Privacy Policy

Last updated: 18 April 2026

This Privacy Policy applies to all pickleapps products, including picklebaby and pickleshop (together, “the apps”), operated by pickleapps (“we”, “us”, “our”). We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions, contact us at hello@pickleapp.uk.

1. Who we are

pickleapps is an independent software developer based in the United Kingdom. We are the data controller for personal data collected through our apps.

2. What data we collect

Account data (both apps)

  • Email address (used to create and authenticate your account via magic link)
  • First name (used to identify you within your family or household)

picklebaby

  • Family name (used to group caregivers)
  • Baby profile: name and date of birth
  • Daily logs: feeds, nappies, sleep sessions, tummy time, weight measurements, vitamin D doses
  • Milestones: title, date, notes, and an optional photo you choose to upload

pickleshop

  • Household name (used to group household members)
  • Pantry items and shopping list entries you create
  • Store categories you define
  • Shopping notes you add to items or your household

Sensitive information

Some information we process is classified as sensitive under UK GDPR. We only process this data with your explicit consent:

  • Health data — feeds, nappy changes, sleep, weight measurements, and vitamin D tracking logged in picklebaby
  • Date of birth of a minor — the baby’s date of birth entered in picklebaby
  • Photos of a minor — milestone photos you choose to upload in picklebaby

Device permissions

Where you grant permission, we may access:

  • Camera — picklebaby uses the camera to capture milestone photos; pickleshop uses the camera to scan barcodes and import recipes from photos
  • Photo library — picklebaby accesses your photo library to upload milestone photos and save them to your device

You can change these permissions at any time in your device’s Settings.

Push notifications

picklebaby may send push notifications to remind caregivers to administer the baby’s daily vitamin D supplement. You can turn off notifications at any time in your device’s Settings.

Technical data

  • We do not collect device identifiers, location data, or advertising IDs.
  • We do not use analytics tools to track your usage of the apps.
  • Our infrastructure provider (Supabase) may log standard server access logs (IP address, timestamp, request path) for security and debugging. These are not used for profiling.

3. How we use your data

  • To provide the apps — storing and syncing your data across caregivers and devices within your family or household.
  • To send administrative communications — push notifications (e.g. vitamin D reminders) and emails related to your account (e.g. magic link authentication, policy updates).
  • To support you — if you contact us, we use your email to respond.

Our legal basis under UK GDPR is performance of a contract (providing the service you signed up for) and, for sensitive data, your explicit consent (e.g. logging health data, uploading photos of children).

4. Sensitive data — children

picklebaby is designed for use by parents and caregivers, not by children themselves. We do not knowingly collect data directly from children. Baby profile data (name, date of birth, health logs) is entered by adults and is covered by this policy.

Milestone photos are stored in a private, access-controlled storage bucket. They are never publicly accessible. Only members of your family group can access your photos. Photos are served via short-lived signed URLs that expire after one hour.

We strongly recommend only uploading photos you are comfortable storing digitally. You can delete any photo at any time from within the app.

5. Data sharing and sub-processors

We do not sell, rent, or share your personal data with third parties for marketing purposes. We use the following sub-processors to operate our services:

  • Supabase Inc. — database, authentication, and file storage. Servers are located in Switzerland (eu-central-2). Transfer is covered by Switzerland’s UK adequacy decision.
  • RevenueCat Inc. — subscription and in-app purchase management. Located in the United States. Transfer is covered by Standard Contractual Clauses (SCCs). RevenueCat receives only a pseudonymous user identifier and App Store transaction data — no health data, baby data, or pantry data is shared.
  • Expo (Expo Technology Inc.) — push notification delivery. Located in the United States. Transfer is covered by Standard Contractual Clauses (SCCs). Expo receives your device push token to deliver vitamin D reminders. No personal content is included in the notification payload.
  • Anthropic PBC — AI-powered category suggestions in pickleshop (premium feature only). Located in the United States. Transfer is covered by Standard Contractual Clauses (SCCs). Only the name of the item you are adding and your category list are sent — no account data, household data, or personal identifiers are included.

These providers are contractually bound to process your data only as instructed by us and in accordance with applicable data protection law.

6. International transfers

Your data is processed outside the UK by the sub-processors listed in section 5. Each transfer is covered by an appropriate safeguard: an adequacy decision (Switzerland) or Standard Contractual Clauses (United States). You can request a copy of the relevant transfer mechanisms by emailing hello@pickleapp.uk.

7. Data retention

We retain your data for as long as your account is active. If you delete your account (available in the Settings screen of either app), your account and all associated data will be permanently deleted. You can also email hello@pickleapp.uk to request deletion and we will action it within 30 days.

You can export all your picklebaby data at any time using the “Download my data” button in Settings.

8. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the data we hold about you (use the “Download my data” button in picklebaby Settings, or email us)
  • Rectification — correct inaccurate data (you can edit most data directly in the apps)
  • Erasure — request deletion of your data (delete your account in-app, or email us)
  • Restriction — ask us to stop processing your data in certain circumstances
  • Portability — receive your data in a machine-readable format (JSON export available in picklebaby Settings)
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email hello@pickleapp.uk. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

9. Security

All data is transmitted over HTTPS. Data at rest is encrypted by our infrastructure provider. Access to your family’s or household’s data is restricted by row-level security policies — no other user can read your records. However, no electronic transmission or storage technology is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay, as required by UK GDPR.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. The “last updated” date at the top of this page will always reflect the most recent revision.