Privacy Policy

Effective date: 30 June 2026 · Last updated: 12 July 2026

diapr.ai is local-first. By default, everything you log (diapers, feeds, sleep, growth, notes, and photos) stays on your device. Cloud features (an account, cross-device sync, photo backup) are optional and off until you turn them on. We do not sell your care data or your child's information, show no ads in the app, and never use your child's information to train public AI models.

This Privacy Policy explains how diapr.ai (“we”, “us”, “our”), based in Whitby, Ontario, Canada, which operates the diapr.ai apps and website (together, the “Service”), handles personal information. It applies to the diapr.ai web app, iOS app, Android app, and the diapr.ai website. It does not apply to third-party services we link to, which have their own policies.

In this policy, “you” means the adult account holder or caregiver who uses diapr.ai, and “child” means the infant or child whose care you record.

Contents

1. A note on whose data this is

diapr.ai is intended only for use by adults: parents, legal guardians, and authorized caregivers. It is not directed to children and is not intended for use by anyone under 18. The care information in the app is about a child but entered by you, the adult. The child is a subject of the data, not a user of the Service.

By using diapr.ai, you represent and warrant that you are the parent or legal guardian of, or otherwise have lawful authority to record and process the information of, the child(ren) whose data you enter, and that you have obtained any consent required under applicable law.

2. Information we collect

We collect the minimum necessary to run the features you actually use. Most of it never leaves your device.

CategoryExamplesWhere it lives
Care logs you enterDiaper changes, feeding, sleep, pumping, growth measurements, medications, temperature, free-text notesOn your device by default; in your private cloud store only if you enable sync
Child profileChild's first name or nickname and date of birthSame as above
Moments (photos)Photos you attach to a momentOn your device; backed up to Google Cloud Storage only on a paid plan with backup enabled (private, encrypted, access via short-lived signed links)
Account dataEmail address and a user ID, from Google or Apple sign-in via Firebase AuthenticationCloud (needed to have an account)
Billing dataA Stripe customer ID and your plan tier onlyCloud. Full payment and card details are handled by Stripe / the app stores and are never received or stored by us.
Limited technical dataApp version, device/OS type, and (on our servers, when you use cloud features) request metadata such as IP address and timestamps, kept briefly for security and reliabilityServer logs (short-lived)
AI assistant & Insights dataWhen you use the AI assistant (opt-in): the messages you type or dictate, plus your child's profile (including name, date of birth, age), recent care logs including your free-text notes, patterns and growth, and your plan tier and timezone. For AI Insights (on by default, opt-out): the same kinds of care data, but with your child's name removed and replaced by “your baby” before anything is sentSent to our AI provider (Anthropic) only when these features run; the assistant conversation itself stays on your device (see sections 3 and 5)
Voice dictation (optional)If you dictate to the assistant, the microphone audio while you speakConverted to text by your device's own speech recognizer (Apple on iOS, Google on Android); diapr's servers never receive the audio, only the text you then choose to send
Referral dataYour referral code, the referrer and referee family IDs, and redemption records when you invite a friend or redeem an inviteCloud (needed to grant the free month and track rewards)

Just as important is what we do not collect:

3. How we use information

We use information only to provide and protect the Service:

Three features are powered by AI and, when you use them, send data to our AI provider Anthropic (Section 5). Each is governed by an in-app consent you control:

Our promises

4. When data leaves your device: sharing and disclosure

Because diapr.ai is local-first, in the default configuration your care logs never leave your device. When you enable cloud features, we share personal information only in these limited cases:

Beyond the cases above and the consent-gated marketing-website advertising described in Section 11, we do not otherwise share your information. No ad network or data broker ever receives your care data or your child's information.

5. Service providers (sub-processors)

We rely on a small number of trusted providers to run optional cloud features. Each is bound by a data-processing agreement to process data only on our instructions, keep it confidential, apply appropriate security, and report incidents.

6. Health-related and sensitive data

Some of what you record (feeding, medications, temperature, growth, notes, and photos) may be considered health-related or sensitive under laws such as Canada's PIPEDA (and Quebec's Law 25), the EU/UK GDPR, and the California Consumer Privacy Act (as amended). We treat it with heightened care:

HIPAA does not apply. diapr.ai is a consumer product. We are not a HIPAA covered entity or business associate, and HIPAA does not apply to your use of the Service. If your situation requires HIPAA compliance, diapr.ai is not suitable for that use. diapr.ai is also not a medical device and does not provide medical advice (see our Terms of Service).

