Whisperwood Studio LLC ("Fawn," "we," "us," "our") operates the Fawn mobile application. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have.
Fawn is a baby tracking and parenting wellness app designed for use by parents and caregivers. It is not designed for or directed at children.
If you have questions, contact us at hello@fawn.baby.
1. Information We Collect
A. Information You Provide
Account Information
- Email address
- Display name (optional)
- Authentication credentials (managed by Firebase Authentication; we do not store passwords)
Baby Profile Information
- Baby's first name
- Date of birth
- Sex (optional)
- Photo (optional)
Baby Health and Tracking Data
- Feeding records (type, amount, duration, side)
- Sleep and nap records (start/end times, quality)
- Diaper records (type, notes)
- Pumping records (amounts, duration)
- Growth measurements (weight, length, head circumference)
- Temperature readings
- Symptom observations
- Medication names and doses
- Food introduction and allergen tracking
- Milestone records
- Doctor visit records and notes
- Tummy time records
Parent/Caregiver Wellness Data
- Mood and energy levels
- Sleep quality
- Wellness check-in responses
- Breathing session records
- Journal entries (stored only on your device; never uploaded to our servers)
- Blood pressure and weight (optional record-keeping)
- Symptom tracking
Caregiver Information
- Email addresses of invited caregivers
- Caregiver names (optional)
- Invitation status
AI Conversation Data
- Messages you send to Mother Willow (our AI companion feature)
- These messages are not stored on our servers after your session ends
Feedback and Support
- Messages submitted through feedback, bug report, and support contact forms
- Email address (if you opt in to follow-up)
B. Information Collected Automatically
Device and Usage Information
- Crash reports and error logs (via Firebase Crashlytics)
- Your user ID is associated with crash reports to help us diagnose issues
- App version, device type, and operating system
- We do not use third-party analytics or advertising SDKs
Subscription Information
- Purchase and subscription status (managed by RevenueCat)
- We receive subscription state (active, trial, expired) but not payment details
2. Google User Data
This section specifically addresses how Fawn interacts with Google user data, in compliance with the Google API Services User Data Policy.
Data Accessed via Google Sign-In
When you sign in with Google, Fawn accesses the following Google user data:
- Email address — Your Google account email address
- Basic profile information — Your display name and profile photo URL (if available)
Fawn requests only the minimum scopes necessary for authentication. We do not access your Google contacts, calendar, Drive files, Gmail, or any other Google services.
How Google User Data Is Used
- Authentication: Your Google email and user ID are used solely to create and authenticate your Fawn account via Firebase Authentication
- Account identification: Your email address is used to identify your account within the app, enable caregiver invitations, and facilitate account recovery
- Display name: If provided, your Google display name may be used as a default display name within the app (you can change it at any time)
Google user data is not used for advertising, marketing, profiling, or any purpose unrelated to providing Fawn's core functionality.
How Google User Data Is Shared
Google user data obtained through Google Sign-In is shared only with the following service providers, solely for the purposes described:
| Provider | Data Shared | Purpose |
|---|---|---|
| Google Firebase Authentication | Google OAuth credential, email, user ID | Account creation and authentication |
| Google Firebase Firestore | User ID, auth provider type ("google") | User document storage and access control |
| RevenueCat | Firebase user ID (not Google email) | Subscription management |
Google user data is never sold, shared with advertisers, shared with data brokers, or used to train AI/ML models.
