Privacy Policy

Your baby’s data stays yours.

Hushelo is a baby tracker built by parents for parents. This page tells you, in plain English, exactly what we collect, why, who we share it with, and what you can do about it. We update this page whenever the app changes in a way that affects your privacy.

Last updated: June 2, 2026

1. Who we are

Hushelo is operated by Gamalabs (OPC) Pvt Ltd, registered at Plot no 527, Ground Floor, Phase 1, TNGO Colony, Gachibowli, Hyderabad, Telangana - 500032, India (“Hushelo”, “we”, “us”). For everything in this policy, we are the data controller of the information you provide.

You can reach us at hello@hushelo.com. For account-specific privacy requests, see Your rights below.

2. What we collect

We collect only what we need to run Hushelo. We have grouped it below by what it is and where it comes from.

2.1 Your account

When you sign up and use your account, we store:

  • Your email address and (optionally) phone number.
  • A bcrypt hash of your password - never the password itself.
  • Your name, locale, timezone, and unit preference (metric or imperial).
  • Your country code (ISO format), which we use to show the right currency for plans and the right vaccine schedule for your baby.
  • Your notification preferences, in-app onboarding state, and any preferences you adjust in Settings.
  • The list of devices you sign in on (model, OS version, app version, last active time) so you can manage active sessions and so we can enforce a max-device limit on paid plans.
  • A record of when you accepted our Terms and this Privacy Policy, including the IP address at the time of acceptance and the app version, so we have an auditable record that consent was given.

2.2 Your baby’s data

This is the heart of the app. You enter it; we hold it on your behalf so it follows you across devices and caregivers.

  • Profile - name, date of birth, gender (optional), blood type (optional), birth weight, birth length, avatar photo, sibling group, birth order, free-text notes.
  • Daily entries - feeds (breast or bottle, side, volume, switches), diapers (type, rash), sleep, pumping, baths, tummy time, temperature readings, mood notes, free-text notes, photo entries.
  • Growth - weight, length, head circumference, percentiles, chart type (WHO or Fenton for preemies).
  • Milestones - what was achieved, when, photos and notes.
  • Vaccines - doses given, the provider you saw, batch number, site of injection, any reactions you logged, notes.
  • Medication courses - medication name, dose, frequency, route, prescribing provider, reason, notes and any attachments.
  • Medical records - type of visit (checkup, illness, lab, admission, prescription), diagnoses, symptoms, follow-up dates, links to the doctor or hospital contact.
  • Milk stash - pump times, volumes, storage location, expiry, consumption.
  • Photos and videos - the media you upload for your baby, plus the smaller WebP versions we generate for fast loading.
  • Reminders - the schedules you create and what they remind you about.

2.3 Your own health data

The app has an optional “Mom matters” section where you can log your own water intake, meals (with calories, protein, carbs, fat, fiber, and a mood note if you add one), and supplements. This is treated with the same care as your baby’s data.

2.4 Care team contacts

When you add a pediatrician, OB-GYN, lactation consultant, or any other contact, we store their name, specialty, phone, WhatsApp number, email, address, latitude/longitude, and any notes you wrote. These are people you choose to add - please make sure they’re comfortable having that information stored on your behalf.

2.5 Technical information we collect automatically

  • Server logs - every API request is logged with the path, method, response status, IP address (first hop of X-Forwarded-For or the connection’s socket address), and user-agent string. We use these to debug and to identify abuse.
  • Sync logs - a record of each cross-device sync (when, how many items, how long it took, the device that initiated it).
  • Edit history - when you edit an entry, we store the change (a diff and a snapshot) for up to 90 days so you and any other caregivers can see who changed what. After 90 days, the history record is pruned automatically.
  • Notification log - for every email, push, WhatsApp message, or SMS we attempt to send, we record the channel, the template, the variables we filled in, and whether it succeeded.
  • Password reset attempts - if you request a reset, we record the IP address it was requested from along with the (hashed) reset token, so we can detect abuse.

2.6 In-app purchases

If you subscribe to a paid plan, the purchase happens through Apple’s App Store or Google Play - we never see your card or bank details. We do store the receipt or purchase token that Apple or Google gives us so we can confirm your subscription is active. Tax-record laws require us to keep the raw receipt for up to 7 years, even after you close your account.

