Privacy Policy

Poppins("we", "us", the "Service") is a mobile app that helps families stay organised. This policy explains what we collect, why, how long we keep it, and what choices you have. We've tried to write it plainly — if anything is unclear, email privacy@poppins.app.

1. Who we are

Poppins is operated by Poppins Pty Ltd, an Australian company. For the purposes of the EU/UK GDPR we are the data controller for the personal data we hold about you.

2. What we collect

Information you give us directly

• Account: email address, password (hashed), authentication tokens.
• Family profile: family name, timezone, member display names, roles (adult or child), and any dietary preferences or notes you add.
• Chat messages:text and voice messages you send to the assistant, plus any memories the assistant stores on your behalf (e.g. "Lucy's teacher is Mrs. Patel").
• Voice recordings: short audio clips you record for voice input. We transcribe them to text and then discard the audio — we do not retain voice files.
• Inbox credentials: if you connect an email account, we store your IMAP server address and an application-specific password. App passwords are encrypted at rest with AES-256-GCM using a key we hold separately from the database.
• Email content you approve:extracted details from emails you've told Poppins to watch (sender, subject, date, extracted events or reminders). We do not store full raw email bodies longer than needed to process them.
• Calendar data:if you connect Google Calendar, we read today's events for your daily briefing and may create events you explicitly approve. We do not store a full copy of your calendar.
• Push tokens: the device token issued by Apple or Google so we can deliver your morning briefing and notifications.

Information collected automatically

• Usage data: features used, request timestamps, and AI token usage (for cost control). Not used for advertising.
• Diagnostic data: crash reports and error logs via Sentry. These may include a correlation ID, device model, and OS version, but are scrubbed of message content.
• Subscription events: receipts and status from Apple via RevenueCat (purchase, renewal, cancellation). We do not see your card details — those stay with Apple.

Information we do not collect

• We do not access your contacts, photos, or location.
• We do not scan any emails except the ones you explicitly connect and approve.
• We do not use advertising SDKs, run ad networks, or sell any personal data.

3. How we use it

• To provide the Service:answer your messages, generate your morning briefing, remember things you've told us, surface emails that need attention.
• To operate your account: authentication, billing, customer support.
• To improve the Service: fix bugs, understand which features are used, monitor cost and performance.
• To keep it safe: detect abuse, enforce rate limits, comply with law.

4. AI processing

Your messages are processed by large language models from Anthropic and OpenAI, accessed through Vercel AI Gateway, in order to generate assistant responses. These providers are contractually prohibited from training their public models on your data. Transcription is done by OpenAI Whisper. We do not share personal data with any model provider for any purpose other than serving your request.

5. Who we share data with (subprocessors)

We rely on a small number of service providers to run Poppins. Each is contractually required to protect your data and process it only on our instructions.

• Supabase— database, authentication, and file storage (hosted in the region we've configured for your family).
• Vercel — hosting for our web backend and the AI Gateway that routes model requests.
• Anthropic and OpenAI — AI model providers accessed via Vercel AI Gateway.
• RevenueCat — subscription management.
• Apple — App Store payment processing and push notification delivery (APNs).
• Expo — push notification routing and over-the-air app updates.
• Google — only if you connect Google Calendar.
• Sentry — error and performance monitoring.
• Upstash — rate limiting (no personal data stored, only family identifiers).

We will update this list when it changes materially. We do not share data with any other third parties, and we do not sell it.

6. Where your data is processed

Data is processed in the United States and the European Union depending on the subprocessor. Standard Contractual Clauses (or their UK/EU equivalents) cover any transfer out of your region.

7. How long we keep it

• Account data: as long as your account is active, plus up to 30 days after deletion for backups.
• Chat history and memories: until you delete them or close your account.
• Voice recordings: discarded immediately after transcription.
• Email bodies:not retained. Only the extracted fields you've approved are stored.
• Diagnostic logs: 90 days.
• Subscription records: kept as long as legally required for tax and accounting.

8. Your rights

You can at any time:

• Correct or update your profile in-app.
• Delete individual memories and messages in-app.
• Disconnect connected inboxes or calendars in-app.
• Delete your entire account and all associated data in-app (Settings → Delete account).
• Withdraw consent and stop using the Service at any time.
• Request a machine-readable export of your data by emailing privacy@poppins.app— we'll send a JSON file of your profile, family members, memories, and chat history within 30 days.

Residents of the EU, UK, California, and other jurisdictions with equivalent laws have additional rights (portability, objection, restriction, non-discrimination). To exercise any of these, email privacy@poppins.app. We'll respond within 30 days.

9. US state privacy notice

For US residents, including California residents, Poppins does not sell personal information, share personal information for cross-context behavioural advertising, or use sensitive personal information to infer characteristics for advertising. We do not run advertising SDKs or targeted advertising inside the app.

Depending on where you live, you may have rights to know, access, correct, delete, export, or appeal a privacy decision. You can use the in-app export and delete tools, or email privacy@poppins.app. We will verify requests using your account email or another reasonable method before acting on account-level data.

10. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Inbox app passwords and OAuth refresh tokens are additionally encrypted at the application layer with AES-256-GCM. Access to production systems is limited to the engineers who need it and logged. Despite our best efforts, no online service can be 100% secure — we'll notify you without undue delay if we become aware of a breach that affects you.

11. Children

Poppins is for adults running a household, but the people in that household often include children. Only adults (18+) can create an account, start a trial, or subscribe. Adults may add children as "child profiles" within the family — those profiles are private context managed by the adult account holder, not separate accounts for children.

Poppins is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 (or under 16 in the EU). Children should not create accounts, connect inboxes or calendars, or use Poppins directly. If you believe a child has created an account or given us information directly, contact us and we will delete it.

12. Changes

We'll post material changes to this policy here and, if the change meaningfully affects your rights, notify you by email or in-app at least 7 days before it takes effect.

13. Contact

Questions, concerns, or requests: privacy@poppins.app. If you're in the EU or UK and aren't happy with our response, you have the right to complain to your local data protection authority.