1. Overview & Purpose

Emshu Baby is a family-focused health tracking application designed to help parents and caregivers monitor their child's daily activities, growth, health metrics, and wellness. This app is owned and operated by Dhamija Solutions LLC.

This Privacy Policy explains how we collect, use, store, protect, and manage your information when you use our application. Please read this policy carefully. By using Emshu Baby, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account & Family Information

• Account Information: Email address, encrypted password, and family name when creating your account
• Family Member Information: Email addresses of family members you invite to share access to your family's data

2.2 Sensitive Health & Activity Data

The following sensitive health data is collected with your explicit consent:

• Child Demographic Information: Child's name, date of birth, biological sex
• Vaccination Records: Dates and types of vaccinations administered (e.g., birth dose vaccines, routine immunizations)
• Growth Measurements: Birth weight, birth length, weight measurements, length/height measurements, and growth patterns
• Age Tracking: Child's age used for developmental milestones and growth chart references
• Feeding Information: Nursing times, bottle feeding times, pumping sessions, solid food introduction dates, and feeding duration
• Sleep Information: Sleep duration, sleep times, and nap schedules
• Diaper Information: Diaper change frequency, diaper type (wet, poopy, mixed)
• Health Events: Temperature readings, medication administration dates and types, illness episodes
• Developmental Milestones: Recorded achievements and developmental progress
• Allergen Exposure: Allergen introduction dates, types, and recorded reactions
• Bath Events: Bath times and bathing patterns
• Notes & Observations: Optional notes and descriptions you add regarding health events or observations

2.3 Information Collected Automatically

• Crash Reports & Error Logs: Non-identifiable crash data and error logs to help us improve app stability and performance
• Device Information: Device type (iPhone model), iOS version, and app version
• Usage Analytics: Aggregated features used, frequency of use, and general usage patterns (anonymized and not personally identifiable)
• Timestamps & Synchronization Data: Server timestamps for data synchronization across devices

2.4 Optional Calendar Integration

If you enable calendar export features, certain health events (sleep, feeding times, vaccination dates) may be synced to your iOS Calendar application. This feature is entirely optional and controlled by you through the Settings tab.

3. How We Use Your Information

Permitted Uses

• Provide, maintain, and improve the Emshu Baby application
• Store and display your child's health events and growth metrics
• Enable secure family collaboration and data sharing
• Generate health reports and export data (PDF, CSV formats)
• Export events to your iOS Calendar (if enabled)
• Analyze crash reports and usage patterns (aggregated, non-identifiable) to improve app stability
• Communicate with you regarding your account or app updates
• Comply with legal obligations and enforce our Terms of Service

Prohibited Uses

• Sell your data to third parties
• Share your data with advertisers or marketing companies
• Use your data for behavioral advertising purposes
• Share your data with insurance companies without explicit consent
• Share your data with data brokers or aggregators
• Use your data for purposes other than those stated in this policy

4. Data Storage, Security & Infrastructure

4.1 Backend Infrastructure

We use Google Firebase (Firestore database) to securely store and synchronize your data across devices. Firebase is an industry-leading, secure backend service trusted by millions of applications worldwide.

• Encryption in Transit: All data transmitted between your device and servers is encrypted using TLS/SSL protocols (TLS 1.2 or higher)
• Encryption at Rest: All data stored on servers is encrypted using AES-256 encryption
• Google Infrastructure: Google maintains SOC 2 Type II certification and offers HIPAA compliance capabilities
• Authentication: Firebase Authentication with secure password hashing using industry-standard algorithms

4.2 Local Device Storage

Emshu Baby supports offline-first functionality, which means:

• Your health data is cached locally on your device when the app has internet connectivity
• Data synchronizes to servers when internet connectivity is restored
• Local cache is encrypted on your device using platform-standard encryption
• You can view your data even when offline

4.3 Data Retention & Deletion

• Active Accounts: Data is retained for as long as your account remains active
• Account Deletion: When you delete your account from the Settings tab, all associated data (family records, child information, health events, and family member access) is permanently deleted from our servers within 30 days. This action is irreversible.
• Local Device Data: When you uninstall the app from your device, all locally cached app data is removed from your device

4.4 Data Breach Notification

In the unlikely event of a confirmed data breach, we will notify affected users within 72 hours (or as otherwise required by applicable law) with details regarding:

• What information was potentially affected
• Steps we are taking to secure your data
• Recommended protective measures you can take
• Contact information for more details

5. Data Sharing & Third Parties

5.1 Family Sharing

Emshu Baby allows you to invite other family members to access your child's data. When you share your family with another person:

• They receive the access level you grant them (view-only, edit permissions, etc.)
• They can see all health events and growth data for your child(ren)
• You retain full control and can remove their access at any time by deleting them from your family
• All family data access is logged for security purposes

5.2 Third-Party Services We Use

We use the following third-party services, which maintain their own privacy policies:

Important: We do NOT share your personal health data with these third-party services. They only process what is absolutely necessary to provide their services (e.g., Firebase encrypts and stores your data; Apple processes app downloads and in-app purchases).