3. How we use your data

We use your data to:

  • Run the features you can see in the app - everything in section 2 is there because something in the app needs it.
  • Send transactional emails, push notifications, WhatsApp messages, or SMS - for example, your email verification code, a password reset link, an account deletion confirmation, or reminders you’ve scheduled. We don’t use these channels for marketing.
  • Sync your data between your devices and your family caregivers’ devices.
  • Detect and respond to abuse (e.g. brute-force login attempts) using rate limits and server logs.
  • Confirm and manage your subscription if you have one.
  • Improve the app. We do not have any third-party analytics, advertising SDK, or pixel installed. Our “telemetry” is the server-side logs and counters described above - nothing more.

We do not sell your data, and we never will. We do not share it with advertisers. We do not profile you for advertising purposes.

4. Who we share data with

We use a small set of trusted third-party services to deliver the app - things like media storage and CDN delivery, email and messaging delivery, push notifications, and in-app purchase processing. Each of them only receives the slice of data needed for their specific job, and each is contractually bound to process data only on our instructions.

We do not use third-party analytics, advertising networks, or attribution tools. We do not sell your data, and we do not share it for marketing purposes.

We may also share data when we are legally required to - for example, a valid court order, search warrant, or other binding legal process. When that happens we try to notify the affected user unless the law forbids us from doing so.

5. Where your data lives

Your data is stored in three places.

  • On your device, in a local SQLite database managed by Hushelo and protected by the operating system’s built-in app sandbox + on-device encryption (iOS Data Protection and Android File-Based Encryption). This is the “local-first” copy - the app works offline and reads from here.
  • On our server, in a MariaDB database that holds the authoritative copy of your data. This is what other family members’ devices sync from.
  • On Bunny.net’s edge storage, for the photos and videos you upload (only if you upload them).

Our server is hosted in a single region. The exact region and sub-processor list is available on request - email hello@hushelo.com.

6. How long we keep it

We keep your data for as long as you have an account with us. When you delete your account, we follow the steps in Your rights below. Specific retention rules:

  • Edit history for any entry is kept for 90 days, then pruned automatically.
  • Sync logs follow the same 90-day rule.
  • Refresh tokens expire after 30 days (or sooner if you sign out).
  • Access tokens live for 15 minutes.
  • Soft-deleted records (entries you delete inside the app) are kept as tombstones long enough to be propagated to your other devices, then are permanently removed when you delete your account.
  • Purchase receipts are kept for up to 7 years to meet tax-record requirements, even after account deletion.
  • Backups are nightly. Old backups roll off on a schedule we can share on request.

7. Your rights

You have the right to access, correct, export, or delete your data. We do not require you to provide a reason and we do not charge for these requests.

7.1 Access and correction

You can see and edit every piece of data you’ve entered inside the app. For data we hold that the UI doesn’t expose - like server logs or backup snapshots - email us and we’ll respond within 30 days.

7.2 Export

You can request a copy of your data from Settings → Account, or by emailing hello@hushelo.com. We aim to fulfil export requests within 30 days. Requests are rate-limited to one per 24 hours per account.

7.3 Deletion

When you delete your account:

  1. We mark your account for deletion and sign you out of every device immediately.
  2. You enter a 30-day grace period during which you can cancel the deletion by signing back in. We do this to protect you from accidental or coerced deletions.
  3. After 30 days, your personal account details (email, name, phone, password, preferences) are anonymised and your account is marked as deleted.
  4. Records that we’re legally required to keep (e.g. the raw IAP purchase receipts mentioned above) remain in our system in a form that no longer identifies you, for as long as the law requires.

Important transparency note: Today, the deletion flow described above anonymises your account row but not yet the per-baby data (entries, photos, growth, etc.). We are in the process of completing the cascading deletion across all baby records. If you want everything removed today rather than waiting for that update, email hello@hushelo.com and we will manually remove the remaining records and confirm when it’s done.

