Privacy Policy
Effective date: 30 June 2026 · Last updated: 12 July 2026
This Privacy Policy explains how diapr.ai (“we”, “us”, “our”), based in Whitby, Ontario, Canada, which operates the diapr.ai apps and website (together, the “Service”), handles personal information. It applies to the diapr.ai web app, iOS app, Android app, and the diapr.ai website. It does not apply to third-party services we link to, which have their own policies.
In this policy, “you” means the adult account holder or caregiver who uses diapr.ai, and “child” means the infant or child whose care you record.
- 1. A note on whose data this is
- 2. Information we collect
- 3. How we use information
- 4. When data leaves your device: sharing and disclosure
- 5. Service providers (sub-processors)
- 6. Health-related and sensitive data
- 7. Data retention and deletion
- 8. Your rights and choices
- 9. Security
- 10. International data transfers
- 11. Local storage, cookies, analytics and advertising
- 12. Changes to this policy
- 13. How to contact us
1. A note on whose data this is
diapr.ai is intended only for use by adults: parents, legal guardians, and authorized caregivers. It is not directed to children and is not intended for use by anyone under 18. The care information in the app is about a child but entered by you, the adult. The child is a subject of the data, not a user of the Service.
By using diapr.ai, you represent and warrant that you are the parent or legal guardian of, or otherwise have lawful authority to record and process the information of, the child(ren) whose data you enter, and that you have obtained any consent required under applicable law.
- We do not knowingly collect information directly from children.
- We do not build advertising or behavioral profiles of children, and we do not use children's information for advertising, tracking, or targeting.
- diapr.ai is an adult-directed service and is not a “child-directed” service under the U.S. Children's Online Privacy Protection Act (COPPA). If we learn we have inadvertently collected information directly from a child, we will delete it.
- Under Canada's federal privacy law (PIPEDA), a child's information is treated as sensitive and is processed on the basis of the consenting parent or guardian who holds the account, without child-directed profiling or tracking.
2. Information we collect
We collect the minimum necessary to run the features you actually use. Most of it never leaves your device.
| Category | Examples | Where it lives |
|---|---|---|
| Care logs you enter | Diaper changes, feeding, sleep, pumping, growth measurements, medications, temperature, free-text notes | On your device by default; in your private cloud store only if you enable sync |
| Child profile | Child's first name or nickname and date of birth | Same as above |
| Moments (photos) | Photos you attach to a moment | On your device; backed up to Google Cloud Storage only on a paid plan with backup enabled (private, encrypted, access via short-lived signed links) |
| Account data | Email address and a user ID, from Google or Apple sign-in via Firebase Authentication | Cloud (needed to have an account) |
| Billing data | A Stripe customer ID and your plan tier only | Cloud. Full payment and card details are handled by Stripe / the app stores and are never received or stored by us. |
| Limited technical data | App version, device/OS type, and (on our servers, when you use cloud features) request metadata such as IP address and timestamps, kept briefly for security and reliability | Server logs (short-lived) |
| AI assistant & Insights data | When you use the AI assistant (opt-in): the messages you type or dictate, plus your child's profile (including name, date of birth, age), recent care logs including your free-text notes, patterns and growth, and your plan tier and timezone. For AI Insights (on by default, opt-out): the same kinds of care data, but with your child's name removed and replaced by “your baby” before anything is sent | Sent to our AI provider (Anthropic) only when these features run; the assistant conversation itself stays on your device (see sections 3 and 5) |
| Voice dictation (optional) | If you dictate to the assistant, the microphone audio while you speak | Converted to text by your device's own speech recognizer (Apple on iOS, Google on Android); diapr's servers never receive the audio, only the text you then choose to send |
| Referral data | Your referral code, the referrer and referee family IDs, and redemption records when you invite a friend or redeem an invite | Cloud (needed to grant the free month and track rewards) |
Just as important is what we do not collect:
- The apps show no ads and include no ad-network SDKs. They do include Google Analytics for Firebase for usage analytics (also used, with our website, for our own marketing); see section 11.
