Privacy Policy

Last updated: June 8, 2026

1. Introduction

Kiddy ("we," "our," or "us") is an iOS app for browsing U.S. baby-name data and building shared name lists with a partner. This Privacy Policy explains what data we collect, what we don't, and how the data you do create inside the app flows between your device and our backend (Firebase).

We've tried to write this honestly. Kiddy is built by one developer and runs on a small, ordinary set of services. There are no ads, no cross-app tracking, and your lists are private to your account.

2. How Your Data Flows

Understanding the data flow is the clearest way to understand our privacy model:

Device ↔ Firebase (your private vault): Your account, your lists, the names you favorite, and the searches you save are stored in Google Firebase under your user ID. Each list lives in its own Firestore document, with items stored in a subcollection. Lists you own are readable only by you and the people you explicitly invite. Saved searches and favorites are visible only to you.
Device ↔ Firebase Storage (profile photo): If you choose a profile picture, the app uploads that one image to Firebase Storage under your user ID. It is stored so that the partners you share lists with can see your photo next to your name. You can change or remove it at any time from Edit profile, and it is deleted when you delete your account. If you never set a photo, nothing is stored here.
Device ↔ Cloud Functions (the only server-side logic we run): A small set of Firebase Cloud Functions handles the things that need server authority: bootstrapping your user document on first sign-in, looking up another user by invite code, sending and accepting list invites, changing a member's role on a list, and deleting your account when you ask us to. Every function checks your Firebase ID token before running.
Device ↔ Apple / Google (sign-in): If you sign in with Apple or Google, the provider handles authentication and returns a token to Firebase Auth. We never see your Apple or Google password.
Device ↔ RevenueCat ↔ Apple: When you subscribe to Baby Names+, the purchase is processed by Apple. RevenueCat sits between the app and Apple to tell us whether your subscription is active. RevenueCat receives an anonymous user ID we generate for you and the receipt data Apple returns. We never see your Apple ID or payment method.
Device ↔ PostHog (product analytics):The app sends anonymous behavioral events to PostHog (e.g. "list_created," "name_favorited," "paywall_shown," "subscription_purchased") keyed to your Firebase user ID, so we can understand which parts of the app work and which don't. The actual names you favorite or save to lists, and the contents of your saved searches, are never sent to PostHog. Session recording / replay is explicitly disabled.
Device ↔ Apple Push Notification service: If you allow notifications, the app registers a push token with Firebase via a Cloud Function. We send pushes only for the events you have toggled on (currently: a weekly featured name and partner activity on shared lists). You can switch them off in Settings at any time.

3. Information We Collect

Account information

Email address (if you sign up with email or Google; Apple may relay a private email)
A Firebase Authentication user ID (UID), generated when you sign up
A short invite code generated for you so partners can find you
The sign-in provider you used (Apple, Google, or email)
Display name (supplied by your sign-in provider, or one you set in Edit profile)
A profile photo, if you choose to add one (stored in Firebase Storage, visible to partners on your shared lists)

Preferences (all optional)

Your gender preference for which names to show (boys, girls, all, or surprise)
Notification preferences (weekly featured name, partner activity)
Whether haptic feedback is enabled (stored on-device only)

Content you create

Name lists you own, with their names and the votes (thumbs up/down) you and your members add
Lists you join as a member, including your role (editor or viewer) and votes
Pending and historical invites you've sent or received
Saved searches (the filters and sort order you saved, plus a name you gave them)
Favorited names, stored on-device and synced under your account

This content is stored only under your account in Firestore. People you invite to a list can see that list. No one else can.

Subscription state

Whether your Kiddy+ entitlement is active (true/false), as reported by RevenueCat / Apple

Push notification token

A platform-specific push token issued by Apple, stored on your Firestore user document so we can deliver the notifications you opted in to

Product analytics (PostHog, anonymous behavioral events)

Event names like "list_created," "name_favorited," "search_saved," "paywall_shown," "subscription_purchased," tied to your Firebase user ID
Coarse metadata such as which paywall trigger fired (e.g. "lists_limit"), the sort key you used, or how many filters were active
Crash and error reports from the app, without the content of what triggered them

The actual names you favorite or save to lists, and the contents of your saved searches, are never sent to PostHog. Session recording / replay is disabled.

What we do NOT collect

No advertising identifier (no IDFA, no IDFV-based tracking)
No location data, contacts, calendar, microphone, or sensor data
No third-party ad networks, ad SDKs, or retargeting trackers
No cross-app or cross-site tracking of any kind
No content of your lists or saved searches sent to PostHog (only event names and the metadata listed above)
No session recording or screen replay

4. Tracking & Advertising

Kiddy does nottrack you across other companies' apps or websites. We do not participate in ad networks, retargeting, or audience-building of any kind. We do not use Apple's IDFA (Identifier for Advertisers). Accordingly, the App does not present an App Tracking Transparency (ATT) prompt because no cross-app or cross-site tracking occurs.

