Privacy Policy

Last updated: February 9, 2025

1. Introduction

This Privacy Policy explains how notJust Development SL ("Company", "we", "us", or "our"), a company registered in Barcelona, Spain, collects, uses, discloses, and protects your information when you use the Baby Kick Counter: TinyKicks mobile application ("App").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Spanish Organic Law 3/2018 on the Protection of Personal Data ("LOPDGDD"), the California Consumer Privacy Act ("CCPA"), and other applicable data protection laws.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

notJust Development SL Barcelona, Spain Email: support@notjust.dev

3. Information We Collect

3.1 Information You Provide

  • Account Information: If you choose to sign in, we collect the information provided by your Apple or Google account, which may include your name and email address. You may also use the App anonymously without creating an account.
  • Kick Session Data: Kick counts, session timestamps, and movement logs you record within the App.
  • Support Requests: Information you provide when contacting our support team.

3.2 Information Collected Automatically

  • Usage Data: How you interact with the App, including features used, session duration, screens viewed, and actions taken. Collected via PostHog.
  • Device Information: Device type, operating system version, unique device identifiers, language settings, and mobile network information.
  • Purchase Data: Records of in-app purchases and subscription status, processed through RevenueCat.
  • Error and Performance Data: Crash reports and performance diagnostics collected via Sentry.

3.3 Information We Do NOT Collect

  • We do not collect precise geolocation data.
  • We do not collect health data beyond the kick session logs you voluntarily record in the App.
  • We do not collect data from users who have not installed and opened the App.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Providing the App and its features — Performance of a contract (Art. 6(1)(b))
  • Processing payments and subscriptions — Performance of a contract (Art. 6(1)(b))
  • Analytics and App improvement — Legitimate interest (Art. 6(1)(f))
  • Error tracking and diagnostics — Legitimate interest (Art. 6(1)(f))
  • Fraud prevention and security — Legitimate interest (Art. 6(1)(f))
  • Legal compliance — Legal obligation (Art. 6(1)(c))

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the App and kick tracking features
  • Process transactions and manage subscriptions via RevenueCat
  • Monitor App performance and fix errors via Sentry
  • Analyze usage patterns and improve the App via PostHog
  • Detect, investigate, and prevent fraud and abuse
  • Comply with legal obligations

6. Data Sharing and Third-Party Services

We do not sell your personal information. We share data with the following categories of service providers, who process data on our behalf:

  • Supabase — Database and authentication. Shares account info and app data. Located in US (us-east).
  • RevenueCat — Payment and subscription management. Shares purchase data and device ID. Located in US.
  • PostHog — Product analytics. Shares usage data and device info. Located in US.
  • Sentry — Error tracking. Shares crash reports and device info. Located in US.
  • Apple / Google — Authentication (optional). Shares auth tokens and email. Located in US.

We may also disclose your information:

  • To comply with applicable laws, regulations, or legal processes
  • To protect the rights, property, or safety of our Company, our users, or others
  • In connection with a merger, acquisition, or sale of assets (you will be notified)

7. International Data Transfers

Our Company is established in the EU (Spain), but your data is processed by service providers located in the United States. These transfers are conducted in compliance with the GDPR using one or more of the following safeguards:

  • EU-U.S. Data Privacy Framework (where the provider is certified)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Your explicit consent to the transfer

You may request a copy of the relevant safeguards by contacting us at support@notjust.dev.

8. Data Retention

  • Account data: Retained for as long as your account is active.
  • Kick session data: Retained for as long as your account is active to maintain tracking continuity.
  • Analytics data: Retained in anonymized/aggregated form.
  • Error logs: Retained for up to 90 days.

When you request account deletion, we will permanently delete your personal data within 30 days, except where retention is required by law. You can request account deletion at notjust.app/tinykicks/delete-account.

9. Your Rights

9.1 Rights Under GDPR (EU/EEA Users)

You have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten") of your personal data
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time, without affecting the lawfulness of prior processing
  • Lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or your local supervisory authority

9.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@notjust.dev or submit a deletion request at notjust.app/tinykicks/delete-account. We will respond within 30 days (or as required by applicable law).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Access controls and authentication for internal systems
  • Regular security assessments

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Age Restriction

The App is intended for users of all ages (rated 9+). We do not knowingly collect personal information from children under 13 without parental consent.

If we become aware that we have collected personal data from a child under 13 without appropriate consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@notjust.dev.

12. Anonymous Usage

You may use the App without creating an account. In this case, we assign an anonymous identifier to your device session. We still collect usage analytics and error data as described in Section 3.2. If you later connect an Apple or Google account, your anonymous data may be linked to your account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy in the App
  • Updating the "Last updated" date at the top of this page

We encourage you to review this Privacy Policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

notJust Development SL Barcelona, Spain Email: support@notjust.dev