Privacy Policy

About This Policy

Your privacy is central to the way we design and operate MomMirror. This document explains what information we access, how it is processed, and which controls you have when using the MomMirror mobile application ("MomMirror app" or "app").

1. About MomMirror

MomMirror is developed by an independent app studio based in Switzerland. If you have any privacy questions or would like to exercise your rights, email privacy@mommirrorapp.com.

2. Information We Collect

We follow a data-minimization approach. Most data lives locally on your device and never touches our servers. However, the app does connect to trusted partners (Firebase/Google, Apple, RevenueCat, and our AI processing providers) for authentication, subscriptions, analytics, crash reporting, push notifications, voice transcription, and encrypted backups.

Information you add directly

• Profile information: Nickname, language preference, perinatal stage, pregnancy timeline, high-level relationship/support context, voluntary notes, and the number of children. Real names or contact info are optional.
• Daily conversations and check-ins: Chat messages, reflections, wellbeing stats (sleep, mood, energy, baby), todos, affirmations, and gratitude entries.
• User-generated content: Daily memories, journaling notes, and optional images you attach to memories or todos.
• Voice recordings (optional): Audio files you choose to record for transcription are temporarily uploaded to our secure backend for processing.

Information collected automatically

• Authentication data: Firebase Authentication stores basic account metadata (e.g., email, Apple or Google user ID) needed for sign-in and fraud prevention.
• Subscription and billing data: RevenueCat receives purchase history, Store transaction identifiers, currency, and entitlement status to manage premium plans.
• Device and app identifiers: Firebase/App Check tokens, FCM push tokens, App Instance IDs, device model, OS version, timezone, and locale. These identifiers support login persistence, push notifications, security, analytics, and crash reports.
• Diagnostics and analytics: Firebase Analytics and Crashlytics gather anonymized usage events (screen views, button taps), crash logs, and stack traces so we can monitor stability. No chat content, wellbeing stats, or profile fields are intentionally sent to these services.
• Encrypted backups metadata (optional): If you enable cloud backups, encrypted payloads and manifests are stored in Firebase Storage along with minimal metadata (timestamps, checksum, file sizes). The encryption keys are protected with your PIN and synced only after you unlock the key.

We do not collect advertising identifiers or participate in third-party ad networks.

3. How We Use Your Information

Your information is only used to provide the MomMirror experience:

• App functionality: Profile details, wellbeing stats, todos, and memories stay on your device and power features such as insights, the Flower Garden, and reminders.
• AI-powered replies: When using the chatbot or transcription, the app sends only the minimum context required (recent messages, relevant profile fields, and stats) to our secure Firebase Function, which relays the request to our AI processing partner strictly to generate a response. Providers are contractually prohibited from training on or storing this data beyond what is necessary to serve the request.
• Push notifications: Firebase Cloud Messaging uses your device token, timezone, and scheduling preferences to deliver reminders and updates.
• In-app purchases: RevenueCat and the respective app stores use purchase information to determine subscription status, enforce plan limits, and unlock premium features.
• Support: If you contact us via email or in-app export, we use the provided contact details solely to resolve your request.
• Security and abuse prevention: Firebase Auth, App Check, and backend logs help us detect fraud, secure accounts, and protect backup encryption keys.

We do not sell your data, use your conversations to train AI models, or perform interest-based advertising.

4. Storage, Backups, and Security

• Local storage: Chats, stats, profile data, todos, and most settings are stored locally using SharedPreferences or local files. Deleting the app erases this data.
• Encryption keys: Sensitive keys (API keys, DEK metadata, PIN secrets) are stored in flutter_secure_storage, which leverages iOS Keychain or Android's EncryptedSharedPreferences.
• Cloud backups (opt-in): You can enable encrypted backups. When enabled, your data is bundled, encrypted with a Data Encryption Key (DEK) derived from your PIN, and uploaded to Firebase Storage. The DEK is never stored unencrypted on our servers; without your PIN the backup is unreadable.
• In transit: All communications between the app, our Firebase Functions, RevenueCat, and AI providers use HTTPS/TLS.
• No human review: We do not manually inspect your conversations or stats unless you explicitly export logs to us for troubleshooting.

5. When We Share Information

We only share data with trusted infrastructure and service providers necessary to run the app:

We may also disclose information if required by law or to protect the rights, property, or safety of MomMirror, our users, or others. We do not share personal information with advertisers or data brokers.

6. Analytics, Crash Reporting, and Diagnostics

Firebase Analytics and Crashlytics gather:

• Event metadata such as screen views, button taps, and feature usage counts.
• Crash traces, stack information, device model, OS version, battery state, and locale.
• App performance data (cold start times, background fetch results).

This helps us detect bugs, prioritize stability work, and debug support tickets. These services do not receive chat text, wellbeing stats, or profile content. You can disable analytics/crash reporting in Settings → Privacy once we expose that control (or by disabling "Share analytics" in iOS/Android system settings).

7. Your Rights and Controls

Because data primarily lives on your device, you stay in control:

• Access & correction: View and edit profile information, stats, todos, and memories directly inside the app.
• Delete specific data: Use Settings → Data & Backup to delete today's data, clear everything, remove backups, or reset encryption keys.
• Delete everything: Uninstalling the app or using the in-app "Delete All Data" action wipes local storage. You can also run a "nuke-and-reinit" to purge encrypted cloud backups and DEKs.
• Export: Use the export tools to generate a ZIP backup (encrypted with your PIN) for safekeeping or transfers.
• Opt out of backups: Simply avoid enabling the cloud backup feature, or clear existing backups via the Data & Backup screen.

If you need assistance exercising your rights, email privacy@mommirrorapp.com.

8. Data Retention

• Local data: Persists on your device until you delete it or uninstall the app.
• Encrypted backups: Retained until you delete them through the Data & Backup screen or request assistance. We periodically prune abandoned backups after extended inactivity to reduce exposure.
• Telemetry data: Analytics and crash logs are retained by Firebase per their standard retention periods (currently up to 14 months) and are aggregated and anonymized.

9. Children's Privacy

MomMirror is intended for adults (18+). We do not knowingly collect information from children. If you believe a minor has provided data, contact us so we can remove the information and disable access.

10. Changes to This Policy

We may update this policy as features evolve. If we make material changes, we will notify you in-app or via release notes. Continued use of the app after an update means you accept the revised policy. You can always view the latest version inside the app or at https://mommirrorapp.com/privacy.