Legal

Protecting your family's data
with the care it deserves.

We use data to back up your maternal instincts — not to exploit your privacy. This policy explains exactly what we collect, why, and how you stay in control.

Version 1.1.0 Last updated May 2026
End-to-end encrypted Zero third-party tracking 72-hour breach notification Right to be forgotten 5-year software support
01 · Introduction

Our commitment to your peace of mind

Welcome to Baby's Day In (BDI). Early parenthood is a series of beautiful, exhausted moments. We are here to hold the technical weight of monitoring so you can hold your baby. Our mission is to provide you with "calm confidence" — that quiet, steady feeling that comes from having intelligent information at your fingertips.

When you use our two-smartphone setup — transforming one device into a nursery camera and the other into your command center — you are trusting us with your family's most private moments. We take the "invisible load" of tracking your infant's wellness seriously.

Our promise

We use data to back up your maternal instincts, not to exploit your privacy. This document covers the processing of both parental and infant data within our closed-loop ecosystem.

02 · Information we collect

The invisible load we carry for you

To provide effortless insights and wellness benchmarking without the need for additional, vulnerable hardware, we collect the following:

  • Account data Parental registration details: full name, email address, and secure encrypted credentials.
  • Live camera feed Real-time video and audio streamed directly from the "Nursery" device to the "Parent" device.
  • Cry detection & classification Audio processing that identifies and classifies cries into categories of hunger, tiredness, or discomfort.
  • Sleep tracking Automated duration and quality logs of sleep intervals.
  • Activity logs Records of feedings, nappy changes, baths, and tummy time sessions.
  • Health metrics Body temperature, medication administration, and vaccine records.
  • Growth data Length/height and weight measurements.
  • Wellness analysis Derived patterns across sleep, feeding, and crying data. Comparisons against World Health Organization (WHO) standards.
03 · Consent & child privacy

Affirmative consent.
No exceptions.

As an app dedicated to infant care, we process sensitive information that falls under Special Category Data (Article 9 of the GDPR). Because this involves health-related data of a minor, we apply the highest tier of legal and technical protection.

  • Affirmative express consent No data collection, audio monitoring, or video streaming begins until you have taken a clear, affirmative action within the app. Consent is never assumed — it is granted by you, the parent, for every specific monitoring feature.
  • Child privacy protections Following FTC and GDPR guidelines, infant data is strictly partitioned. We never create "marketing profiles" for infants. The data exists solely to provide the care features you have requested.
04 · How we use data

Intelligent care.
Not data exploitation.

Every piece of data we collect has a single purpose: giving you the information you need to care for your baby with calm confidence. Here is exactly how each feature uses it.

Feature How your data is used
Auto-Soothe Uses cry detection to trigger settle-responses — distinguishing between the built-in lullaby library and parental voice recordings. Note: voice recordings are treated as biometric data with enhanced encryption.
Wellness Reports Consolidates activity logs (feeds, changes, tummy time) and growth metrics into exportable summaries.
WHO Comparisons Provides factual context for development. These are for contextual wellness and parent reassurance — they are not clinical diagnoses and should not replace professional medical advice.
Peace of Mind Alerts Analyses monitoring data to notify you of waking or classified cries (hunger vs. discomfort) so you can rest effectively.
Activity Insights Reduces your mental load by identifying patterns in feeding and nappy logs to help you stay on track.
05 · Technical safeguards

Built to NIST and ISO standards

Our security architecture treats your home like a high-security environment. By using two smartphones rather than cheap third-party IoT cameras, we leverage the advanced hardware-rooted security (NIST SP 800-164) inherent in modern mobile devices.

End-to-end encryption

All live feeds and stored recordings are encrypted at the source. Only your authorised "Parent" device holds the keys to decrypt the "Nursery" feed.

