Feeding Littles — Privacy Policy

This Privacy Policy explains how Feeding Littles Labs, LLC ("we," "our," "us") collects, uses, and shares information when you use the Feeding Littles mobile application and hosted pages shown in‑app (the "Service"). We do not offer the Service to individuals located in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), or Switzerland (collectively, "Restricted Regions"). If you are located in a Restricted Region, you may not create or use an account.

1) Scope

This Policy applies to the Service as defined above and not to third‑party websites or services that may be linked.

2) Information we collect

Account & profile. Firebase user ID, optional first name, and optional email associated with your account. We do not collect the advertising ID (IDFA).

User Content. Recipes, images, meal plans, notes, and related metadata you add or import (for example, ingredients and instructions we structure for you, OCR transcripts from Apple’s on‑device Vision framework, and AI parse results for recipes).

Subscription/entitlement metadata. Limited purchase/entitlement status via RevenueCat (e.g., product ID, purchase state, expiration). We do not receive card numbers.

Analytics & diagnostics. Event‑level, aggregated analytics (Firebase Analytics) and crash reports (Crashlytics), including device model, OS, app version, and crash traces. We associate these events and reports with your Firebase user ID and pseudonymous app‑level identifiers generated by these tools to help diagnose issues, and we design event parameters not to include obvious PII. In limited cases, we may include non‑personal product identifiers (for example, normalized grocery item names) to improve feature quality. We do not use advertising identifiers.

Support. Messages you send to support.

Automatic technical data. Automatic connection data processed by our providers (for example, IP address used to infer approximate region, device type, and app version).

No ads; no sale/share for targeted advertising. We do not use advertising SDKs or sell/share personal information for cross‑context behavioral advertising.

Categories of personal information (CPRA‑style):

• Identifiers (UID, email, IP, and non‑advertising app‑level identifiers created by our analytics and crash reporting tools)
• Commercial information (subscription/entitlement metadata)
• Internet/Network activity (in‑app events, crash logs)
• User content (recipes, notes, images, meal plans)
• Geolocation (approximate) (region inferred from IP; we do not collect precise location data)
• Support communications

Sensitive personal information: we do not knowingly collect or use SPI for additional purposes (e.g., precise geolocation, health diagnoses, or child data).

3) How we use information

• Operate, maintain, and improve the Service (including sync, search, and parsing of imports).
• Use AI services (Google Gemini models via Firebase AI / Vertex AI) to turn recipe text and photos you provide into structured recipe fields as part of recipe imports.
• Provide and manage subscriptions and entitlements (via RevenueCat and Apple).
• Diagnose performance and resolve crashes (Firebase/Crashlytics).
• Security & abuse prevention (e.g., rate‑limiting, fraud detection).
• Prevent abuse and enforce policies (e.g., DMCA and repeat‑infringer policy).
• Provide support and respond to requests.
• Compliance & legal (e.g., DMCA processing, lawful requests).
• No ads; no cross‑context behavioral advertising.

4) Sharing and processing

We share information only as needed to run the Service:

• Processors: Firebase/Google (for authentication, database, storage, analytics, crash reporting, and AI models used in recipe extraction), Apple (payments and subscription management via the App Store; we do not receive your full card number), RevenueCat (entitlement management), Brevo (email communications; we share your email, first name, and subscription status to send service-related messages), Dub.co (short links).
• Internal ops only: Slack (limited alerts, e.g., import issues).
• Legal/DMCA: Minimal account data may be disclosed to rights‑holders to process notices/counter‑notices or as required by law.
• Business transfers: In a merger, acquisition, or financing, subject to this Policy.

We do not sell personal information or share it for cross‑context behavioral advertising.

5) Your choices

• Shared Meal Plan Links. To revoke a Shared Meal Plan Link, email app+support@feedinglittles.com. Copies or caches on third‑party services may persist.
• Account deletion. Use the in‑app Delete Account control. We will delete your account and related data subject to the retention schedule below.
• Email preferences. You can unsubscribe from non‑essential emails via the link in those emails; service and transactional emails may still be sent as needed.

6) U.S. state privacy rights (CPRA/CPA/VCDPA/CTDPA/UTDPA)

Right to know/access, delete, and correct. You may request access to, deletion of, or correction of personal information we maintain about you.

Right to opt‑out of sale/share for targeted advertising. We do not sell or share personal information for cross‑context behavioral advertising.

Right to limit use of sensitive personal information. We do not use sensitive personal information for additional purposes.

How to exercise rights. Email app+privacy@feedinglittles.com or use in‑app controls (when available).

Verification & authorized agents. We verify requests via account login or email confirmation. Authorized agents must provide written authorization, and we may require you to verify your identity directly.

Appeals (where applicable). If we deny your request, you may appeal by replying to our decision email. If you remain unsatisfied, you may contact your state attorney general.

Non‑discrimination. We will not discriminate against you for exercising these rights.

Global Privacy Control (GPC). We honor GPC signals for web pages we host and that the App displays.

7) Children and family use (COPPA)

The adult account holder is the user of record. The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Minors may use the App only under the adult account holder’s supervision. If you believe we collected a child’s information in error, contact app+privacy@feedinglittles.com and we will delete it.

8) International users; data location

We do not offer the Service in the EU/EEA, UK, or Switzerland. Our systems are hosted primarily in the United States, and your information may be processed in the United States and in other countries where our service providers operate.

9) Security

We use reasonable administrative, technical, and organizational safeguards appropriate to the data we handle (e.g., encryption in transit, role‑based access controls, least‑privilege). No system is perfectly secure.

10) Data retention schedule

• Account (UID, email), basic profile: while account is active; delete within 30 days of confirmed deletion request; limited backups up to 90 days.
• User Content (recipes, images, notes, meal plans): while account is active; delete within 30 days of account deletion; CDN/cache and backups up to 90 days after deletion.
• Shared Meal Plan Links metadata: live while the link is active; retained while a Shared Meal Plan Link remains active and deleted when you revoke the link; residual logs up to 30 days. We may introduce inactivity‑based expiration in the future.
• Import‑issue artifacts (debug logs, temporary images): we aim to delete within approximately 30–60 days (logs about 30 days; temporary images about 60 days), subject to our operational retention tooling. Slack alerts follow our Slack workspace retention settings (currently around 90 days).
• Support communications: up to 24 months, then aggregate or delete.
• Analytics (Firebase Analytics): up to 14 months (configuration‑based); aggregate thereafter.
• Crash reports (Crashlytics): about 90 days.
• Server logs/Cloud Functions logs: 30–90 days depending on log class.
• Subscription/entitlement metadata (RevenueCat): while subscription is active and up to 7 years thereafter for tax/audit/chargeback defense (minimal data—no card numbers).
• Brevo contacts (email, first name, subscription status): deleted when you delete your account.
• Legal holds & safety: we may preserve specific data when required by law, to comply with lawful requests, or to establish, exercise, or defend legal claims.

11) Changes to this Policy

We may update this Policy. If changes materially affect your rights, we’ll notify you in‑app or by email.

Contact

Privacy: app+privacy@feedinglittles.com
Support: app+support@feedinglittles.com
DMCA: app+dmca@feedinglittles.com (see our DMCA Policy for mailing address and phone)