Privacy Policy
Last Updated: 04/01/2026
Our Commitment to Privacy
Your privacy is important to us at Heartful Sprout Inc. (“Company,” “we,” “us,” or “our”), and we are committed to safeguarding, preserving, and respecting your privacy rights. This online privacy statement (the “Statement” or “Notice”) describes how we collect, use, disclose, and secure the personal information we gather about you through our website and our related applications (collectively, the “Platform”) or otherwise. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
For purposes of this Statement, personal information means data that classifies as personal information, personal data, personally identifiable information, or similar terms under applicable data privacy and security laws and regulations. It does not include data excluded or exempted from those laws and regulations, such as deidentified, anonymized, or aggregated data. Nothing in this Statement will constitute an admission or evidence that any particular data privacy or information security law or regulation applies to the Company generally or in any specific context.
You Consent to This Statement
You should read this Statement carefully. We recommend printing and retaining a copy for your future reference. By accessing, browsing, or otherwise using the Platform, you confirm that you have read, understood, and agreed with this Statement. If you do not agree to this Statement, you may not use this Platform.
This Statement applies regardless of how the Platform is accessed and will cover any technologies or devices by which the Company makes the Platform available to you.
If you have any questions or concerns about our personal information policies or practices, you can contact us via the methods described in the “How to Contact Us” section below.
The Information We Collect and How
We collect the information you voluntarily provide directly to us, such as when you complete a form or submit information to us. We also collect information when you interact with the Platform, for example, through our use of cookies. We may collect the following information that you provide to us:
Using our Platform. If you use our Platform, we will collect the information you voluntarily provide to us. The information may vary depending on which level of service you purchase, but it may include your name, phone number, email address, mailing address, as well as your child’s date of birth, height and weight, and cultural cuisine preferences. If you subscribe to a level of service that requires payment, our payment provider will collect the necessary information to process your payment.
Protecting Children's Online Privacy. In our applications, we also collect detailed child health and tracking data you voluntarily enter, including child profile information, growth and health records, feeding, sleep, and developmental data, and maternal wellness information. Maternal wellness data is private to your account and not shared with any third party.
Email or Contacting Us. If you send us an email or otherwise contact us, we will collect your email address and any information that you provide in the email.
Social Media. If you interact with our Platform by sharing on a social media platform, we may collect information that you post. Please note that your comments will be visible to the public, so you should never share personal information that you would like to keep private.
Job Applications and Employment. If you apply for a job with or are employed or contracted by us, we will collect various pieces of information about you to administer the employment relationship, provide benefits, and ensure security. Such information will vary depending on your role, but it would likely include name, social security number, educational information, and financial account information.
Information We Collect as You Navigate Our Platform
We automatically collect certain information as you use the Platform, such as the following:
Usage Information. We may collect information automatically through your use of the Platform, such as which of the pages on the Platform you access, the frequency of access, and how long you spend on our Platform.
Device Information. We may collect information about the device you are using, such as hardware model, operating system, application version number, browser, and IP addresses.
Mobile Device Information. In addition to the Device Information listed above, when you access our Platform via a browser on your mobile device, we may collect mobile network information, including telephone number, the unique device identifier assigned to that device, mobile carrier, operating system, and other device attributes.
Location Information. We may collect information about your actual location, which may be determined from GPS and other sensors that may reveal information on or nearby devices, Wi-Fi access points, and cell towers.
Analytics. For product analytics we collect anonymized event names and a pseudonymous user ID only; no health data values are transmitted. Crash reports include error stack traces, device info, and your user ID, sampled at 20% of sessions.
Push notifications. Reminder content such as a child’s name is composed locally on your device. Notification text is not transmitted to our servers.
What the Heartful Baby app does not collect. The Heartful Baby app does not request access to your location, camera, photos, microphone, or contacts.
Types of Cookies. Purpose. and Who Serves
Provide you with more personalized content that is most relevant to your interest areas; and
Essential. These Cookies are required for the operation of the Services and enable you to move around the Services and use its features. Disabling these Cookies can negatively impact the performance of Services. (Google)
Functionality. These Cookies are used to recognize you when you return to the Site. This enables us to personalize content for you and remember your preferences. These Cookies also enable your interactions with the Services such as emailing us. (Google)
Analytics, Performance, and Research. These Cookies, beacons, and pixels allow us to analyze activities on the Services. They can be used to improve the functioning of the Services. For example, these Cookies recognize and count the number of visitors and see how they move around the Services. Analytics Cookies also help us measure the performance of our advertising campaigns to help us improve them and to optimize the content on the Services for those who engage with our advertising. (Google)
Social Networking. These Cookies are used to enable you to share pages and content that you find interesting on our Services through third-party social networking and other websites. These Cookies may also be used for advertising purposes. (Google)
Advertising. These Cookies and pixels are used to deliver relevant ads, track ad campaign performance, or track email marketing. (Google)
We do not use any cookies, pixels, or other tracking that discloses to any third party information that identifies a person as having viewed specific video materials.