  • NIST SP 800-53 · AC-17 (Remote Access Management) We manage the two-phone setup via a dedicated, authenticated, and encrypted tunnel — preventing "man-in-the-middle" attacks common in standard baby monitors.
  • NIST SP 1800-1D · SC-12 (Data-at-Rest Protection) All data — whether stored locally on your smartphones or on our secure BDI servers — is protected by industry-standard cryptographic controls to ensure closed-loop integrity.
  • ISO 14971 (Clinical Risk Management) We employ this standard to manage risks associated with overdiagnosis or false alarms. We rigorously test our algorithms to ensure alerts provide peace of mind, not unnecessary anxiety.
  • IEC 62304 (Software Lifecycle) This ensures our software is developed with the reliability and safety expected of a health-adjacent device, keeping alerts consistent and the Nursery link stable.
06 · Third-party tracking

Zero hidden tracking.
Full stop.

Our guarantee

BDI does not include third-party marketing trackers or hidden analytics SDKs that leak data to social media or advertising firms. Your data stays within the BDI ecosystem. We do not sell, lease, or trade your family's information to data brokers.

  • No hidden SDKs We do not embed any third-party advertising, tracking, or analytics code that could send your data outside of BDI.
  • Closed loop Your data stays within the BDI ecosystem. It is never sold, leased, or traded with data brokers.
07 · Your data, your control

De-identification and the right to be forgotten

For our aggregate wellness benchmarking (e.g. assessing average sleep patterns against WHO norms), all data is stripped of personal identifiers. This anonymous data helps us provide smarter insights for the entire BDI community without compromising your family's identity.

You have total control. To permanently erase all data associated with your account:

1 Open the BDI App and go to Settings
2 Select Privacy & Data Management
3 Tap Delete Account and All Associated Data
Immediate & permanent

All logs, recordings, and reports will be purged from our servers immediately and permanently. There is no waiting period, no retention window.

08 · Regulatory compliance

UK PSTI Act compliance

The UK Product Security and Telecommunications Infrastructure (PSTI) Act requires transparency for internet-connected products. BDI complies fully:

0
Default passwords. Unique hardware-backed keys only.
5 yr
Guaranteed security updates from date of purchase.
1:1
Unique pairing per setup — no bulk unauthorised access.
  • No default passwords The system uses unique, hardware-backed pairing keys and user-generated credentials. There is no shared or factory-default password.
  • Unique pairing Each two-phone setup is unique to the user, preventing unauthorised bulk access.
  • 5-year software support We guarantee security updates and software support for a minimum of 5 years from the date of your app purchase.
09 · Breach notification

We tell you within 72 hours. Always.

In the unlikely event of a data breach, we follow the "Active Notification" rule. Consistent with GDPR and NIST incident response standards:

Active notification protocol

We will notify affected users within 72 hours of breach confirmation via direct in-app alerts and email. We will provide a transparent assessment of what occurred and clear steps to re-secure your account.

  • 72-hour commitment You will hear from us within 72 hours of a confirmed breach — not after legal review, not after PR consultation.
  • In-app & email Notifications are delivered via direct in-app alerts and email so you receive them wherever you are.
  • Full transparency We will provide a clear, honest account of what happened and what you should do next.
10 · International transfers

Your data, your reports

You have the sole right to export your "Doctor-Ready" wellness reports. While we store them securely, they are yours to share with healthcare professionals at your discretion.

  • Doctor-ready exports Wellness reports are formatted for easy sharing with your GP, health visitor, or paediatrician. You own them entirely.
  • Standard Contractual Clauses (SCCs) If data is processed outside your home jurisdiction, we utilise SCCs to ensure your data receives the same rigorous protection required by your local laws.
11 · Contact

Questions? Talk to our trusted friend.

Questions about your privacy shouldn't be met with sugarcoating or panic. Our Data Protection Officer (DPO) acts as a trusted friend — providing smart, honest, and calm answers.

Data Protection Officer

Baby's Day In

We respond to all privacy enquiries within 5 working days. For urgent concerns, mark your message "Urgent — Privacy".

Email our DPO

Version 1.1.0 · Last updated May 2026 · Baby's Day In, London