This Privacy Policy describes how Punn ("we", "us", or "our") collects, uses, shares, and protects your personal data when you use the Punn mobile application ("App"). This policy complies with the General Data Protection Regulation (GDPR) of the European Union and the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand.
The data controller responsible for your personal data is:
For privacy-related requests, please email us with the subject line "Privacy Request".
When you create an account, we collect your email address and display name through Supabase Authentication. You may sign in using Apple or Google OAuth, in which case we receive only the information you authorize those providers to share (typically email and name).
You provide your baby's name, date of birth, and gender. This data is used to personalize app features such as age-appropriate tracking and growth charts.
You manually log events including feeding times and amounts, sleep periods, diaper changes, growth measurements (weight, height, head circumference), health events (temperature, symptoms, medications), and pumping sessions.
When you use the cry analysis feature, audio is captured and processed entirely on your device using an on-device machine learning model. Only the classification result (e.g., "hungry") and confidence scores are stored. No audio recordings are transmitted to our servers or any third party.
When you use the AI chat assistant, your messages and relevant tracking context (such as recent feeding and sleep data) are sent to our chat server for processing. Chat messages are not persisted on our servers after processing -- they are handled statelessly. Baby names are not stored in server-side logs.
If you choose to submit feedback on a cry analysis result (for example, correcting an incorrect classification), you may optionally upload the cry recording along with your correction. This requires your explicit consent via a data sharing toggle in the app. Feedback data is used solely for improving the machine learning model.
We use your tracking data, baby profile, and cry analysis results to provide the core features of the app: event logging, reports, charts, insights, and growth tracking.
When you use the chat feature, your tracking context (recent events, baby age) is shared with OpenAI to generate personalized responses. No audio data is sent to OpenAI. Baby names are not persisted in server-side logs.
If you sign in, your tracking data and baby profiles are synced to the cloud via Supabase so you can access your data across multiple devices. Cloud sync is optional -- the app works fully offline.
If you invite a partner, your baby profile and tracking data are shared with that person. Sharing requires explicit invite acceptance by the partner. You can revoke access at any time.
If you submit feedback with your explicit consent, the feedback data (cry recording and correction) may be used to retrain and improve the cry classification model. This data is anonymized and cannot be linked back to your account.
We rely on your consent for: feedback and recording uploads, data sharing toggle activation, and partner sharing invitations.
We process your data as necessary to provide the core app features you signed up for, including tracking, cry analysis, reports, and cloud sync.
We have a legitimate interest in improving our service quality, maintaining security, and preventing abuse.
Chat context (recent tracking data, baby age) is sent to OpenAI for generating AI chat responses. No audio data is shared with OpenAI. Baby names are not persisted in server-side logs.
If you enable cloud sync, your data is stored in Supabase (hosted on AWS). Data is encrypted at rest and in transit.
If you sign in with Apple or Google, these providers handle authentication only. We do not share your app data with them.
We do NOT use any advertising SDKs, analytics tracking libraries, or data brokers. Your data is never sold or shared for advertising purposes.
Data stored on your device is retained until you delete it manually or uninstall the app.
Cloud-synced data is retained until you delete your account. You can request account deletion at any time by emailing [email protected].
Chat messages are not persisted on our servers. They are processed statelessly and discarded after the response is generated.
Feedback recordings submitted with your consent are retained for model training purposes. They are anonymized and cannot be traced back to your account.
Under the GDPR (Articles 15-22) and the Thai PDPA (Sections 30-36), you have the following rights:
To exercise any of these rights, email us at [email protected] with the subject "Privacy Request".
You also have the right to lodge a complaint with:
Punn is designed for and operated by parents and caregivers. Baby data entered in the app is parental data about a child, not data collected directly from the child.
We do not knowingly collect personal data directly from children. The app does not target or enable use by children. If you believe a child has provided us with personal data without parental consent, please contact us at [email protected].
Your data may be processed in the following regions:
Where data is transferred outside the EEA or Thailand, we ensure adequate safeguards are in place, including standard contractual clauses and reliance on adequacy decisions where available.
We implement the following security measures to protect your data:
In compliance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand:
For PDPA-related inquiries, contact us at [email protected].
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
We will respond to your request within 30 days, as required by GDPR and PDPA.