- No precise GPS or location collection.
- No biometric data. If you use your device's fingerprint/face unlock, that happens entirely on your device and we never receive it.
- No contact-list or browsing-history collection.
3. How we use information
We use information only to provide and protect the Service:
- To provide the app's core, on-device functionality (logging, timelines, patterns, reminders).
- To sync your data across your own devices, only if you turn sync on.
- To back up your Moment photos, only on a paid plan with backup enabled.
- To authenticate your account and provide subscriptions and billing.
- To keep the Service secure, prevent fraud and abuse, and maintain reliability.
- To respond to your support requests.
- To comply with legal obligations.
- To improve the Service using aggregated or de-identified data only: information that no longer identifies you or your child.
- To power the optional AI features you turn on (the AI assistant, AI Insights, and engagement nudges), described in detail just below.
Three features are powered by AI and, when you use them, send data to our AI provider Anthropic (Section 5). Each is governed by an in-app consent you control:
- The AI assistant (Premium, opt-in): an in-app chat you can type or dictate to. When you use it, we send your messages and the family and care data it needs to answer (your child's profile, recent care logs including your free-text notes, patterns, growth, and your plan tier and timezone) to Anthropic. Your conversation history stays on your device; diapr's servers do not store it. The assistant can suggest care-log entries as approval cards, but nothing is written to your log until you confirm it.
- AI Insights (paid; on by default, opt-out): a nightly analysis that sends your family's real care data (usage summaries, growth, and your own free-text notes) to Anthropic with your child's name removed and replaced by “your baby.” The resulting insight cards are saved in your cloud account and refreshed on each run. Turning this off in Settings stops the processing and deletes the stored cards.
- Engagement nudges: short reminder push-notifications. These send only privacy-minimized, derived signals to Anthropic: never your child's real name, and no exact counts, clock times, or measurements, just coarse cues such as an age range, part of day, and rounded time since the last activity, used to draft the reminder text.
- We do not sell or rent your personal information or care data, and we do not share your care data, your child's information, or your account data with advertisers, data brokers, or marketers. The one advertising tool we use is the consent-gated Meta Pixel on our marketing website, which never receives any of that data (see section 11).
- We do not use your care logs, Moments, or your child's data to train public or third-party foundation AI models.
- We do not profile your child, and we never use your care data for advertising or ad targeting.
- AI features are governed by consent you control: the assistant is opt-in, AI Insights are on by default for paid plans, and each can be turned off in Settings. Our AI provider is contractually barred from using your data to train its models and retains it only briefly for safety and abuse monitoring; AI output is labeled as AI-generated.
4. When data leaves your device: sharing and disclosure
Because diapr.ai is local-first, in the default configuration your care logs never leave your device. When you enable cloud features, we share personal information only in these limited cases:
- Service providers (sub-processors) that run the optional cloud features, listed in Section 5.
- AI processing: when you use an AI feature (Section 3), the data it needs is processed by our AI provider Anthropic acting as a service provider on our instructions; see Section 5.
- Apps you connect, at your direction: you can use OAuth to authorize an external AI app, ChatGPT (OpenAI) or Claude (Anthropic), to reach the same family-data tools as the in-app assistant, so it can read your family data and propose approval-gated actions. This is user-initiated, requires Premium and your assistant consent, and you approve it on a consent screen that shows the app, redirect, and scopes; you can revoke access at any time. Once your data reaches a connected app it is handled under that app's own privacy policy, not ours. OpenAI, in particular, is a third party you choose to connect, not a diapr.ai sub-processor.
- Legal and safety disclosures: to comply with a valid legal request, enforce our terms, or protect the rights, property, or safety of any person, as required or permitted by law. Where we are legally able to, we will make reasonable efforts to notify you.
- Business transfers: if we are involved in a merger, acquisition, or sale of assets, information may transfer to the successor, which will be bound by a policy at least as protective as this one. We will notify you of any such change.