5.3 Data We DO NOT Share

• Sell your data to third parties for any reason
• Share your data with advertisers or marketing companies
• Share your data with data brokers or aggregators
• Use your data for behavioral advertising purposes
• Share your data with insurance companies without your explicit written consent
• Use your data for profiling or decision-making that could affect your services
• Share your data for medical research without explicit opt-in consent

6. Your Privacy Rights & Controls

6.1 In-App Privacy Controls

• View all of your child's health data in the app
• Edit or delete individual health events
• Export your complete data as PDF or CSV files for personal backup
• Manage family member access and permissions
• Enable/disable calendar export features
• Delete your entire account and all associated data from the Settings tab

6.2 Account Deletion

You can delete your account and all associated data at any time from the Settings tab in the app. This action is permanent and irreversible and will immediately remove:

• Your account information (email, profile data)
• All child records and health data
• All family member access to your data
• All exported reports and backups linked to your account

If you delete your account, we will permanently remove all data from our servers within 30 days.

7. GDPR Compliance (EU, EEA & UK Residents)

7.1 Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to provide the service you signed up for under our Terms of Service
• Legitimate Interest: Improving app stability, security, and functionality (crash analytics, non-identifiable)
• Legal Obligation: Complying with applicable laws and regulations
• Consent: For any optional features or data processing requiring explicit consent

7.2 Your GDPR Rights

As a resident of the EU, EEA, or UK, you have the following rights under GDPR:

7.3 Data Subject Rights Requests

To exercise any of these rights, please contact us at:

8. CCPA/CPRA Compliance (California Residents)

8.1 Notice of Collection

In accordance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we inform you that in the past 12 months, we have collected the following categories of personal information:

• Identifiers: Email address, user ID, IP address
• Sensitive Personal Information: Health data (vaccination records, weight/length measurements, temperature, feeding patterns, medications)
• Device/Usage Data: Device type, iOS version, app version, crash reports, anonymized analytics

8.2 NO SALE OR SHARING OF PERSONAL INFORMATION

8.3 Sensitive Personal Information

We collect sensitive personal information including health data (vaccination records, growth measurements, temperature readings, medication administration, feeding patterns). Under CCPA/CPRA, you have the right to:

• Limit Use of Sensitive Data: Request that we limit our use of sensitive personal information to only what is necessary to perform the services you explicitly requested
• Right to Know: Request access to sensitive health data we've collected
• Right to Delete: Request deletion of sensitive health data

8.4 California Consumer Rights

If you are a California resident, you have the following rights under CCPA/CPRA:

• Right to Know: Request what personal information we collect, use, or disclose about you
• Right to Delete: Request deletion of collected personal information (subject to certain exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use: Request that we limit use of sensitive personal information to only necessary purposes
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide different quality of service based on your exercise of privacy rights

8.5 Submitting a CCPA/CPRA Request

To submit a data access, deletion, correction, or limit-use request, please contact:

9. Children's Privacy (COPPA Compliance)

9.1 Emshu Baby is for Parents & Guardians Only

Emshu Baby is NOT designed for children under 13 to use directly. This application is designed exclusively for use by parents, guardians, and caregivers to track their children's health and development.

9.2 How We Collect Children's Data

• We do NOT knowingly collect personal information directly from children under 13
• All health information about minor children (under 18) is provided by their parent or legal guardian through the parent's authenticated account
• Parents retain complete control over what information is entered about their child
• Parental consent is implicit when a parent creates an account and enters their child's information

9.3 Parental Controls & Rights

• Parents have full control over which family members can access their child's data
• Parents can edit or delete any of their child's data at any time
• Parents can delete their entire account and remove all child data permanently
• Parents can revoke family member access to their child's information at any time

9.4 COPPA Compliance

Emshu Baby complies with the Children's Online Privacy Protection Act (COPPA) by:

• Not collecting information from children under 13 directly
• Only collecting child information through parent/guardian accounts
• Providing parental access and control over all child data
• Requiring parental authentication for all account actions

10. International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence, potentially including the United States. By using Emshu Baby, you consent to the transfer of your information to countries outside your country of residence in accordance with this Privacy Policy and applicable laws.

For EU/EEA Residents: We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) as approved by the European Commission to protect international data transfers. Google Firebase is certified under the Data Privacy Framework and Standard Contractual Clauses.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes to this policy, we will:

• Post the updated Privacy Policy in the app and on this page
• Update the "Last Updated" date at the top of this policy
• Request your consent to significant changes (where required by law)

Your continued use of Emshu Baby after changes become effective constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Additional Privacy Resources

• For EU Residents: You may also lodge a complaint with your local Data Protection Authority
• For California Residents: You may file a complaint with the California Attorney General's office
• General Inquiries: Contact us at the email address above