How Long Do Cookies Stay on My Device?
Some Cookies operate from the time you visit the Services until the end of that particular browsing session. These Cookies, which are called “Session Cookies,” expire and are automatically deleted when you close your Internet browser.
Some Cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These Cookies are called “Persistent Cookies” and the length of time they will remain on your device will vary from Cookie to Cookie. Persistent Cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Services, how your use of the Services may change over time, and the effectiveness of advertising efforts.
Managing Your Cookies
It may be possible to block Cookies by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including Essential Cookies), you may not be able to access all or parts of the Services.
You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org.
Does the Site Respond to “Do Not Track” Signals?
At this time, our Site does not respond differently based on a user.
How We Use the Personal Information
We use personal information we collect about you or that you provide to us in the following ways:
To present our Platform and its contents in a suitable and effective manner for you and your device;
To contact you to provide you with information or services that you request from us;
To advertise services or campaigns that we think may be of interest to you;
To provide customer support, troubleshoot issues, manage accounts, and respond to requests, questions, or comments;
To comply with our legal obligations and enforce our rights arising from any contracts;
To notify you about any additions, upgrades, or changes in our services;
To further business operations and protections of business interests and security;
To share with service providers, including third-party companies and individuals the Company engages from time to time, to facilitate our website, mobile apps, and the Platform;
To personalize your experience on our website or mobile apps; and
To improve the expand our offerings, on our website, mobile apps, and the Platform, including using aggregated, anonymized, and de-identified data collected from users to train the Company's artificial intelligence models and algorithms
To generate growth percentile calculations, developmental milestone tracking, food introduction guidance, and other informational insights for app users.
We do not use your personal information or your child’s health data to serve advertisements. We do not sell your personal information. For details on how we use child health data specifically, see the “COPPA — Children’s Data” section below.
Advertising and Marketing Choice
If you do not want to receive marketing communications or would like to understand more about other unsubscribe options, please contact us as set out in the “How to Contact Us” section below.
For marketing email communications, you can opt-out and/or manage your preferences by clicking on the unsubscribe link provided at the bottom of any email you receive from us. If we call you with information you do not want to receive, you can advise us of this during the telephone call.
How Long Is Your Personal Information Kept
The Company retains your personal information to the extent it is necessary for the purpose for which it was collected. The Company will delete your personal information when it is no longer necessary for the purpose for which it was collected, or upon your request, subject to exceptions as discussed in this Statement or under applicable law, contract, or regulation.
When you delete a tracking entry or your account, your data is deleted instantly. Anonymized analytics events are retained for up to 24 months, and crash reports are retained for 90 days. These same retention timelines apply across all the applications. For children's data retention specifically, see the "COPPA — Children's Data" section below.
You may request a full export of all your personal data in JSON format at any time from within the app.
Our Commitment to Data Security
The security of your personal information is important to us. We take various reasonable organizational and technical measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. If required by law to do so, we will notify you and/or the relevant supervisory authority in the event of a data breach.
However, we cannot and do not guarantee complete security, as no method of transmission over the Internet, or method of electronic storage is 100% secure.
We use industry-standard security measures including encryption of data in transit and at rest, secure authentication, and strict access controls ensuring each user can only access their own data.
Our Commitment To Children’s Privacy
Protecting the privacy of the very young is especially important. Although parents may enter information about their children, this Platform is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. In the event that we learn that we have collected personal information from a child under age 13 without verification or parental consent, we will immediately delete that information. If you believe that we might have any information from or about a child under 13, please contact us using the information provided in the “How to Contact Us” section below.
Our collection and use of children’s personal information across all Heartful Sprout applications is governed by the Children’s Online Privacy Protection Act (COPPA). The complete details of what we collect, how we use it, who it is shared with, your parental rights, and our data retention practices for children’s data are all set out in the “COPPA — Children’s Data” section below.
COPPA — Children's Data
This section provides the disclosures required under the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC’s implementing regulations (16 C.F.R. Part 312), as amended effective 2025. It applies to all Heartful Sprout applications. The Platform is directed to parents and legal guardians aged 18 or older. All personal information about a child is entered by the parent or legal guardian as the account holder. Children are not direct users of the Platform.
