Privacy Policy
Effective date: December 2024 • Version: 1.1
Controller: Fobia d.o.o. ("we", "us", "our")
Registered address: Kekčeva ulica 12, 1000 Ljubljana, Slovenia
Email: info@fobia.si
We operate in the EU and process personal data in accordance with the EU/EEA General Data Protection Regulation (GDPR).
Important: SnooBu is intended for use by adult caregivers to record information about their children. It does not provide medical advice, diagnosis, or treatment. Always seek the advice of a qualified health professional with any questions regarding a medical condition.
Data We Collect
Account & identity
- Name or display name; email address; password hash; authentication tokens.
Baby profile & health logs (user-entered)
- Baby name or nickname; date of birth; biological sex; photos (optional).
- Sleep logs (start/end times, naps, durations, wake windows).
- Feeding logs (breast/bottle/solid), timestamps, amounts, optional notes.
- Diaper logs (wet/dirty/both), timestamps, optional notes.
- Temperature readings and optional symptom notes.
- Medications (name, dose, time, notes).
- Growth (weight, height, head circumference).
- Moods (e.g., happy, fussy) and daily notes.
- Doctor visits and vaccine status/details.
- Shared profiles (if you accept a share invite, you can view/edit the shared baby’s logs as allowed).
Derived insights (optional, server-generated)
- Sleep and routine predictions, pattern summaries, and insights based on your entries.
Device & technical
- App version, OS, language, timezone, general region/IP, push notification tokens (to deliver notifications).
Support & feedback
- Messages you send us, attachments, bug reports, feature requests.
Note on sensitivity: Logs may include health information about a child. Under GDPR this can be “special category” data. We process such data only with your explicit consent and for the purposes you choose (see Legal Bases).
Why We Process Data (Purposes & Legal Bases)
- Provide and improve the App — Account management, sync/backup, multi-device access, reminders, predictions, troubleshooting, safety/security.
 Legal bases: performance of contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)).
- Process baby logs and health entries (you choose what to record)
 Legal bases: your explicit consent (Arts. 6(1)(a) & 9(2)(a)); you can withdraw consent at any time from in-app settings or by contacting us (withdrawal doesn’t affect prior lawful processing).
- Communications — Service emails, critical alerts, and important changes to the app.
 Legal bases: contract (b), legitimate interests (f).
- Payments/subscriptions (if applicable) — Order management, billing, receipts, tax/accounting.
 Legal basis: legal obligation (c), performance of contract (b).
- Diagnostics & crash reporting — Stability, reliability, security (e.g., crash and performance logs).
 Legal basis: legitimate interests (f).
- Optional usage analytics (if enabled) — Improve UX and features. The app works without analytics.
 Legal basis: consent (a).
Sharing & Recipients (Processors)
We do not sell personal data. We share with service providers only to operate the App and under GDPR-compliant processing terms:
- Cloud database & authentication: Supabase (data hosting and sync).
- Error/crash reporting: Sentry (diagnostics, stability).
- App distribution/build services: Apple/Google/Expo (updates, push tokens, device compatibility).
- Payments (if subscriptions): Apple App Store / Google Play billing.
We will provide an up‑to‑date list of processors upon request (info@fobia.si). We do not use ad‑tech SDKs and do not share data for third‑party advertising or cross‑app tracking.
International Transfers
Data may be processed in the EU/EEA and, where necessary, outside the EEA (e.g., the United States). Where transfers occur, we apply appropriate safeguards, including the European Commission’s Standard Contractual Clauses and additional protective measures.
Retention
- Account/profile/logs: kept for the life of your account; deleted upon account deletion or request (subject to legal exemptions for billing/records).
- Crash/diagnostic logs: limited retention to support stability and security.
- Backups: limited duration, then securely overwritten.
Your Rights (GDPR)
You have the right to:
- Access, rectify, and erase your personal data.
- Restrict or object to processing, and to data portability.
- Withdraw consent at any time (does not affect prior lawful processing).
- Lodge a complaint with a supervisory authority in your EEA member state.
To exercise rights, contact info@fobia.si. In‑app, you may view, edit, delete entries, and delete your account.
Children’s Data
The App is intended for use by adult caregivers to track their child’s data. Account holders must be adults. We process children’s health data only under the caregiver’s explicit consent and instructions. If you believe a child under 13 created an account, contact us and we will promptly address it.
Security
We implement technical and organizational measures, including:
- TLS encryption in transit; encryption at rest where supported by providers.
- Role‑based access control and least‑privilege access.
- Row‑level security (RLS) in the database to ensure users can access only their own records (and explicitly accepted shared profiles).
- Auditing, backups, and vulnerability management.
No method is 100% secure; we continually improve safeguards.
Data Minimization & Control
- You choose what to record; you can delete entries and photos.
- You can stop using optional features (e.g., predictions, analytics).
- You can delete your account from settings or by contacting us.
Medical Disclaimer
The App provides organizational and informational tools only. It does not provide medical advice, diagnosis, or treatment. Always seek professional medical advice for healthcare decisions.
Changes to This Policy
We may update this Privacy Policy. We will notify you of material changes via email or in‑app notice. Continued use after the effective date constitutes acceptance.
Contact
Fobia d.o.o.
Kekčeva ulica 12, 1000 Ljubljana, Slovenia
Email: info@fobia.si
Summary for App Stores (Apple “App Privacy” / Google “Data Safety”)
- Data collected (linked to user): Account identifiers (email, user ID), baby profile & logs (sleep, feeding, diaper, temperature, medications, growth, mood, visits/vaccines), shared profiles, device push token, and optional photos. Crash diagnostics collected.
- Data sharing: Not sold. Shared only with processors (Supabase, Sentry, app distribution/push providers, and App Store/Play for payments) under processing agreements.
- Purposes: App functionality (core tracking, reminders, sync, predictions), diagnostics (stability), optional analytics (only with consent).
- Tracking/Advertising: No third‑party advertising; no cross‑app tracking.
- Security: Encrypted in transit; RLS and access controls; encryption at rest where supported.
- User control: View/edit/delete entries; delete account; withdraw consent; request export via support.
- Children’s data: App is used by adult caregivers; children cannot create accounts; special category data processed only with caregiver’s explicit consent.