in-app notification and/or by email. Your continued use of the Service after notification of changes constitutes acceptance of the updated policy.

15. Contact

For any questions about this Privacy Policy or your personal data, contact us at:

Privacy enquiries: privacy@dadandbaby.co.uk

General enquiries: hello@dadandbaby.co.uk