Privacy Policy

Protecting your data is a core part of Juliboo. Juliboo is developed in Germany, stores synced data in Frankfurt am Main (EU), and encrypts your content end-to-end: the actual entries are encrypted on your device before they leave it — we as the provider cannot read them in plain text. If you use the app with an account, your data is automatically synced to the cloud in encrypted form; if you use the app anonymously, it stays exclusively on your device. Below we explain which data we process and how.

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Justus Wille
c/o IP-Management #10880
Ludwig-Erhard-Straße 18
20459 Hamburg
Germany

Email: datenschutz@juliboo.de

2. Core principle: end-to-end encryption & storage location

All content data you record (e.g. feedings, sleep, diapers, behavior, tags, notes, baby names, birth dates and measurements, as well as profile and avatar images) is encrypted on your device with AES-256-GCM (end-to-end encryption) before it is synced. The key required for this remains on your devices and is secured by a recovery passphrase; we as the provider and our hosting service providers cannot view this content in plain text.

If you use the app anonymously (without an account), this content does not leave your device and no cloud synchronization takes place. If you sign in with an account, encrypted cloud synchronization is an integral part of the service and is carried out automatically (you can still record offline; the sync happens as soon as a connection is available).

So that synchronization, family sharing, and operation work technically, some metadata is stored unencrypted (in plain text) in the cloud. This explicitly does not concern health or tracking content, but rather:

  • technical synchronization metadata (record IDs, timestamps of the last change, schema/key versions, deletion markers),
  • information about the workspace and family (workspace name, chosen display name and relationship/family role of members, license/seat information),
  • your app settings for cross-device mirroring (e.g. theme, language, dashboard and statistics layout),
  • cryptographic keys required for secure key exchange (your public key and fingerprint; private keys and the master key are stored only in encrypted form),
  • account metadata necessary for operation (time of last activity, language, device push token and platform).

3. User account & authentication

You need an account for cloud synchronization and for sharing with family members. Authentication is handled via Firebase Authentication (see the "Processors" section).

  • Registration by email address and password: we process your email address, a display name, and a verification status.
  • Sign in via Google or Apple ("Sign in with Apple"): an identifier provided by the provider and, where applicable, name and email address are processed.
  • Anonymous use: you can use the app without any personal details using an anonymous account. Anonymous accounts without further sign-in are automatically deleted server-side after 30 days.

Before full access to encrypted cloud synchronization, confirmation of your email address is required. To protect against abuse (e.g. automated mass creation of anonymous accounts), we briefly process technical security features in pseudonymous form during the first anonymous access (e.g. a hash value of your IP address for rate limiting). The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interest in preventing abuse).

The legal basis for account and sign-in processing is otherwise Art. 6 (1) (b) GDPR (provision of the contractually requested account and synchronization function).

4. Cloud synchronization & family sharing

When synchronization is enabled, your (encrypted) entries as well as encrypted profile and avatar images are stored in cloud services provided by Google Firebase (Cloud Firestore and Cloud Storage). We have selected the region "europe-west3" (Frankfurt am Main, Germany) as the storage location.

If you invite other people to a family workspace, the key required to decrypt the shared babies is securely transmitted to the invited person via a hybrid encryption process. To send the invitation by email, we process the recipient's email address that you provide.

The legal basis is Art. 6 (1) (b) GDPR.

5. Push notifications

If you grant your operating system's notification permission (e.g. to be informed about the activities of family members who are also syncing), we process a device-related push token via Firebase Cloud Messaging. The notifications contain only metadata (such as the workspace and the number of activities); names and content are resolved only locally on your device. Without the granted system permission, no token is registered.

The legal basis is Art. 6 (1) (a) GDPR (consent through activation) or Art. 6 (1) (b) GDPR.

6. Error reports & stability (Crashlytics)

To improve stability, we may use Firebase Crashlytics. Collection takes place only if you explicitly enable it under "Settings → Data"; it is off by default.

If the option is active, the following data is transmitted in the event of a crash or error:

  • standard technical diagnostic data (device type, operating system version, app version, memory/battery status, timestamp),
  • the stack trace with class, function, and file names (without variable values),
  • the error message, which first passes through a filter to remove possible personal patterns,
  • a pseudonymous user identifier (opaque account ID, no email address).

This data does not contain any of your tracking content entries. You can disable collection at any time with effect for the future. The legal basis is Art. 6 (1) (a) GDPR (consent).

7. Usage analysis (Firebase Analytics)

To understand the use of the app in aggregated, pseudonymous form and to improve the product, we may use Firebase Analytics. Collection takes place only if you explicitly enable it under "Settings → Data"; it is off by default.