5. Third-Party Services

The App relies on the following services, each with their own privacy policies:

Google Firebase(Authentication, Firestore, Cloud Functions, Storage): hosts your account, lists, invites, and your profile photo (if you set one). Data is stored in Google Cloud's us-central1 region.
Apple: handles Sign in with Apple, App Store distribution, and Kiddy+ in-app subscription billing.
Google Identity: handles Sign in with Google.
RevenueCat: reports your Kiddy+ subscription status (active/expired) to the app and to our backend. RevenueCat receives an anonymous user identifier we generate and the receipt data Apple returns. RevenueCat processes data in the United States.
PostHog: product analytics. Receives anonymous behavioral events keyed to your Firebase user ID. Hosted at us.i.posthog.com (United States). Session recording is disabled.
Apple Push Notification service: delivers the notifications you opted in to. Only the push token is involved, not the contents of your lists.

6. Camera Permission

Kiddy requests permission to use your camera so you can scan a partner's invite QR code from inside the app. The camera is only accessed while the QR scanner is open and never used for anything else. Camera frames are processed on-device and not stored.

Kiddy also requests permission to access your photo library, but only when you tap to choose a profile picture. We read just the single image you pick (cropped on-device before upload); we never browse, scan, or upload the rest of your library.

7. Source of the Name Data

Kiddy ships with a curated dataset built from the U.S. Social Security Administration's annual baby-name release, joined with Wikidata for cultural origin, etymology, and meaning. This dataset is public, anonymous, and bundled with the app. It contains aggregate counts of how many babies were given each name in each year, never the names of individual people.

8. Data Retention & Deletion

Your lists, favorites, and saved searches live in your account indefinitely so you can come back to them. You can delete any individual list, item, saved search, or favorite at any time from inside the app.

You can also delete your entire account from Settings → Delete my account. This triggers a Cloud Function that:

Deletes every list you own, including every item inside those lists
Removes you as a member from any shared list you joined
Deletes every invite you sent or received
Deletes your profile photo from Firebase Storage, if you had one
Deletes every saved search tied to your account
Deletes your user document
Deletes your Firebase Auth account (invalidating all sessions)

This is irreversible.

9. Legal Basis for Processing (GDPR)

If you are located in the EEA, United Kingdom, or Switzerland, we process your personal data on the following legal bases:

Contractual necessity (Art. 6(1)(b) GDPR): account creation, storing your lists and saved searches, and routing invites, all necessary to provide the service you signed up for.
Legitimate interest (Art. 6(1)(f) GDPR): basic platform operation and abuse prevention.
Consent (Art. 6(1)(a) GDPR): push notifications, which require an explicit opt-in.

10. International Data Transfers

Firebase, RevenueCat, and PostHog all process data in the United States. If you access Kiddy from outside the U.S., your data is transferred to and processed in the U.S. These providers offer Standard Contractual Clauses for cross-border transfers.

11. Your Rights

You have the right to:

Access the personal information stored in your account (visible in the app)
Delete individual lists, items, saved searches, favorites, or your entire account at any time
Request a copy of your data by emailing us

EEA/UK residents (GDPR): you also have the right to data portability, the right to restrict or object to processing, and the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA):you have the right to know what personal information we collect, the right to delete it, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information.

12. Children's Privacy

Kiddy is directed at adults choosing names for their own children. It is not directed to children under the age of 13 (or 16 in the EEA), and we do not knowingly collect personal information from children. If you believe a child has signed up, contact us and we will delete the account.

13. Security

Authentication tokens are kept in iOS Keychain via Expo Secure Store. All traffic between the app and Firebase uses HTTPS. Firestore security rules restrict your account data to your own UID and restrict each list to its owner and explicit members. No system is perfectly secure, but Kiddy doesn't store anything beyond what's needed to keep your lists and invites working.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page and (if significant) in the app. Continued use of Kiddy after changes constitutes acceptance.

15. Contact

Questions, requests, or anything else, write to support@moetalaat.com.

16. Summary

In short: Kiddy keeps your lists, favorites, and saved searches in your private Firebase vault. The only people who can see a list are you and the partner(s) you invite to it. We run product analytics (PostHog) for behavioral events keyed to your user ID, never the names you save or the contents of your searches. We don't run ads, we don't track you across other companies' apps, and we don't sell or share your data. Delete a list and it's gone. Delete your account and everything tied to it is gone.