Privacy for parents using Maternity

Everseed Ventures, trading as The Maternity App, is the controller of your personal data. Registered in Canada at Calgary, AB, Canada. You can reach our Data Protection Officer at team@maternity.app.

Information you give us:

• Account. Name, email, password (hashed), language, country, optional photo.
• Profile. Pregnancy stage or child age, due date, parenting interests, anything else you choose to add.
• Content. Posts, replies, voice memos, photos, course progress, quiz answers, questions to instructors.
• Purchases. Billing name, address, order/subscription history, refund requests. Card details go directly to Stripe and we never see the full number.
• Support. Anything you send us by email, chat, or form.

Information collected automatically:

• Device, browser, OS, IP address (truncated where we can), language, time zone.
• Pages viewed, courses started, time spent, referrer, in-app actions, crash logs.
• Cookies and similar technologies (see our Cookie Policy).

Information from others:

• Sign-in providers (Apple, Google) where you choose to sign in with them.
• Marketplace providers and instructors, where you have transacted with them on the platform (booking outcomes, reviews).

• We process special category data only when you have given us your explicit consent, which you can withdraw at any time, or where another GDPR Article 9 condition applies.
• We never use sensitive data to build advertising audiences, sell to third parties, or train AI models with you individually identifiable.
• You can use the platform without filling in pregnancy or child information; the experience will be less personalised.

Maternity is for adults (at least 18 years old). It is not directed at children, and we do not knowingly collect personal data from children to provide them with our service. If you believe a child has created an account, contact us and we will remove it.

Information you share about your child (name, age, photos, milestones) is your data as a parent or legal guardian. We process it on the legal basis you have provided (consent, or our legitimate interest in delivering the parent-facing service to you), and we treat photographs and health-related details about a child with the same care we treat your own sensitive data.

Please do not post identifying information about other people’s children without their parents’ consent.

• To provide the service. Account, courses, community, marketplace bookings. Legal basis: performance of our contract with you.
• To personalise your experience. Recommend stage-appropriate courses, surface villages relevant to you. Legal basis: our legitimate interest, or your consent for sensitive data.
• To process payments. Legal basis: performance of contract; legal obligation (tax/accounting).
• To keep the platform safe. Detect fraud, abuse, and security incidents. Legal basis: legitimate interest, legal obligation.
• To communicate with you. Service emails, replies to support requests, security alerts. Legal basis: performance of contract / legitimate interest. Marketing emails are sent only with consent.
• To comply with the law. Legal basis: legal obligation.
• To improve the platform. Aggregated, mostly de-identified analytics. Legal basis: legitimate interest. We do not train external AI models on your individually identifiable data.

• Service providers (data processors) who run parts of the platform on our behalf, under contract: hosting (Supabase), payments (Stripe), email, analytics, error monitoring, customer support, and transcription. They are contractually bound to use your data only for our purposes.
• Course instructors and providers with whom you choose to interact, limited to the data needed for them to teach or serve you. They are independent controllers for that data — see the relevant Provider and Instructor terms.
• Other members who can see whatever you post in shared community spaces. Choose your audience carefully.
• Authorities and courts where we are legally required to share.
• An acquirer, in the event of a merger, acquisition, or asset sale; we would tell you before that happens.

We do not sell your personal data, share it for cross-context behavioural advertising, or trade it.

Some of our service providers operate outside the European Economic Area (notably the United States). When we transfer your data outside the EEA, we use mechanisms approved under the GDPR — typically the European Commission’s Standard Contractual Clauses, supplemented by additional safeguards where needed.

• Account. While your account is open, plus up to 30 days after you ask us to close it (so we can recover from mistakes).
• Inactive accounts. If you do not log in for longer than 3 years, we will write to you and, unless you ask us to keep it open, close it.
• Sensitive content (voice memos, health-related posts). Up to 1 year after you delete it from your account, in encrypted backups, then purged.
• Financial records. At least 7 years, where tax and accounting law requires it.
• Aggregated, de-identified analytics. Indefinitely; can no longer be linked to you.

Under Canadian privacy law (and the GDPR for EU residents), you have the right to:

• Access a copy of the personal data we hold on you.
• Have inaccurate data corrected.
• Have your data erased (the “right to be forgotten”), subject to legal exceptions.
• Restrict or object to certain processing.
• Export your data in a portable format (JSON or CSV) for transfer to another service.
• Withdraw any consent you have given.
• Lodge a complaint with your local data-protection authority — in Canada, the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial regulator. As we expand into the EU, residents there can also contact their local DPA.

To exercise any of these, write to team@maternity.app. We will respond within one month.

We protect your data with measures that include encryption in transit (TLS) and at rest, role-based access control, row-level-security on our database, audit logging, regular backups, and least-privilege access for staff. No system is impenetrable; we encourage strong, unique passwords and two-factor authentication where available.

If we have a data breach affecting your personal data, we will notify the regulator and (where required) you within the deadlines set by law.

We use a small set of cookies for authentication, security, remembering your preferences, and privacy-respecting analytics. You can manage non-essential cookies from the banner shown on your first visit and from your settings. Full detail is in our Cookie Policy.

We send marketing emails only when you have opted in. Every marketing email has an unsubscribe link, and you can adjust preferences from your settings at any time. Service emails (account, security, payment receipts) are part of using the platform and cannot be unsubscribed from while your account is open.

We use light personalisation (for example, recommending the next course or village based on your stage). These do not produce legal or similarly significant effects on you. We do not use automated decision-making for pricing, eligibility, credit, insurance, or anything that materially affects you without human review.

We may update this policy. If a change materially affects your rights we will notify you in-app and by email at least 30 days before it takes effect.

Privacy questions and data subject requests: team@maternity.app. Data Protection Officer: team@maternity.app. Postal: Everseed Ventures, Calgary, AB, Canada.