If the option is active, we collect the following events (in each case without health or content data):

  • registration and sign-in (each with the method used: email, Google, Apple, or anonymous),
  • opening the purchase overview (paywall) and a successful purchase (where applicable, with the non-personal product identifier),
  • saving an entry — only the rough category is transmitted (e.g. feeding, pumping, sleep, diaper, behavior), no values or notes,
  • automatic usage and session statistics from the Firebase SDK (e.g. first launch, session start) as well as a pseudonymous user identifier.

Firebase Analytics is a global Google service; any transfer outside the EU is based on the EU Commission's standard contractual clauses. You can disable collection at any time with effect for the future. The legal basis is Art. 6 (1) (a) GDPR (consent).

8. Purchases & subscriptions (RevenueCat)

Premium features (Juliboo Premium) are provided via in-app purchases from the Apple and Google app stores. To manage the purchase/subscription status, we use the service RevenueCat, Inc. (San Francisco, USA). The actual payment processing is handled exclusively via the respective app store; we do not receive any complete payment data.

Your confirmed account email address is transmitted to RevenueCat (exclusively to assign support requests and to manage subscriptions). In addition, we transmit pseudonymous, non-personal segmentation attributes (e.g. number of baby profiles created, rough age category, app language, family role). No real names, birth dates, health/tracking data, or note content is sent. The transfer to the USA is based on the EU standard contractual clauses.

The legal basis is Art. 6 (1) (b) GDPR (performance of a contract) or Art. 6 (1) (f) GDPR (legitimate interest in efficient support).

9. Photo access

If you select a profile picture for a baby, a family member, or your own account, the app accesses your photo gallery. You make the selection; like all content, the image is encrypted on your device and only synced in encrypted form.

10. Processors & third parties

We use carefully selected service providers with whom corresponding data processing agreements are in place:

  • Google Ireland Ltd. / Google LLC — Firebase (Authentication, Cloud Firestore, Cloud Storage, Cloud Messaging, Cloud Functions, App Check for abuse prevention, and — where consent is enabled — Crashlytics and Analytics). Storage region for synchronization data: Frankfurt am Main (europe-west3).
  • RevenueCat, Inc. (USA) — management of in-app purchases and subscriptions.
  • Apple Inc. / Google LLC — processing of in-app purchases and (where you sign in accordingly) authentication.
  • Brevo (Sendinblue GmbH) — sending of invitation and system emails (including confirmation and password reset emails as well as inactivity warnings) and — with separate consent via juliboo.de — marketing emails about app release updates.

For individual services, a transfer to third countries (e.g. the USA) may occur. This is based on appropriate safeguards such as the EU Commission's standard contractual clauses.

11. Storage period

Local data remains stored until you delete it in the app or uninstall the app. Synced data remains in the cloud until you delete it in the app.

Anonymous accounts without further sign-in are automatically deleted after 30 days. In the case of prolonged inactivity of an account, we delete it together with the associated cloud data after 360 days; beforehand, we remind you in good time by email (warnings from day 330) so that you can prevent deletion by signing in.

12. Your rights

Under the GDPR, you have the following rights:

  • access to the data stored about you (Art. 15 GDPR),
  • rectification of inaccurate data (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection to processing (Art. 21 GDPR),
  • withdrawal of consent given, with effect for the future (Art. 7 (3) GDPR).

You can exercise many of these rights directly in the app under "Settings → Data": you can export your data (data portability) and separately delete your app data on this device and your data stored in the cloud. For the complete deletion of your account (sign-in data) and for all other concerns, you can reach us at datenschutz@juliboo.de.

You also have the right to lodge a complaint with a data protection supervisory authority.

13. Website: release notifications

On juliboo.de you can optionally sign up by email to be informed about the release of the Juliboo app. We only process the email address you provide and the time of signup and confirmation.

The legal basis is Art. 6 (1) (a) GDPR (consent). Signup uses double opt-in: after you submit your address you receive a confirmation email; you are only added to our mailing list after you click the link in that email.

Confirmation, welcome, and release emails are sent via Brevo (Sendinblue GmbH). We store contact data there in a separate marketing list; it is not linked to app account data.

You can withdraw your consent at any time, e.g. via the unsubscribe link in every email or by contacting datenschutz@juliboo.de. We will then remove your data from the list.

14. Changes to this privacy policy

We adapt this privacy policy when features or the legal situation change. The version displayed in the app with the date stated above applies in each case.