AllerG-Baby Privacy Policy

1. Introduction

Empowered Engineering LLC ("we," "us," "our," or "Company") operates the AllerG-Baby mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App, including all of its features and functionalities.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our App. By accessing and using AllerG-Baby, you acknowledge that you have read and understand this Privacy Policy and agree to be bound by its terms.

2. Information We Collect

AllerG-Baby collects information necessary to provide allergy tracking, child profile management, and multi-caregiver collaboration features. The types of information we collect include:

2.1 Account Information

• Email Address: Used to create your account, manage authentication, and facilitate multi-caregiver invitations.
• Password: Encrypted and securely handled via Supabase Authentication (never stored as plaintext by us).

2.2 Child Profile Data

• Child's Name: Identifier for distinguishing profiles.
• Avatar Emoji: User-selected emoji for visual identification.
• Known Allergens: Specific allergens identified by the parent/guardian, including severity levels (mild, moderate, severe).

2.3 Health & Activity Log Entries

The App allows you to record and track the following information with timestamps:

• Food items consumed
• Allergic or adverse reactions observed
• Environmental exposures (e.g., pollen, pet dander, dust)
• Topical products applied
• Chemicals encountered
• Medications taken

All log entries include the date and time of recording and/or occurrence.

2.4 Barcode Scan Data

When you use the barcode scanning feature, the App:

• Captures product barcodes (UPC/EAN codes).
• Queries external APIs: Open Food Facts, Open Beauty Facts, and Open Products Facts to retrieve product ingredient information.
• Displays ingredient lists and allergen warnings to you.
• Stores your barcode queries within your account for reference.

2.5 Biometric Authentication Data

The App supports Face ID authentication on iOS devices:

• Face ID data is processed entirely by Apple's secure enclave on your device.
• Biometric data is never transmitted to our servers.
• We only receive confirmation that authentication was successful; we do not have access to your biometric information.

2.6 Multi-Caregiver Collaboration Data

• Caregiver Email Addresses: Used to send invitations and manage access permissions.
• Role Assignments: Owner, editor, or viewer roles defining what access each caregiver has to child data.
• Shared Access Records: Logs of who has access to which child profiles.

2.7 Analytics & Usage Insights

The App generates 30-day analytics summaries displayed within the App itself, showing:

• Aggregated usage patterns (e.g., "You logged 24 entries this month").
• Trends in allergen exposure.
• Frequency of reactions.

These insights are generated from your own data and displayed only to authorized account holders. We do not use third-party analytics services (Google Analytics, Firebase Analytics, etc.) that would transmit this data externally.

2.8 Information We Do NOT Collect

• Precise geolocation data
• Phone numbers
• Third-party advertising tracking
• Device IDs for advertising purposes
• Social media account information

3. How We Use Your Information

We use the information collected through AllerG-Baby exclusively to provide, maintain, improve, and personalize the App's functionality:

3.1 Providing Core Features

• Creating and managing user accounts and child profiles.
• Recording and organizing allergy, health, and activity log entries.
• Performing barcode scans and retrieving product ingredient data.
• Enabling multi-caregiver collaboration and access management.
• Generating 30-day analytics and usage insights displayed within the App.

3.2 Authentication & Security

• Processing account login through Supabase secure authentication.
• Supporting biometric authentication (Face ID) on your device.
• Maintaining account security and preventing unauthorized access.

3.3 Communication

• Sending multi-caregiver invitations.
• Sending password reset instructions.
• Sending service-related notifications (e.g., subscription reminders, critical updates).

3.4 Data Analysis & Improvement

• Analyzing aggregate, de-identified usage patterns to improve App functionality.
• Identifying and fixing bugs or performance issues.
• Developing new features based on user needs.

3.5 Legal Compliance

• Complying with applicable laws, regulations, and legal requests.
• Enforcing our Terms of Service and other agreements.
• Protecting against fraud, abuse, or other harmful activity.

3.6 What We Do NOT Use Your Data For

• Selling or renting your personal information to third parties.
• Targeted advertising or behavioral marketing.
• Building profiles for data brokers or resellers.
• Any purpose unrelated to providing the App's functionality.

