Dad & BabyGet Started

Privacy Policy

Last updated: 7 April 2026

1. Who We Are

Dad & Baby is operated by Dad & Baby Limited, a company registered in England and Wales (Company Number: 15984321). We operate the website at dadandbaby.co.uk and the application at app.dadandbaby.co.uk (together, the "Service"). We are the data controller for the purposes of UK data protection legislation, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Email: privacy@dadandbaby.co.uk
Website: dadandbaby.co.uk

2. What Data We Collect

We collect the following personal data when you use the Service:

  • Account information: Email address and name.
  • Pregnancy information: Due date or birth date of your child/children, pregnancy progress and current week.
  • Children's information: Names, dates of birth, and gender of your children (as entered by you).
  • Wellbeing data: Mood and wellbeing check-ins for you and your partner.
  • Forum content: Posts and comments you submit to the community forum (displayed anonymously to other users).
  • Appointment details: Appointment information you choose to store in the app.
  • Checklist progress: Your progress through pregnancy checklists.
  • Birth plan preferences: Your birth plan choices and preferences.
  • Baby names: Names you save and your ratings of them.
  • Contraction timer data: Contraction timing records you create.
  • Midwife questions: Questions and answers you store for midwife appointments.
  • Budget plan data: Financial planning information you enter.
  • Sleep data: Sleep times, duration, and nap/night classification recorded through the Daily Tracker.
  • Nappy data: Nappy change timestamps and type (wet/dirty/mixed) logged through the Daily Tracker.
  • Activity data: Activity types (tummy time, bath, play, etc.), duration, and timestamps.
  • Medication data: Medication names, dosages, timestamps, and reminder settings logged through the Daily Tracker.
  • Growth data: Weight, height, and head circumference measurements recorded in the Child Health section.
  • Immunisation records: Vaccine completion dates, batch numbers, and locations as entered by you.
  • Developmental milestone data: Milestone observations and dates recorded against the ASQ-3 framework.
  • Health visitor review data: Review completion status, notes, and questions you store for health visitor appointments.
  • Push notification tokens: Device tokens used to send you push notifications (weekly tips and updates).
  • Device information: Basic device and platform information required for the Service to function correctly.

3. What We Do NOT Collect

  • Photographs or images:The App does not collect, store, or process any photographs or images. There is no photo upload functionality in Dad & Baby.
  • Biometric data: We do not collect fingerprints, facial recognition data, or any other biometric information.
  • Payment card details: All subscription payments are processed by Apple (App Store) or Google (Play Store). We never see or store your payment card information.
  • Precise location data: We do not track your location. Any Google Places API queries (e.g. for nearby services) are processed by Google and are not stored by us.

4. How We Use Your Data

We use your personal data for the following purposes:

  • Provide core app functionality: Delivering week-by-week pregnancy content, daily baby tracking, NHS child health tools, checklists, and features that require your data to work.
  • Personalise content: Tailoring pregnancy guidance and tips based on your due date and stage.
  • Send push notifications: Delivering weekly pregnancy tips and important updates (with your consent).
  • Moderate forum content: Reviewing community posts via AI screening (OpenAI) and human review to maintain a safe environment.
  • Process account deletion requests: Fulfilling your right to erasure when you request account deletion.

5. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract (Article 6(1)(b) UK GDPR): Processing necessary to provide you with the Service you have signed up for. Core features such as pregnancy tracking, checklists, birth planning, and the contraction timer require your data to function.
  • Consent (Article 6(1)(a) UK GDPR): Where you have given explicit consent, including push notifications, forum posting, and advertising cookies (Google AdSense).
  • Legitimate Interests (Article 6(1)(f) UK GDPR): App improvement, performance monitoring, and security. We have balanced our interests against your rights and do not believe this processing overrides your privacy.

6. Data Processors

We use the following third-party data processors to operate the Service:

  • Supabase: Database hosting and backend infrastructure. Data is stored in the EU region.
  • Vercel: Web hosting and application delivery. Based in the US with Standard Contractual Clauses in place.
  • Resend: Transactional email delivery (e.g. magic link authentication emails).
  • Google: AdSense advertising (loaded only with your cookie consent) and Maps/Places API for location-based features.
  • OpenAI: Content moderation only. Forum post text is analysed for safety purposes. Content is processed transiently and is not stored by OpenAI.
  • Apple / Google: Subscription management for DadPro via the App Store and Google Play Store respectively.

7. Data Sharing

We do NOT sell your personal data. We never have and we never will.

We share your data only with the data processors listed in Section 6 above, and only to the extent necessary to provide the Service.

We may disclose your personal data if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or safety, or prevent fraud.

8. Data Retention

  • Account data: Retained for as long as your account is active.
  • Account deletion: When you request account deletion (via the app or by emailing us), your personal data is deleted within 72 hours.
  • Forum posts: On account deletion, forum posts are anonymised (not deleted) to preserve the continuity of community conversations. No personally identifiable information remains associated with anonymised posts.
  • Push notification tokens: Deleted immediately upon account deletion.

9. Children's Data

Dad & Baby collects data about children (names, dates of birth, gender, growth measurements, immunisation records, developmental milestones, sleep patterns, feeding records, and health data) as entered by adult parents and guardians. This data is used to personalise pregnancy content, milestones, and post-birth tracking features.

We do not collect data from children. No child under the age of 18 can create an account with Dad & Baby. The Service is designed for use by adult parents and expectant parents only.

10. Cookies & Tracking

We use the following cookies:

  • Essential cookies: Authentication session cookies that keep you signed in. These are strictly necessary for the Service to function and do not require consent.
  • Advertising cookies: Google AdSense cookies, used to serve relevant advertisements and support our free service. These are loaded only with your explicit consent via our cookie consent banner.

We do not use any other tracking, analytics, or third-party cookies.

11. International Transfers

Some of our data processors are located outside the UK. We ensure appropriate safeguards are in place for all international transfers:

  • Supabase: EU region — covered by the UK adequacy decision for the EU.
  • Vercel: US — Standard Contractual Clauses (SCCs) in place.
  • Google: US — adequate safeguards including SCCs.
  • OpenAI: US — data is processed transiently for content moderation only and is not stored.

12. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure:Request deletion of your personal data. You can do this directly in the app (Settings > Delete Account) or by emailing us.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at privacy@dadandbaby.co.uk. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Row-level security: Database-level access controls ensure users can only access their own data.
  • Secure authentication: Passwordless magic link authentication reduces the risk of credential theft.
  • Regular security audits: We regularly review and improve our security practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via an in-app notification and/or by email. Your continued use of the Service after notification of changes constitutes acceptance of the updated policy.

15. Contact

For any questions about this Privacy Policy or your personal data, contact us at:

Privacy enquiries: privacy@dadandbaby.co.uk

General enquiries: hello@dadandbaby.co.uk