Beyond the cases above and the consent-gated marketing-website advertising described in Section 11, we do not otherwise share your information. No ad network or data broker ever receives your care data or your child's information.
5. Service providers (sub-processors)
We rely on a small number of trusted providers to run optional cloud features. Each is bound by a data-processing agreement to process data only on our instructions, keep it confidential, apply appropriate security, and report incidents.
- Google Firebase Authentication: sign-in; receives your email and user ID.
- Google Cloud Firestore: optional sync of your care logs across your own devices.
- Google Cloud Storage: optional Moment photo backup (paid plans); private and content-addressed, accessed only through short-lived signed links.
- Anthropic (Claude), United States, powers the optional AI assistant, AI Insights, and engagement nudges. Data is sent only when you use those features, and our API key is held server-side only. Anthropic is contractually prohibited from using your data to train its models and retains it only briefly for misuse and abuse monitoring.
- Stripe: subscription billing; processes your payment details under its own privacy policy. We hold only a customer ID and your plan tier.
- Apple Sign-In and Google Sign-In: authentication providers that receive minimal identifiers when you choose them.
- The Apple App Store and Google Play: process purchases you make through the app stores under their own terms.
6. Health-related and sensitive data
Some of what you record (feeding, medications, temperature, growth, notes, and photos) may be considered health-related or sensitive under laws such as Canada's PIPEDA (and Quebec's Law 25), the EU/UK GDPR, and the California Consumer Privacy Act (as amended). We treat it with heightened care:
- It is never sold, never shared with advertisers, and never used for profiling.
- It leaves your device only if you enable sync or backup, and only to the providers named in Section 5.
- It reaches our AI provider only when you turn on an AI feature and consent to it (Section 3), never for advertising or profiling.
- Voice dictation is not biometric. If you speak to the assistant, your device's own speech recognizer (Apple on iOS, Google on Android) converts the audio to text; this is transient dictation, not a voiceprint, and we neither create nor store any biometric identifier from your voice. diapr's servers never receive the audio, but because the recognizer is the platform's, the audio may be processed by Apple or Google under their own privacy policies. Only the resulting text, and only if you send it, reaches our AI provider.
7. Data retention and deletion
- Local device data: stays on your device, under your control, until you delete it or uninstall the app. Because we cannot see device-only data, we cannot delete it for you. Remove it in the app or by uninstalling.
- Synced care data: retained while your account is active and deleted within 30 days of account deletion or a deletion request.
- Moment photo backups: deleted within 30 days of a deletion request or account closure. You can export your data first.
- Account (Firebase Authentication): deleted when you delete your account, on Google's operational timelines.
- Billing records: retained by Stripe and by us as required for tax, accounting, and legal purposes for the period required by applicable law.
- AI assistant conversations: stored only on your device; diapr's servers do not keep your chat history. Clearing the conversation in the app removes it.
- AI Insight cards: saved in your cloud account, overwritten on each run, and deleted when you opt out of AI Insights.
- Connected-app access: the OAuth tokens for any external app you authorize are stored only in hashed form and are revocable by you at any time (access tokens are short-lived; refresh tokens last up to 30 days unless revoked sooner).
- Referral records: your referral code, the referrer/referee family IDs, and redemption records are kept while needed to grant and track rewards.
- De-identified or aggregated data: may be kept indefinitely, as it no longer identifies you.
8. Your rights and choices
Depending on where you live, you may have rights under Canada's PIPEDA (and Quebec's Law 25), the GDPR/UK GDPR, the CCPA/CPRA, and similar laws, including the right to:
- Access or receive a copy of your data, and port it (you can export your data in a common format from the app);
- Correct inaccurate data;
- Delete your data (“right to be forgotten” / erasure);
- Restrict or object to certain processing, and withdraw consent for optional features at any time by turning them off;
- Opt out of the “sale” or “sharing” of personal information: we do not sell your data, and the only advertising-related sharing is the consent-gated Meta Pixel on our marketing website (Section 11), which stays off unless you accept cookies and which you can turn off again as described there; we honor valid opt-out requests;
- Not be discriminated or retaliated against for exercising your rights;
- Lodge a complaint with your local data protection authority.
