BubSync

Privacy Policy

Last updated: 9 April 2026

BubSync (“we”, “us”, or “our”) is committed to protecting the privacy of your family. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use the BubSync application and website (collectively, the “Service”).

1. Information we collect

We collect the following types of information:

  • Account information: your name and email address when you register.
  • Baby profile data:your baby's name, date of birth, and optional notes.
  • Activity data: feeds, nappy changes, naps, growth measurements, temperature, care handover notes, custom activity entries, and any notes you log.
  • Sharing data: invited family member or carer details and invite metadata needed to manage shared access.
  • Device information: device type, OS version, and anonymised crash reports used to fix bugs.
  • Notification data: push notification tokens and notification preferences (where enabled) so we can deliver reminders and sync alerts.
  • Subscription metadata: plan status and billing state from Apple App Store / Google Play (we do not receive full payment card details).
  • Usage analytics: de-identified and aggregated feature usage to help us improve the app, benchmark performance, and generate population-level insights. No personally identifiable information is included.

2. How we use your information

We use your information to:

  • Provide, operate, and maintain the Service.
  • Sync data across your devices and with invited family members and carers.
  • Send important service communications (e.g., account alerts).
  • Analyse de-identified usage patterns to improve the app and develop population-level insights for users.
  • Register and manage push notifications when you enable them.
  • Respond to your support requests.
  • Comply with legal obligations.

We do not use your data for targeted advertising, and we do not sell your data to third parties.

3. Sharing of information

We share your information only in the following circumstances:

  • Within your care team: activity data is shared in real time with family members and carers you explicitly invite.
  • Service providers: AWS (cloud infrastructure and database hosting). Firebase services for mobile push notification delivery and crash diagnostics (where enabled). These providers are bound by strict data processing agreements.
  • Legal requirements: where required by applicable law, court order, or regulatory authority.
  • De-identified aggregated reporting: we may use and share aggregated, non-identifiable statistics and trends to improve BubSync and provide benchmark-style insights to users.

4. Storage & security

Your data is stored in AWS infrastructure located in the us-east-1 (N. Virginia) region in the United States. Data at rest is encrypted using AES-256, and data in transit is encrypted using TLS 1.2 or higher. We implement industry-standard security controls including access logging, least-privilege access, and regular security reviews.

5. Data retention

We retain your account and activity data for as long as your account is active. If you delete your account, we aim to remove active account data within 30 days. AWS DynamoDB Point-In-Time Recovery (PITR) may retain encrypted disaster-recovery backups for up to 35 days after deletion. Anonymised, aggregated analytics data may be retained indefinitely as it contains no personal information.

If your paid subscription or trial ends, cloud-hosted premium features may be disabled and applicable cloud data may be removed from BubSync servers in line with this policy, while local on-device records remain available unless you delete the app data.

6. Children's privacy

BubSync is intended for use by parents and carers (aged 18+). We do not knowingly collect personal information directly from children. Baby profile data is entered by the parent or carer and is treated with the highest level of care and confidentiality.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict our processing of your data.
  • Data portability (export your data in a structured format).
  • Withdraw consent at any time.

To exercise any of these rights, contact us at bubsync@alt-dev.com.au.

8. Cookies

The BubSync web app uses essential session cookies only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The marketing website (bubsync.com) may use first-party analytics to understand traffic patterns. No cookie consent banner is required as we do not use non-essential cookies.

9. Third-party services

BubSync uses the following third-party services:

  • AWS (Amazon Web Services) — cloud hosting, database, authentication, and storage. AWS Privacy Notice: aws.amazon.com/privacy
  • Google Firebase services — mobile push notification routing and crash diagnostics on supported platforms. Firebase Privacy Information: firebase.google.com/support/privacy
  • Apple / Google — in-app purchases and subscriptions processed through the relevant app store. We never see your payment details.

10. International transfers

Your data is stored and processed in the United States. If you access BubSync from Australia, the EU, or elsewhere, your data is transmitted to our US-hosted service via encrypted connections. We rely on contractual, technical, and organisational safeguards to protect personal data during these international transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notice at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy questions or to exercise your rights, contact our Privacy Officer at:

You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or with your local data protection authority if you are in the EU.