7.4 Family-shared data

If you share your family with caregivers (your partner, your parents, your nanny), they have their own access to the baby data you’ve created. Deleting your account does not delete the family or remove other caregivers’ access to the shared baby records they continue to use. If you are the only caregiver, deletion removes the family with you.

7.5 Other rights under EU/UK law

If you’re in the EU, UK, or another jurisdiction with equivalent law, you also have the right to restrict processing, object to processing, withdraw consent (where consent is the basis we rely on), and to lodge a complaint with your local supervisory authority. Email us first if anything is unclear and we’ll try to resolve it directly.

8. Security

How we keep your data safe:

  • Passwords are hashed with bcrypt at cost factor 12. We never store them in plain text and we cannot recover one for you.
  • Session tokens use PASETO v3 (a modern, authenticated cryptographic token format), kept in HttpOnly cookies your JavaScript cannot read.
  • Mutating requests require a separate CSRF token (double-submit pattern).
  • Login is rate-limited to 5 attempts per minute per IP.
  • Biometric app lock (Face ID, Touch ID, or your Android equivalent) is available in Settings and re-locks after 30 seconds in the background.
  • Backend webhooks from Apple and Google are cryptographically verified before being trusted.
  • Transport uses TLS for every connection to our server.
  • The admin panel is on a separate cookie scheme, with role-based access control, audit logging of every change, and support for two-factor authentication.

No system is 100% safe. If we ever suspect that your data has been accessed by someone who shouldn’t have, we will tell you directly and report the incident to the relevant authorities within the legally required timeframe.

9. Cookies and similar technology

Hushelo uses three cookies on our API, all of them strictly functional. We do not use cookies for analytics, advertising, tracking, or profiling.

  • hushelo_access - your short-lived (15-minute) session token. HttpOnly and Secure.
  • hushelo_refresh - your long-lived (30-day) refresh token, scoped to /api/v1/auth so it is never sent to other endpoints. HttpOnly and Secure.
  • hushelo_csrf - a CSRF token your client echoes back as a header on mutating requests.

Our marketing site (this page) uses no cookies and no third-party trackers. Fonts (Nunito and Inter) are served from our own CDN; we do not load them from third-party font services.

10. Children's data and parental responsibility

Hushelo is designed for adults - parents, legal guardians, and the caregivers they invite - to record information about a baby or young child. By creating an account you confirm you are an adult and that you have the legal right to record information about each baby you add.

The baby’s data sits inside your account. Only the people you invite into your family can see it. We do not create advertising profiles, behavioural models, or any kind of predictive analytics from baby data. Categories of baby data we hold may include health-related information (medications, vaccines, growth charts, diagnoses); we treat it with the same care as we treat your own data.

When the child you are recording reaches an age at which they can make their own decisions about their data, you can export everything (section 7.2) and hand it over, or delete it (section 7.3).

If you believe a child’s data is in Hushelo without the right consent, please email us at hello@hushelo.com and we will remove it within 30 days.

11. International transfers

Our server is hosted in a single region. If you use Hushelo from a different country, your data is transferred to that region for processing.

The third-party services listed in section 4 each operate from their own jurisdictions: Apple and Google operate globally; Bunny.net is headquartered in Slovenia; Elastic Email in Estonia; Gupshup in India and the US. Each transfer of personal data outside your home jurisdiction is covered by appropriate safeguards (Standard Contractual Clauses or equivalent).

12. Changes to this policy

When we change this policy in a way that affects your privacy, we’ll update the “Last updated” date at the top of this page and let you know either inside the app or by email. Continued use of Hushelo after a meaningful change constitutes your acceptance of the updated policy - if you don’t accept it, you can export your data and close your account as described in section 7.

13. Contact us

For anything related to this policy, your data, or your account:

  • Email: hello@hushelo.com
  • From inside the app: Settings → Help → Contact support
  • Legal entity: Gamalabs (OPC) Pvt Ltd
  • Registered address: Plot no 527, Ground Floor, Phase 1, TNGO Colony, Gachibowli, Hyderabad, Telangana - 500032, India

We try to respond to every privacy request within 7 days and to fulfil it within 30 days, as required by most data-protection laws.

← Back to home