Privacy Policy

Last updated: March 13, 2026

Giggles Club ("the App") is a pediatric health tracking application operated by Eldunari Labs ("we", "us", "our"). This policy describes how we collect, use, store, and protect your information across our mobile app (iOS and Android) and website (gigglesclub.com).

1. Information We Collect

1.1 Account Information

• Name and email address — from Google Sign-In or email/password registration, used for authentication and display within the app
• Account role — parent, doctor, or caregiver (selected during onboarding)

1.2 Child Health Data

All child health data is entered voluntarily by the parent or authorized caregiver:

• Growth records — weight, height/length, head circumference measurements
• Vaccination records — vaccines administered, dates, and upcoming schedule
• Milestone records — developmental milestones achieved by age and domain
• Daily care logs — feeding, sleep, temperature, symptoms, stool, urine
• Medical history — doctor visits, diagnoses, prescriptions
• Allergies and medicines — current and historical records
• Teething records — tooth eruption tracking

1.3 Medical Images

• Photos voluntarily uploaded for AI-assisted data extraction (e.g., scanning a vaccination card)
• Images are processed once and are not stored by the AI service

1.4 Device Information

• Push notification tokens — to deliver vaccine reminders and alerts
• Device attestation — App Check tokens for security verification (no personal data collected)

2. How We Use Your Data

• Authentication — your email and name identify your account
• Health tracking features — growth charts, percentile calculations, vaccine schedules, milestone tracking, daily care logging
• Notifications — vaccine reminders, health alerts (e.g., abnormal temperature), and doctor notifications
• Email summaries — weekly/monthly health reports sent to your email (opt-in only)
• AI image processing — one-time extraction of data from uploaded medical images via Google Gemini
• Normal range alerts — automated checks against pediatric normal ranges for temperature, sleep, growth percentiles

3. Data Sharing

3.1 Authorized Users

Parents can invite doctors and caregivers to access specific child records via invite codes. Access is role-restricted:

• Doctors — read-only access to growth, vaccines, milestones, and medical history
• Caregivers — can log daily care activities; cannot access growth, vaccines, or milestones

You can revoke access at any time from the app.

3.2 Service Providers

We share data only with service providers necessary to operate the App:

• Google Firebase (Authentication, Cloud Firestore, Cloud Functions) — Privacy Policy
• Google Gemini AI (image processing) — Terms of Service
• Resend (email delivery for summaries) — Privacy Policy
• Expo (push notifications) — Privacy Policy

We do not sell, rent, or share your data with advertisers or data brokers.

4. Children's Privacy

Giggles Club is designed for use by parents, guardians, doctors, and caregivers (adults). The App is not intended for direct use by children.

• All child health data is entered and managed by an authorized adult
• We do not knowingly collect personal information directly from children
• Child profiles contain only health data entered by the parent/guardian — no account credentials, email addresses, or device identifiers are associated with child profiles

5. Data Security

• Encryption in transit — all data transmitted over HTTPS/TLS
• Encryption at rest — data stored in Google Cloud Firestore with encryption at rest
• App Check — device attestation (App Attest on iOS, Play Integrity on Android) prevents unauthorized API access
• Rate limiting — per-user rate limits on all API endpoints to prevent abuse
• Input validation — all user inputs are sanitized and validated server-side
• Role-based access control — Firestore security rules enforce that users can only access data they are authorized to see

6. Data Retention

• Active accounts — data is retained for as long as your account exists
• Inactive accounts — if you stop using the App without deleting your account, your data remains stored securely. We may send a reminder email after 12 months of inactivity
• Deleted accounts — when you delete your account, all associated data (profile, child records, health data) is permanently and irreversibly removed within 30 days
• Rate limiting records — automatically deleted via Firestore TTL policies
• AI-processed images — not retained after processing; only the extracted text data is stored

7. Your Rights

You have the following rights regarding your data:

• Access — view all your data within the App at any time
• Correction — edit any records directly in the App
• Deletion — delete individual records, child profiles, or your entire account via Settings → Delete Account
• Revoke sharing — remove linked doctors or caregivers at any time
• Opt out of emails — disable email summaries in Settings
• Data portability — contact us to request an export of your data

8. Permissions

The App requests only the permissions it needs:

• Internet access — required for cloud sync
• Network state — to detect offline/online status
• Camera (iOS/Android, optional) — to capture photos of medical documents for AI scanning
• Photo library (iOS, optional) — to attach existing photos to health records
• Notifications (optional) — for vaccine reminders and health alerts
• Exact alarms (Android) — to schedule precise vaccine reminder notifications

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will notify users via the App or email.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: [email protected]

Operated by: Eldunari Labs