Toddl Privacy Policy
Last updated: 2026-05-01
Who we are
Toddl is a small independent app operated as a sole proprietorship ("we", "us"). You can reach us at hello@toddl.family.
What data we collect
Account data
- Email address (from Apple/Google OAuth or direct sign-up)
- User identifier from the auth provider
- Display name / parent title (optional, user-provided)
- Avatar — a photo you upload, or an auto-generated initial on a colored disc
Family content you create
- Family name
- Children's names and optional birthdays
- Captured words: the word, meaning, context, capture mode, date, and any dialogue lines
- Favorites, first-word flags
Technical data
- Device type and OS version (when app crashes are reported)
- Location (only when you tag a memory with a place): the place name, and — if you choose "use my location" — the latitude/longitude
- IP address (processed transiently by our hosting provider for connectivity)
What we do NOT collect
- Advertising identifiers (IDFA/AAID)
- Third-party tracking cookies
- Contacts, photos, camera, or microphone (except features you actively invoke)
- Precise GPS location outside the feature you opt into
Why we collect it
- Account data — to authenticate you and link your content to your family
- Family content — this is the core product you create; stored so you can see it
- Technical data — to diagnose crashes (via Sentry) and ensure the service works
We do not sell, rent, or trade your data to anyone.
Where data is stored
- Application database & auth: Supabase (Postgres)
- Crash reports: Sentry
- Media (photos and voice clips you attach to a memory): Supabase Storage
Each provider operates globally-distributed infrastructure. Data is encrypted in transit and at rest.
Voice transcription (automated processing)
Toddl has two voice features and they handle audio differently:
- Voice capture (the "hold to record" flow that fills out a memory for you): the audio you record is sent to Google Gemini for automated processing. Gemini returns a transcription plus structured metadata (which child spoke, who else was present, the type of moment, the inferred date). We use this to pre-fill the capture screen so you can review and edit each field before saving. The audio file itself is deleted from your device after processing and is not stored on our servers. The transcription text is shown in the app and the extracted fields (word, meaning, dialogue, place, date) are editable.
- Voice clips attached to a memory (the "+ Record clip" button next to a memory you're saving): these audio files are uploaded and stored in our media storage so you can play them back later. They are not sent to Gemini.
We do not use any voice recording to train Gemini's models — Google's standard processing terms apply.
You can avoid voice processing entirely by using the typed capture flow.
Children's data (COPPA / GDPR-K)
Toddl is designed for adults (parents/guardians) capturing content about their own children. It is not directed at children under 13. We do not knowingly collect personal information directly from children. The content about children is captured and controlled by the parent/guardian account holder. If you believe a child has submitted data directly, contact us and we will delete it.
Your rights
- Access: request a copy of your data via email
- Deletion: in-app via Settings → "Delete account". This permanently removes your family, children, words, and auth record. There is no recovery.
- Correction: edit content directly in the app, or contact us
- Portability: JSON export of your family's content on request
- Withdrawal of consent: stop using the app and/or delete your account
If you are in the EU/UK, you have additional rights under GDPR including the right to lodge a complaint with a supervisory authority.
If you are in California, you have additional rights under CCPA/CPRA.
Data retention
- Active accounts: as long as you use the service
- Deleted accounts: permanently removed from our live database immediately. Backup copies are purged within 30 days.
- Crash reports: 30 days (Sentry free tier default)
Third parties
| Vendor | Purpose | Data shared |
|---|---|---|
| Supabase | Database, auth, media storage (photos and voice clips) | All account + family content |
| Google Gemini | Voice transcription + classification | Audio you record in the voice capture flow, sent for processing and not retained after the response is returned |
| Apple | Sign in with Apple | Email (relay or actual), name (first sign-in only) |
| Sign in with Google | Email, profile info | |
| Sentry | Crash reporting | Anonymized stack traces, user ID |
Security
- Supabase Row-Level Security restricts data access to your own family
- All traffic is TLS (HTTPS) encrypted
- Passwords (if used) are hashed by Supabase Auth using industry-standard algorithms
- We follow Apple's App Transport Security requirements
Changes
We will post any changes to this policy here and, if material, notify you in the app before they take effect.
Contact
- Email: hello@toddl.family
Regulatory addresses
Toddl is not currently distributed on the EU or UK App Store. If we expand availability to those regions we will appoint an Article 27 GDPR representative and update this section.