4. Data Storage & Security

4.1 Where Your Data Is Stored

All user data is stored in secure cloud infrastructure managed by Supabase, a PostgreSQL-based backend platform hosted on industry-standard cloud infrastructure. Data is encrypted both in transit (via HTTPS/TLS) and at rest on our servers.

4.2 Row Level Security (RLS)

Our database uses PostgreSQL Row Level Security policies to ensure that:

• Each user can only access their own account data and child profiles they own or have been granted access to.
• Caregivers can only view/edit child profiles according to their assigned role.
• Data from one family account is completely isolated from other accounts.

4.3 Security Measures

• Encryption in Transit: All communication between your device and our servers uses TLS/SSL encryption (HTTPS).
• Encryption at Rest: Data stored on our servers is encrypted at rest.
• Password Security: Passwords are hashed and salted via Supabase Auth; we never store plaintext passwords.
• Biometric Data: Face ID data remains exclusively on your iOS device and never touches our servers.
• Access Controls: Our team has restricted, role-based access to production systems.

4.4 Limitations

While we implement comprehensive security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security; however, we maintain industry-standard protections and continuously monitor for threats.

4.5 Data Retention

We retain your account data and log entries for as long as your account is active. Upon account deletion (see Section 8), your data is permanently removed from our systems within 30 days.

5. Data Sharing & Third Parties

5.1 What We Do NOT Do

• We do not sell, rent, lease, or otherwise profit from your personal information.
• We do not share your data with advertising networks, data brokers, or third-party marketers.
• We do not use third-party analytics services that would transmit your data outside our control.
• We do not share child health data with any external parties except as described below.

5.2 Service Providers

We engage third-party service providers only as necessary to operate the App:

5.3 Multi-Caregiver Sharing

When you invite other caregivers to access a child's profile, those caregivers gain access to:

• The child's profile information (name, allergens, severity levels).
• All log entries they are authorized to view based on their role.

We do not make this sharing decision for you; you explicitly invite specific email addresses and assign roles. You remain responsible for ensuring that shared access is appropriate.

5.4 Legal & Safety Exceptions

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal processes, court orders, or government requests.
• Enforce our Terms of Service and other agreements.
• Protect the safety, rights, or property of Empowered Engineering LLC, our users, or the general public.
• Prevent or investigate possible wrongdoing.

We will notify users of legal requests when legally permissible.

6. Children's Privacy & COPPA Compliance

6.1 Overview

AllerG-Baby collects health-related information about children. The children themselves are not direct users of the App; instead, parents, guardians, and designated caregivers use the App to manage child health information.

6.2 Parental Consent

By creating an AllerG-Baby account and recording a child's information, you are providing verifiable parental consent to the collection and use of that child's information as described in this Privacy Policy. You represent that:

• You are the parent or legal guardian of the child, OR
• You have received explicit authorization from the parent/guardian to manage this child's health data.
• You have the legal authority to consent on the child's behalf.

6.3 COPPA Compliance

The Children's Online Privacy Protection Act (COPPA) generally applies to commercial websites and online services directed to children under 13. AllerG-Baby is not directed to children; it is designed for and directed to parents, guardians, and healthcare providers who manage children's health information.

However, we take children's data protection seriously and follow principles aligned with COPPA:

• No Child Direct Access: Children do not create accounts or interact directly with AllerG-Baby.
• Parental Control: Only authorized parents/guardians can create accounts and manage child profiles.
• Limited Collection: We collect only information necessary for allergy tracking and health management.
• No Third-Party Marketing: We do not use child data for behavioral advertising or marketing.
• Data Security: Child health data is protected with encryption and access controls.
• Parental Rights: Parents can review, update, and delete all child data at any time (see Section 7).

6.4 Parental Rights Regarding Child Data

As a parent or guardian, you have the following rights regarding your child's information:

• Right to Inspect: You can review all information we have collected about your child within the App.
• Right to Update: You can correct or modify any inaccurate information.
• Right to Delete: You can request deletion of your child's profile and all associated data (see Section 8).
• Right to Control Sharing: You decide which caregivers have access and what roles they hold.

6.5 Minimal Collection Principle

We collect and retain only the minimum information necessary to provide AllerG-Baby's core functionality. We do not collect information for profiling, targeting, or other secondary purposes.

