Security

Built to protectthe quietest data of all.

Health information about a child is the most sensitive data a family can hold. Treating it like that is the whole design.

Where your data lives

All records live in Supabase under ONROOM Inc.'s account. The region is configurable; current default is North America.

Every row is bound to a family_id. Database policies prevent any cross-family read, even at the API layer.

Advertising identifier mappings

Precise device location

Your phone contacts

Your calendar entries

Face ID and Touch ID are processed locally inside the Secure Enclave. They never leave the device — not even to us.

Stripe, Inc.

Payment processing for Premium.

Supabase, Inc.

Database, authentication, realtime sync, and file storage.

OpenAI, LLC

Optional Berry AI assistant. PII is removed before any request; OpenAI is contractually barred from training on this data.

Google AdMob

Free tier only. Rewarded ads only. SDK is not initialized on Premium.

Google Analytics for Firebase

Aggregate app analytics. Opt-out toggle inside the app.

Account deletion is a 30-day soft delete followed by permanent removal. You can restore within the 30-day window.

Under PIPEDA and PIPA you can access, correct, delete, and withdraw consent at any time. Contact [email protected].