7. Data retention and deletion

8. Your rights and choices

Depending on where you live, you may have rights under Canada's PIPEDA (and Quebec's Law 25), the GDPR/UK GDPR, the CCPA/CPRA, and similar laws, including the right to:

To exercise these rights, use the in-app export and delete controls, or email us at [email protected]. We will respond within the timeframes required by applicable law. If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

You also control the optional AI and connected-app features directly:

9. Security

We protect cloud data with encryption in transit (TLS 1.2 or higher) and encryption at rest (AES-256, as provided by Google Cloud), access controls and least-privilege practices, and short-lived signed links for photos.

No system is perfectly secure. No method of storage or transmission is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify affected users and any required authorities without undue delay, and within 72 hours where required by law. Because diapr.ai is local-first, much of your data lives on your device. Keeping your device secure and backed up is your responsibility (see the Terms of Service).

10. International data transfers

We are based in Canada, and our optional cloud features are provided by Google (Firebase / Google Cloud) and Stripe, and (for AI features) by Anthropic in the United States, whose infrastructure may process data in the United States or other countries. Where personal data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses for users in the EU/UK, and comparable contractual protections and accountability measures required under Canada's PIPEDA) in each case as required by applicable law.

If you authorize an external AI app (ChatGPT by OpenAI, or Claude by Anthropic), that app processes your data in the United States or elsewhere under its own privacy policy and safeguards, which are outside our control.

11. Local storage, cookies, analytics and advertising

The apps use your device's local storage (such as the browser's local storage) to make the local-first model work. This is functional, not tracking.

We use Google Analytics (Google Analytics for Firebase in the diapr.ai iOS and Android apps, and Google Analytics on the diapr.ai marketing website) to understand aggregate, non-personal usage, such as how features and pages are used and how many people visit. This processes usage data (for example, a truncated IP address, device and app/browser type, screens or pages viewed, and a resettable app-instance identifier) on Google's infrastructure acting as our processor. We never include your care logs, Moments, or your child's information in this analytics.

Advertising. Our Google Analytics keeps all advertising signals (ad storage, ad user data, ad personalization) disabled, in the apps and on the website alike, so GA is never used for ads. The apps additionally show no ads, include no ad-network SDKs, and do not collect the Android Advertising ID or Apple's IDFA at all (they are built without advertising-identifier support), and we never use your in-app activity for remarketing or cross-context behavioral advertising. On the marketing website only, and only if you accept advertising cookies, we use the Meta (Facebook) Pixel to measure how well our ads perform and to reach people who have visited diapr.ai; when loaded it sets cookies and sends Meta your visit (such as the page viewed, browser and device type, and a pseudonymous identifier) as an independent controller under Meta's Privacy Policy. It never receives your care logs, Moments, or your child's information, none of which exist on the website. If you decline, the Pixel never loads.

Your choices. On the website, analytics and advertising cookies default to declined; the site works fully without them, and (where applicable) we honor recognized opt-out signals such as Global Privacy Control. You can change your choice at any time by clearing the diapr.ai site data, and you can manage ad personalization in your Meta ad preferences. In the apps, analytics carries only coarse, non-identifying usage signals; if you'd like to object to analytics processing, contact us at [email protected] and we will honor it. You can also review Google's Privacy Policy for how Google handles data it processes for us.

12. Changes to this policy

We may update this policy from time to time. We will post the new version here with an updated date, and for material changes to how we handle your data we will give notice by email or in-app at least 30 days before the change takes effect, and obtain fresh consent where the law requires it. If you continue to use the Service after a change takes effect, you accept the updated policy; otherwise you may stop using the Service and delete your account.

13. How to contact us

diapr.ai
31 Baldwin St N, Whitby, Ontario L1M0A7, Canada
Privacy: [email protected]
General support: [email protected]

This policy is provided in good faith and describes our current practices. It is not legal advice. We recommend keeping your app updated so the features described here match what you see.