7. Your Rights & Data Control

7.1 Access Your Data

You have the right to access all personal information we hold about you and your child(ren). Simply log into your AllerG-Baby account to view:

• Your account information (email address).
• All child profiles and their details.
• All log entries and health records.
• Multi-caregiver access assignments.

7.2 Correct Your Data

You can update or correct any information in your account at any time through the App's settings and profile management features. If you encounter difficulties, please contact us (see Section 9).

7.3 Export Your Data

You have the right to request a copy of your data in a portable format. Contact us at the email address provided in Section 9 to request a data export.

7.4 Right to Erasure (Data Deletion)

You have the right to request deletion of your account and all associated data. See Section 8 below for detailed deletion procedures.

7.5 Restrict Processing

You have the right to limit how we process your information. You can:

• Revoke caregiver access permissions at any time.
• Stop recording new log entries.
• Delete specific entries from your logs.
• Request account deletion to halt all processing.

7.6 Opt-Out of Service Communications

You can manage email communication preferences within your account settings. However, we will continue to send critical service notifications (security alerts, legal notices, subscription reminders) as necessary to operate the App.

7.7 Regional Privacy Rights

Depending on your jurisdiction (GDPR, CCPA, COPPA, etc.), you may have additional rights. We support the following:

• Right to know what data we collect and how we use it (answered in this policy).
• Right to access your personal information.
• Right to correct inaccurate data.
• Right to delete your data.
• Right to non-discrimination for exercising your rights.

For any privacy rights requests, please contact us at the email address in Section 9.

8. Data Deletion & Account Termination

8.1 Individual Entry Deletion

You can delete individual log entries (food items, reactions, medications, etc.) at any time through the App. Deleted entries are permanently removed and cannot be recovered.

8.2 Caregiver Removal

You can remove any caregiver's access to a child's profile at any time. Once removed, that caregiver loses all access to the child's data, but existing shared data is not retroactively deleted from their account view (though they cannot access it again).

8.3 Child Profile Deletion

You can delete an entire child profile, which removes:

• The child's profile information.
• All associated log entries.
• All caregiver access assignments for that profile.

This action is permanent and cannot be undone.

8.4 Account Deletion

You can request complete account deletion through the App's settings or by contacting us. Upon deletion:

• Your account and login credentials are permanently deactivated.
• All child profiles you own are deleted (unless managed by other caregivers).
• All log entries are deleted.
• All personal information is removed from our active systems.
• Data is purged from backups within 30 days.

8.5 Deletion of Shared Data

If you are a caregiver with access to a child's profile (but not the owner), you can revoke your own access or request removal by the account owner. Deleting your account does not automatically delete the child profile data unless you are the profile owner.

8.6 Deletion Timeline

Data deletion requests are processed immediately in our active systems. Backups containing deleted data are retained for up to 30 days and are then securely destroyed.

8.7 How to Request Deletion

You can request account or data deletion in the following ways:

• Through the App's Settings menu (account deletion option).
• By contacting us directly (see Section 9).

We will confirm deletion once the process is complete.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Company: Empowered Engineering LLC
App: AllerG-Baby
Email: [email protected]
Website: https://allerg-baby.com

We aim to respond to all data privacy inquiries within 30 days. For urgent matters, please mark your email as "URGENT" in the subject line.

Types of Requests We Handle

• Data access and export requests.
• Correction or update requests.
• Deletion or account termination requests.
• Privacy concerns or suspected data breaches.
• Questions about this Privacy Policy.
• Caregiver access management issues.

10. Changes to This Privacy Policy

10.1 Right to Modify

Empowered Engineering LLC reserves the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to the App or our website unless otherwise specified.

10.2 Notification of Changes

If we make material changes to this Privacy Policy that affect how we collect, use, or share your information, we will:

• Update the "Effective Date" at the top of this Policy.
• Post the updated Policy in the App and on our website.
• Send a notification email to users (for significant changes).

10.3 Continued Use Constitutes Acceptance

Your continued use of AllerG-Baby after any modification to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you may delete your account and cease using the App.

10.4 Archive of Previous Versions

Previous versions of this Privacy Policy are available upon request. Contact us if you would like to review prior versions.

AllerG-Baby Privacy Policy · © 2026 Empowered Engineering LLC. All rights reserved. · Last Updated: April 27, 2026 · For questions, contact: [email protected]