What child data we collect
When you use our applications, you may enter the following categories of personal information about your child:
Identity data: name, date of birth, biological sex, gestational age
Growth data: weight, height, BMI, head circumference, WHO/CDC growth percentiles
Health and medical records: vaccinations (name, dose, date, provider), medications (name and dosage), doctor visits (type and provider), temperature readings
Feeding data: breastfeeding duration, bottle amounts, formula type, pumping logs
Sleep data: sleep start and end times, nap versus night sleep
Diaper data: type, stool color, consistency
Food introduction and allergen data: foods introduced across 156 categories, observed allergic reactions (hives, swelling, vomiting, etc.)
Developmental milestones: social, language, cognitive, and physical milestone completion dates based on CDC guidelines
Custom tracker data: any data you choose to enter using user-defined counter, timer, boolean, or note trackers
How we use child data
We use your child’s personal information solely to provide the tracking and logging features of the app, calculate growth percentiles, display developmental milestone progress, generate food introduction and allergen records, enable data sharing with caregivers and clinicians you explicitly invite, and generate data exports at your request. We do not use your child’s personal information for targeted advertising, behavioral profiling, or any commercial purpose unrelated to providing the app’s features to you.
How we disclose child data and to whom
Your child’s personal information is disclosed only in the following circumstances:
Caregivers you invite: adults you explicitly invite via email receive access to your child’s tracking data. You control this and can revoke it at any time.
Clinicians you connect: healthcare providers you connect via invite code can view your child’s health data through a provider portal. You must accept an explicit disclosure screen before any connection is established. You can disconnect a clinician at any time.
Infrastructure service providers: Supabase (database) and Hasura (clinician matching) process child data on our behalf as data processors integral to operating the app. They are prohibited from using child data for any other purpose.
We do not disclose your child’s personal information to any third party for targeted advertising or other non-integral purposes. You may consent to our collection and use of your child’s data without consenting to any such third-party disclosure, because we do not make any.
Verifiable parental consent
By creating an account and entering your child’s information, you, as the parent or legal guardian, are providing consent for us to collect and process that data for the purposes listed above. At signup, you are required to confirm that you are 18 years of age or older. If we learn that a child under 13 has used the Platform as a direct user, or that an account was created by someone under 18, we will delete that account and all associated data immediately.
To revoke consent, delete your child’s profile within the app or contact us at hello@heartfulsprout.com. Revocation will result in immediate deletion of your child’s data.
Data retention for children’s data
We retain your child’s personal information only for as long as necessary to fulfill the specific purposes for which it was collected. When you delete a tracking entry or your account, your child’s data is deleted instantly. We do not retain children’s personal information indefinitely.
Parental access, correction, and deletion
As the parent or legal guardian, you have the right to review, correct, export, or delete your child’s personal information at any time through the app. You may also request a full JSON export of your child’s data from within the app. To exercise any of these rights or with any COPPA-related questions, contact us at hello@heartfulsprout.com. We will respond within a reasonable time and at no charge.
Artificial Intelligence and Automated Processing
We use automated algorithms to generate growth percentile results, developmental milestone progress summaries, food introduction recommendations, and other informational insights. These outputs are for your personal reference only. No automated processing produces a decision with legal or similarly significant effects on you or your child.
We may use aggregated, de-identified data to train and improve our AI models. This data cannot identify you or your child. We do not use individually identifiable health data to train AI models without separate explicit consent. To request exclusion from AI training use, contact us at hello@heartfulsprout.com.
Consent and Consent Management
We track your consent separately for each of the following, with versioned timestamps: terms of service, this Privacy Statement, analytics tracking (EU users opted out by default; non-EU opted in by default), push notifications, medical disclaimer, age confirmation (18+), and clinician data sharing (recorded at the time of each connection).
You may withdraw any consent at any time through app settings or by contacting us. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
Medical Disclaimer
Our applications provide tracking tools and general informational guidance based on publicly available sources, including CDC developmental milestones, WHO and CDC growth charts, and standard vaccine schedules. Nothing in the Platform constitutes medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional — including your child’s pediatrician — regarding any health concerns or medical decisions. Do not delay or disregard professional medical advice based on anything you see in this Platform. In the event of a medical emergency, contact your local emergency services immediately.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
The right to access, update, or delete your personal information
The right to rectification
The right to object to processing
The right to data portability
The right to withdraw consent
The right to a full data export in JSON format (available directly within the app)
The right to lodge a complaint with your national data protection supervisory authority. In the EU: https://edpb.europa.eu. In the UK: https://ico.org.uk (ICO).
California residents: the right to know what data is collected, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.
To exercise your rights, please contact us at hello@heartfulsprout.com.
How To Contact Us
Should you have other questions or concerns about these privacy policies, please feel free to contact us at hello@heartfulsprout.com.
Changes to This Privacy Policy
This Statement may change from time to time. We will post any changes to the Statement on this page. You are advised to review this Privacy Policy periodically for changes.