To exercise these rights, use the in-app export and delete controls, or email us at [email protected]. We will respond within the timeframes required by applicable law. If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
You also control the optional AI and connected-app features directly:
- AI assistant: turn it on or off, and withdraw your consent, in the app's Settings.
- AI Insights: opt out in Settings. This stops the nightly processing and deletes the stored insight cards.
- Connected apps: review and revoke any external app you have authorized at any time, which immediately ends its access.
- Microphone: voice dictation runs only while you are dictating; you can grant or revoke microphone permission in your device settings at any time.
9. Security
We protect cloud data with encryption in transit (TLS 1.2 or higher) and encryption at rest (AES-256, as provided by Google Cloud), access controls and least-privilege practices, and short-lived signed links for photos.
10. International data transfers
We are based in Canada, and our optional cloud features are provided by Google (Firebase / Google Cloud) and Stripe, and (for AI features) by Anthropic in the United States, whose infrastructure may process data in the United States or other countries. Where personal data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses for users in the EU/UK, and comparable contractual protections and accountability measures required under Canada's PIPEDA) in each case as required by applicable law.
If you authorize an external AI app (ChatGPT by OpenAI, or Claude by Anthropic), that app processes your data in the United States or elsewhere under its own privacy policy and safeguards, which are outside our control.
11. Local storage, cookies, analytics and advertising
The apps use your device's local storage (such as the browser's local storage) to make the local-first model work. This is functional, not tracking.
We use Google Analytics (Google Analytics for Firebase in the diapr.ai iOS and Android apps, and Google Analytics on the diapr.ai marketing website) to understand aggregate, non-personal usage, such as how features and pages are used and how many people visit. This processes usage data (for example, a truncated IP address, device and app/browser type, screens or pages viewed, and a resettable app-instance identifier) on Google's infrastructure acting as our processor. We never include your care logs, Moments, or your child's information in this analytics.
Advertising. Our Google Analytics keeps all advertising signals (ad storage, ad user data, ad personalization) disabled, in the apps and on the website alike, so GA is never used for ads. The apps additionally show no ads, include no ad-network SDKs, and do not collect the Android Advertising ID or Apple's IDFA at all (they are built without advertising-identifier support), and we never use your in-app activity for remarketing or cross-context behavioral advertising. On the marketing website only, and only if you accept advertising cookies, we use the Meta (Facebook) Pixel to measure how well our ads perform and to reach people who have visited diapr.ai; when loaded it sets cookies and sends Meta your visit (such as the page viewed, browser and device type, and a pseudonymous identifier) as an independent controller under Meta's Privacy Policy. It never receives your care logs, Moments, or your child's information, none of which exist on the website. If you decline, the Pixel never loads.
Your choices. On the website, analytics and advertising cookies default to declined; the site works fully without them, and (where applicable) we honor recognized opt-out signals such as Global Privacy Control. You can change your choice at any time by clearing the diapr.ai site data, and you can manage ad personalization in your Meta ad preferences. In the apps, analytics carries only coarse, non-identifying usage signals; if you'd like to object to analytics processing, contact us at [email protected] and we will honor it. You can also review Google's Privacy Policy for how Google handles data it processes for us.
12. Changes to this policy
We may update this policy from time to time. We will post the new version here with an updated date, and for material changes to how we handle your data we will give notice by email or in-app at least 30 days before the change takes effect, and obtain fresh consent where the law requires it. If you continue to use the Service after a change takes effect, you accept the updated policy; otherwise you may stop using the Service and delete your account.
13. How to contact us
diapr.ai
31 Baldwin St N, Whitby, Ontario L1M0A7, Canada
Privacy: [email protected]
General support: [email protected]
This policy is provided in good faith and describes our current practices. It is not legal advice. We recommend keeping your app updated so the features described here match what you see.