Your family's data is private, encrypted, and never sold. This policy explains what we collect, why we collect it, and how you stay in control.
1. Who We Are
Covely is a baby and child care coordination app operated by Covely ("we", "us", "our"). We serve users globally, including in the United States, the European Union, and the United Kingdom. We are subject to applicable privacy laws including the General Data Protection Regulation (GDPR), the UK GDPR, and US state privacy laws including the California Consumer Privacy Act (CCPA) where applicable.
For any privacy questions, contact us at: [email protected]
2. What Data We Collect
Account information
- Your name and email address, provided when you create an account.
Child profile information
- Your child's name and date of birth, entered by you to set up a child profile. This information is optional and can be omitted or removed at any time.
Care event data
- Logs you and your caregivers create within the app: feeds, sleep, nappy changes, medication, temperature, tummy time, activities, milestones, and growth records.
- Timestamps, notes, and caregiver attribution attached to those logs.
Profile photos
- Profile photos you choose to upload for your account or a child profile. Photos are stored securely and are never shared outside your care team.
Device and usage information
- Basic technical data needed to operate the app (device type, operating system version, app version). We do not use third-party analytics or advertising SDKs.
3. Why We Collect It (Legal Bases)
- To provide the service — account data and care logs are necessary to deliver Covely's core features. Legal basis: performance of a contract.
- To send transactional emails — we send account verification and caregiver invite emails. Legal basis: performance of a contract.
- To process your subscription — payment processing requires sharing limited billing data with our payments provider. Legal basis: performance of a contract.
- To comply with legal obligations — we may retain certain records where required by law. Legal basis: legal obligation.
We do not use your data for advertising, profiling, or any purpose beyond operating and improving Covely.
4. Who We Share Data With
We use the following third-party processors to operate Covely. Each processes only the minimum data required for their function and is bound by a data processing agreement.
- Supabase (supabase.com) — database and authentication infrastructure. Your account data and care logs are stored on Supabase servers.
- Resend (resend.com) — transactional email delivery. Used to send account verification and caregiver invite emails.
- RevenueCat (revenuecat.com) — subscription and in-app purchase management. Processes payment-related data via the Apple App Store.
We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers.
5. Data Storage and Security
Your data is stored on encrypted infrastructure provided by Supabase. Data is encrypted at rest and in transit. Access to production data is restricted and logged.
Care event data shared within your care team (parents, nannies, grandparents) is visible only to members of that team. No one outside your care team can access your family's data.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data and care logs associated with your account are permanently deleted within 30 days.
You can delete your account at any time from Settings > Privacy > Delete Account within the app.
7. Children's Privacy
Covely is designed for use by adults (parents and caregivers) to coordinate the care of young children. We do not knowingly collect personal data directly from children. The child profile data entered into the app (name, date of birth, care logs) is entered by an adult caregiver and is treated with the highest level of care and confidentiality.
If you believe we have inadvertently collected data about a child without appropriate parental consent, please contact us at [email protected] and we will delete it promptly.
8. Your Privacy Rights
EU and UK users (GDPR / UK GDPR)
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your personal data. You can also do this directly in the app via Settings > Privacy > Delete Account.
- Restriction — ask us to restrict processing of your data in certain circumstances.
- Portability — request your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
US users (CCPA and applicable state laws)
- Know — request disclosure of the personal information we collect, use, and share.
- Delete — request deletion of your personal information, subject to certain exceptions.
- Correct — request correction of inaccurate personal information.
- Opt out of sale — we do not sell or share personal information for cross-context behavioural advertising. No opt-out is required.
- Non-discrimination — we will not discriminate against you for exercising any of your privacy rights.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
EU and UK users have the right to lodge a complaint with your local data protection authority. In the EU, find your authority at edpb.europa.eu. In the UK, contact the ICO at ico.org.uk.
9. Cookies and Tracking
The Covely mobile app does not use cookies. We do not use any third-party tracking, advertising, or analytics SDKs within the app.
10. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you within the app before the changes take effect. The date at the top of this page always reflects the most recent version.
11. Contact
For any privacy-related questions or requests:
Covely
Email: [email protected]