How Google User Data Is Stored and Protected
- Google OAuth tokens are managed entirely by Firebase Authentication and are not stored directly by Fawn
- Your email address is stored in Firebase Firestore with access restricted to your account and authorized caregivers
- All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256 via Firebase)
- Firestore security rules enforce strict access control at the database level
- Server-side Cloud Functions use encrypted environment variables for all API keys and secrets
Google User Data Retention and Deletion
- Google user data is retained only for as long as your Fawn account is active
- You can delete your account at any time from within the app (Profile > Delete Account)
- Upon account deletion, all Google user data (email, user ID, auth records) is permanently and irreversibly deleted from Firebase Authentication, Firestore, and all associated services
- There is no backup or recovery of deleted data
- You may also contact hello@fawn.baby to request deletion of your data
3. How We Use Your Information
We use your information to:
- Provide core functionality: Track baby feeding, sleep, diapers, growth, and health events
- Generate insights: Identify patterns in your baby's data to surface observations — never diagnoses or medical advice
- Power AI conversations: When you use Mother Willow, your message and limited context are sent to our AI provider to generate a response
- Enable caregiver access: Share baby tracking data with caregivers you explicitly invite
- Manage your subscription: Process and verify Fawn Premium subscription status
- Improve reliability: Use crash reports to identify and fix bugs
- Communicate with you: Send system notifications and respond to support requests
- Protect our service: Enforce rate limits, prevent abuse, and maintain security
We do not use your information to:
- Sell to third parties
- Serve advertisements
- Build advertising profiles
- Train AI models
- Make medical diagnoses or provide medical advice
4. AI-Powered Features
Mother Willow
Mother Willow is an AI companion feature available to Fawn Premium subscribers. When you send a message to Mother Willow:
- Your message text is sent to OpenAI (our AI provider) via a secure server-side connection
- Limited context is included: your baby's first name, age in months, and a summary of recent tracking patterns
- Your conversation history (up to the last 6 messages in the current session) is included for continuity
- No detailed health records (specific feeding amounts, temperatures, medication doses, etc.) are sent to OpenAI
OpenAI's data handling: Under OpenAI's API terms, inputs and outputs sent via the API are retained for up to 30 days for abuse monitoring, and are not used to train models.
Mother Willow is not a medical professional. It does not diagnose, prescribe, or provide medical advice. For medical concerns, always consult your pediatrician or healthcare provider. Mother Willow is optional.
5. How We Share Your Information
We share your information only in the following circumstances:
Service Providers
| Provider | What We Share | Purpose |
|---|---|---|
| Google Firebase (Firestore, Auth, Storage, Crashlytics) | Account data, baby profiles, tracking events, crash reports | Core infrastructure, data storage, authentication, error reporting |
| OpenAI | AI conversation messages, baby first name, age, pattern summaries | Power Mother Willow AI companion responses |
| RevenueCat | User ID, subscription state | Subscription and purchase management |
| Resend | Email addresses (for invitations, support) | Transactional email delivery |
| Apple | Purchase receipts, subscription state | In-app purchase processing |
Caregivers You Invite
When you invite a caregiver, they gain access to your baby's tracking data. You control caregiver access and can revoke it at any time.
Legal Requirements
We may disclose information if required by law, legal process, or government request.
We Do Not Sell Your Information
We do not sell, rent, or trade your personal information to any third party. We do not share your information for advertising or marketing purposes.
6. Data About Children
Fawn collects information about babies and young children, as entered by their parents and caregivers. Fawn does not collect information directly from children.
What we collect about children: First name, date of birth, sex, photo (optional), and health/tracking data as described in Section 1A.
How it is protected:
- Only the baby's parent (account owner) and explicitly invited caregivers can access baby data
- Caregiver access requires acceptance of a secure invitation
- Access can be revoked by the parent at any time
- All baby data is deleted when the parent deletes their account (if no other caregivers have access) or transfers ownership
Parental rights: As the parent, you may at any time:
- Review all data collected about your child within the app
- Delete individual records or your entire account (which deletes all baby data)
- Revoke caregiver access
- Contact us at hello@fawn.baby to request information about data collected about your child
7. Health and Wellness Data
Fawn collects health and wellness data about both babies and parents as described in Section 1A. This data is used solely to provide the app's tracking and insight features.
Fawn is not a medical device or healthcare provider. Fawn does not provide medical advice, diagnoses, or treatment recommendations. All health data in Fawn is for personal informational tracking only.
