Privacy Policy

Last updated: 14 April 2026

Milkdrop (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and your rights over it. Please read it carefully before using our app or website.

1. Who we are

Milkdrop is a postpartum care application designed to help parents track their baby's feeding, sleep, nappies, medications, and growth. Our service is operated from the United Kingdom.

For privacy enquiries, contact us at privacy@milkdrop.app.

2. Data we collect

Account information

When you create an account we collect your name and email address via our authentication provider, Kinde. We do not store passwords ourselves.

Child and health data

To provide tracking features, you may choose to enter information about your child including:

  • Name, date of birth, and biological sex
  • Birth weight, height, and head circumference
  • Gestational age and feeding method
  • Medical notes
  • Ongoing activity logs — feeding sessions, sleep periods, nappy changes, medication schedules and doses, and growth measurements

This data is sensitive. We only use it to operate the service for you and do not sell or share it for advertising.

Photos

If you attach a photo to a nappy record, the image is uploaded to and stored by Uploadthing. Photos are linked to your account and deleted when you delete the associated record or your account.

Device and notification tokens

If you enable push notifications, we store an Expo push token associated with your device and caregiver profile to deliver activity reminders. You can revoke this at any time by disabling notifications in your device settings or within the app.

Usage analytics

We use PostHog to collect anonymised usage data — page views, feature interactions, and session counts. If you are signed in, events are linked to your account ID (not your name or email) so we can understand how people use the app. We use the EU-hosted PostHog instance. No analytics data is collected in development builds.

Error reports

We use Sentry to capture crash reports and application errors. These may include device type, OS version, and a stack trace. We do not intentionally include personal data in error reports.

Waitlist emails

If you submit your email address on our landing page, we store it solely to notify you when the app is available. We will not send marketing email without your explicit consent.

3. How we use your data

Provide the servicePerform a contract with you
Send activity remindersLegitimate interest / your consent
Improve the app via analyticsLegitimate interest
Diagnose and fix errorsLegitimate interest
Respond to support requestsLegitimate interest
Comply with legal obligationsLegal obligation

4. Third-party services

We share data with the following processors only to the extent necessary to provide the service:

KindeAuthentication and user management
PostHog (EU)Product analytics
SentryError tracking
UploadthingPhoto storage
Expo / FirebasePush notification delivery
Vercel / NeonHosting and database infrastructure

We do not sell your data to any third party.

5. Data retention

We retain your account and child data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law.

Analytics data retained by PostHog is subject to PostHog's own retention policy (currently 7 years for event data on the free plan; you can request deletion via us).

6. Your rights

Under UK GDPR and, where applicable, EU GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Restriction — ask us to limit how we use your data while a complaint is resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@milkdrop.app. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

7. Children's data

Milkdrop is used by adults (parents and caregivers) to log data about infants and children. We do not knowingly collect data directly from children. If you believe a child has directly submitted personal data to us, please contact us and we will delete it promptly.

8. Security

We use industry-standard measures to protect your data including encrypted connections (TLS), access controls, and regular dependency updates. No system is completely secure; if you believe your account has been compromised, contact us immediately.

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, please email privacy@milkdrop.app.