maisie is a daily journalling and gratitude practice app. It is not a medical device, mental health service, or substitute for professional support. If you are experiencing symptoms of postnatal depression, anxiety, or any mental health condition, please contact your GP, midwife, or a qualified mental health professional. In an emergency, contact emergency services on 999 (Ireland) or 999/112 (UK).
✦ who we are

1. Who We Are

maisie is operated by Sinéad Hession, a sole trader based in Ireland, trading as maisie (“maisie”, “I”, “we”, “us”, “our”). The maisie mobile application and associated services are available at maisieapp.com.

Data Controller: Sinéad Hession (trading as maisie)
Privacy contact: privacy@maisieapp.com
Business address: [TO BE ADDED]

As an individual data controller based in Ireland, maisie is subject to the General Data Protection Regulation (EU GDPR) as implemented in Irish law, and supervised by the Data Protection Commission of Ireland (dataprotection.ie).

✦ what we collect

2. What Data We Collect

a) Information you provide directly

  • Your name and email address (required for account creation)
  • Your baby’s name and date of birth (used to personalise your experience, structure your year, and calculate the Love Bubble retroactive flow — never used to profile or independently identify your child)
  • Journal entries: the text and photos you add to maisie each day
  • Delivery address (only if you order a Storyboard book — collected at point of order, not during general app use)
  • Payment information (processed by Apple App Store, Google Play, or Stripe — we never store your card details)

b) Information collected automatically

  • Device identifiers (to manage your subscription entitlement across devices)
  • App usage data (features used, session frequency) — used in aggregate to improve the product
  • Crash reports and error logs — used to identify and fix technical issues
  • Push notification interaction data (opened / dismissed) — used to improve notification timing

c) Information from your camera roll (only with your explicit permission)

When you grant photo library access, maisie can surface photos from your camera roll to assist with daily prompt generation. We access your photo library only when you are actively using the app. We do not upload your entire camera roll. Only photos you explicitly select and attach to an entry are stored on our servers.

✦ how we use it

3. How We Use Your Data

We use your data to:

  • Provide, operate, and personalise the maisie app and its features
  • Generate personalised daily prompts and affirmation responses (using anonymised entry content via our AI provider — see Section 5)
  • Send you push notifications about your daily capture (you can disable these at any time in your device Settings → Notifications → maisie)
  • Process and manage your subscription
  • Compile your Storyboard book when you place an order
  • Improve the app through aggregated, anonymised usage analytics
  • Respond to support and data requests

We do not use your data for advertising. We do not sell your data to third parties. We do not profile you for marketing purposes.

✦ our legal basis

4. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

  • Contract performance: processing necessary to provide the app and subscription you have signed up for (Article 6(1)(b) GDPR)
  • Consent: camera roll access, push notifications (Article 6(1)(a) GDPR — you can withdraw consent at any time via your device settings)
  • Legitimate interests: anonymised analytics to improve the product, crash logging for stability, and retaining account data for users who may return after a subscription lapse (Article 6(1)(f) GDPR)
  • Legal obligation: retaining transaction records in compliance with Irish tax law obligations (Article 6(1)(c) GDPR)
✦ third parties

5. Third Parties We Work With

We share limited data with the following trusted third-party processors, each bound by a data processing agreement:

  • Firebase (Google Ireland Ltd): backend infrastructure, user authentication, and encrypted data storage. Data is stored within the EU/EEA. Google’s privacy policy: policies.google.com/privacy
  • RevenueCat Inc.: subscription management and entitlement logic. Receives anonymised device identifiers and purchase event data. RevenueCat’s privacy policy: revenuecat.com/privacy
  • Stripe Payments Europe Ltd: web payment processing. Processes payment data on our behalf. Stripe is PCI-DSS Level 1 compliant. Stripe’s privacy policy: stripe.com/ie/privacy
  • Apple Inc. / Google LLC:in-app purchase processing via the App Store and Google Play. Governed by Apple’s and Google’s own privacy policies respectively.
  • Anthropic PBC:AI-assisted prompt and affirmation generation. Processes anonymised entry content under a data processing agreement. No personally identifiable information (your name, email address, or baby’s name) is transmitted to the AI layer. Anthropic’s privacy policy: anthropic.com/privacy
  • Mixpanel Inc.: anonymised product analytics. We send event data only — no names, emails, or entry content. Mixpanel’s privacy policy: mixpanel.com/legal/privacy-policy
  • [Print partner — Momento / Artifact Uprising / TBC]: when you place a Storyboard book order, your delivery name, address, and selected photos and entries are shared with our print partner solely to fulfil your order. This data is not retained by the print partner beyond order fulfilment.
✦ data retention

6. Data Retention

6.1 Active Accounts

Account data and journal entries are retained for as long as your account exists. If your subscription lapses but your account remains open, your data is kept in full — it will be there if you return.

