FutureDad

General Provisions

This Privacy Policy describes how Bartłomiej Gil Studio ("Controller", "we") processes personal data in connection with the use of the FutureDad mobile application ("App").

The App does not require creating an account or providing directly identifying information such as your name or email address.

Data Controller

Types of Data Collected and Analytics

To operate the App we rely on a small number of third-party service providers acting as data processors on our behalf — PostHog (analytics), RevenueCat (subscriptions), and Firebase / Google LLC (remote configuration). We collect only the following pseudonymous data:

• PostHog (Cloud EU): An automatically generated distinct_id used for app usage analysis.
• RevenueCat: An automatically generated App User ID for managing subscriptions and purchases.
• Technical data: Device model, OS version, app version, language, country, and approximate geographic region (e.g. country level) derived from your IP address.
• IP address handling (per processor):
  • PostHog (Cloud EU): IP capture is disabled at the project level. Your IP address is not stored by PostHog; only the geographic properties derived from it (e.g. country) are kept on the analytics event.
  • Firebase / Google: Your IP is transmitted as part of standard HTTPS requests and is processed by Google according to its own retention policies and Data Processing Terms (see § 7).
  • RevenueCat: Your IP may be processed by RevenueCat for fraud prevention and operational security, in accordance with its privacy policy.
• Interactions (Events): We log events such as screen opens, menu clicks, and onboarding completion.
• Firebase Remote Config (Google LLC): Used to remotely manage app configuration and feature flags. Firebase may collect a Firebase Installation ID (FID) and technical device data (device model, OS version, app version) to deliver the configuration.

Lawful Basis and Purposes of Processing

We process your data for the following purposes and on the following lawful bases under Art. 6(1) GDPR:

• PostHog analytics — Art. 6(1)(a) GDPR (consent). Purpose: analysing how the App is used, identifying usability issues, and improving features and content based on aggregated, pseudonymous behavioural data. We collect this data only after you have given your explicit, optional consent during onboarding. You may withdraw this consent at any time in More → Privacy in the App, without affecting the lawfulness of processing carried out before withdrawal.
• RevenueCat (subscriptions) — Art. 6(1)(b) GDPR (performance of contract). Purpose: providing and managing in-app subscriptions and purchases, restoring purchases across devices, and enforcing access to premium features you have paid for. Processing of the App User ID is necessary to deliver this functionality.
• Firebase Remote Config — Art. 6(1)(f) GDPR (legitimate interest). Purpose: delivering feature configuration and remote feature flags so that the App can be tuned, fixed, or adjusted without requiring a new release. Our legitimate interest is providing a stable, properly configured product to all users.

Special Category Data (Health)

Although the App supports fatherhood planning, the Controller does not collect or process health data within the meaning of Art. 9 GDPR on its servers.

All information regarding specific health habits, supplementation, or plan progress is stored exclusively in your device's memory. Data transmitted to analytics providers is purely technical and behavioral in nature.

Data Storage and Backup

• Local data: Your habit and reminder data resides solely on your device.
• System backups: If you use system backups (e.g. iCloud Backup or Google Cloud Backup), local App data may be included in such a backup and sent to your OS provider's servers. The Controller has no access to this data.
• Retention period (PostHog): Analytics and technical data are retained for the period necessary to analyze the App's development, no longer than the period specified in the service provider's (PostHog) retention policy, which is currently up to 7 years. This data is subject to automatic deletion after this period.
• Retention period (Firebase Installation ID): Firebase Installation IDs (FIDs) rotate automatically — for example when the App is uninstalled, App data is cleared, or periodically by Firebase. Where technically feasible, the Controller may additionally trigger deletion on a documented request. Once deleted, the ID is removed from Google's live and backup systems within 180 days.
• RevenueCat App User ID persistence: Unlike the FID, the RevenueCat App User ID is stored in your device's secure system storage (e.g. iOS Keychain) so that your subscription status can be automatically restored after you reinstall the App. As a result, this identifier and the associated purchase status may persist across App uninstalls. You can request deletion of this data in accordance with the procedure described in § 8.

Data Recipients and Transfers Outside the EEA

• PostHog (data processor): Data is stored exclusively on servers within the European Union (Frankfurt, Germany). More information: PostHog Privacy Policy.
• RevenueCat (data processor): Subscription-related data may be transferred to the USA. We use Standard Contractual Clauses (SCCs). More information: RevenueCat Privacy Policy.
• Firebase / Google LLC (data processor): Configuration data (Firebase Installation ID and technical device data) may be processed at Google data centers globally, including in the USA. Transfers are covered by the EU-U.S. Data Privacy Framework (DPF), to which Google LLC is certified, and — as an additional safeguard — by Standard Contractual Clauses (SCCs). More information: Firebase Privacy Policy.

User Rights and How to Exercise Them

Under the GDPR you have the right to access, rectify, request deletion of, restrict processing of, object to processing of, and port your personal data. You also have the right to withdraw any consent you have given at any time — without affecting the lawfulness of processing carried out before withdrawal.

For maximum privacy, the App does not create personal profiles in analytics systems (we do not use identification functions). Data is collected as dispersed technical logs associated with random pseudonymous identifiers.

How to submit a request

1. Open the App and go to More → Privacy.
2. Copy your RevenueCat App User ID (shown in the "Identifiers" section).
3. Send an e-mail to [email protected] with this identifier and a short description of your request (e.g. access, deletion, objection).

We will confirm receipt within 7 days and complete the request within 30 days from verification of your identifier, in line with Art. 12 GDPR.

What we can and cannot do

• Data we control directly. Upon verified request we can delete your RevenueCat App User ID (and the associated subscription records) and event data associated with identifiers you provide.
• Data held by our processors (e.g. IP addresses processed by Google or RevenueCat for their own operations). These are governed by the processors' own retention policies and DSAR procedures. On request we will forward your case to the relevant processor; you may also contact them directly using the channels listed in their privacy policies (linked in § 7).
• Data we cannot identify. If you do not provide a usable identifier and the data is pseudonymous (e.g. a PostHog distinct_id not linked to any identity), we may not be able to locate the data associated with you. In line with Art. 11 GDPR, the rights in Articles 15–20 GDPR do not apply where the controller is unable to identify the data subject. Such data is still subject to automatic deletion after the retention period specified in § 6.

Supervisory Authority

You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO):

Children's Data and User Age

The App is intended exclusively for persons who are 18 years of age or older. We do not knowingly collect data from minors.

If you are a parent and believe your child is using the App, please contact us: [email protected]