How health data is protected:
- Stored in Firebase Firestore with access restricted to the account owner and authorized caregivers
- Transmitted exclusively over encrypted connections (HTTPS/TLS)
- Firebase encrypts data at rest using AES-256
- Parent wellness data (journal entries, mood check-ins, breathing sessions) is stored locally on your device and is never uploaded to our servers
- Health data is never sold, used for advertising, or shared with insurers, employers, or data brokers
In the event of a data breach involving your health information, we will notify affected individuals within 60 days of discovery, as required by the FTC Health Breach Notification Rule.
8. Data Retention and Deletion
Retention: We retain your data for as long as your account is active. We do not indefinitely retain data beyond what is necessary to provide the service.
Account deletion: You can delete your account at any time from within the app (Profile > Delete Account). When you delete your account:
- Your user profile is permanently deleted
- All babies you own (with no other caregivers) are deleted, including all events, summaries, and reports
- Babies with other caregivers are transferred to the next caregiver
- All caregiver invitations you created are deleted
- AI usage tracking data is deleted
- All local data on your device is cleared
- Your Firebase Authentication account is permanently deleted
Account deletion is irreversible. Deleted data cannot be recovered.
You may also request data deletion by emailing hello@fawn.baby.
9. Data Security
We implement appropriate technical and organizational measures to protect your information:
- All data in transit is encrypted using HTTPS/TLS
- All data at rest in Firebase is encrypted using AES-256
- Authentication uses Firebase Authentication with support for email/password, Apple Sign-In, and Google Sign-In
- Cloud Functions that process sensitive data run server-side; API keys are stored as encrypted secrets and never exposed to the client
- Caregiver invitations use 256-bit cryptographically random tokens
- Server-side rate limiting protects against abuse
- Firestore security rules enforce data access controls at the database level
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at hello@fawn.baby.
10. International Data Transfers
Fawn's infrastructure is hosted in the United States via Google Cloud Platform (Firebase). If you are located outside the United States, your data will be transferred to and processed in the United States.
For users in the EEA, UK, or Switzerland, these transfers are conducted pursuant to Google's Standard Contractual Clauses (SCCs) and other applicable transfer mechanisms under GDPR.
11. Your Privacy Rights
All Users
- Access: View your data within the app at any time
- Deletion: Delete your account and all associated data from Profile settings
- Correction: Edit your baby profiles, events, and personal information within the app
- Caregiver control: Add or remove caregivers at any time
European Economic Area, UK, and Switzerland (GDPR)
Under GDPR, you have the right to:
- Access your personal data (Article 15)
- Rectify inaccurate data (Article 16)
- Erase your data / "right to be forgotten" (Article 17)
- Restrict processing (Article 18)
- Data portability (Article 20)
- Object to processing (Article 21)
- Withdraw consent at any time (Article 7(3))
- Lodge a complaint with your local data protection authority (Article 77)
Legal basis for processing:
- Consent: AI conversations, optional wellness features, health data processing
- Contract performance: Core baby tracking functionality, account management
- Legitimate interests: Crash reporting, security, service improvement
California Residents (CCPA/CPRA)
Under the CCPA/CPRA, you have the right to know, delete, correct, and opt out. Fawn does not sell or share personal information as defined by the CCPA/CPRA.
To exercise your rights, contact us at hello@fawn.baby or use the in-app account management features.
Washington State Residents
Under the Washington My Health My Data Act, you have additional rights regarding consumer health data, including the right to consent to collection, sharing, and use of your health data, and the right to withdraw consent and request deletion at any time.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email. The "Last updated" date at the top of this policy indicates when it was last revised.
13. Contact Us
If you have questions about this Privacy Policy, your data, or your privacy rights:
Email: hello@fawn.baby
For GDPR-related inquiries, you may also contact your local data protection supervisory authority.
Fawn is operated by Whisperwood Studio LLC. Fawn is not a medical device. Tracking data and insights are for informational purposes only and should not replace professional medical guidance.