6.2 Account Deletion

If you delete your account (via Settings → Account → Delete my account, or by emailing privacy@maisieapp.com), all personal data associated with your account — including journal entries, photos, baby details, and device identifiers — will be permanently deleted within 30 days. A 30-day window exists to allow for recovery requests if you change your mind. After that window, deletion is irreversible.

6.3 Storyboard Book Orders

Order and delivery data is retained for 7 years following the transaction date in compliance with Irish tax law, even if your account is subsequently deleted. Only the minimum data necessary for legal compliance is retained beyond the standard account deletion window.

6.4 Anonymised Analytics and Crash Logs

Anonymised analytics data (aggregated, non-identifiable usage events) is retained for up to 24 months. Crash and error logs are retained for 90 days. Because this data cannot be re-linked to you as an individual, it falls outside the scope of GDPR erasure rights.

6.5 Cancellation or Withdrawal Without Account Deletion

Cancelling your subscription — whether during the free trial, within the 14-day cooling-off period, or at any time thereafter — does not automatically delete your account or your personal data. Cancellation is a billing decision. Deletion is a separate action.

Your data is retained until you formally request deletion, for two reasons: so that your entries are waiting for you if you return, and so that your Storyboard book can be ordered at any point during or after your subscription year.

If you do not wish your data to be retained after cancelling, you can request deletion at any time by:

  • · Using the in-app flow: Settings → Account → Delete my account, or
  • · Emailing us at privacy@maisieapp.com

We will action your request within 30 days and confirm in writing what has been deleted and what, if anything, has been retained and why (see Section 6.6).

Your GDPR right to erasure exists independently of your subscription status. You do not need an active subscription to request that your data be deleted.

6.6 Erasure Requests — What We Can and Cannot Delete

When you request erasure of your personal data, we will delete everything we are not legally required to retain. Specifically:

We will delete:

  • · Your journal entries and photos
  • · Your baby’s name and date of birth
  • · Your email address and account credentials
  • · Your device identifiers and notification data
  • · Any personal data held by our analytics provider that can be linked to your account

We will retain (and cannot delete on request):

  • · Transaction records required for Irish tax compliance (retained for 7 years)
  • · Anonymised, non-identifiable analytics data that cannot be re-linked to you

We will confirm in writing what has been deleted and what has been retained, and the legal basis for any retention, within 30 days of your request.

✦ your rights

7. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure:request deletion of your personal data (“right to be forgotten”) — see Section 6.6 for detail on what can and cannot be deleted
  • Restriction: ask us to limit how we process your data in certain circumstances (for example, while a dispute is being resolved)
  • Portability: receive your personal data in a structured, machine-readable format (for example, a copy of your journal entries as a data export)
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on your consent (such as camera roll access or push notifications), you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@maisieapp.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission of Ireland at dataprotection.ie.

✦ international transfers

8. International Transfers

Some of our third-party processors (Anthropic, Mixpanel, RevenueCat, Stripe) are based in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU–US Data Privacy Framework where applicable.

✦ children's privacy

9. Children's Privacy

maisie is designed for mothers and adults aged 16 and over. The app is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data without parental consent, please contact us immediately at privacy@maisieapp.com and we will delete it promptly.

Note on baby data:maisie allows mothers to enter their baby’s name and date of birth to personalise their experience. This information is associated with the mother’s account, is never independently profiled or used to identify the child, and is deleted along with the account upon request.

✦ security

10. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS 1.2+) and at rest in Firebase
  • Access controls restricting personal data access to authorised personnel only
  • Regular review of our security practices and third-party processor agreements
  • Firebase Security Rules restricting database access to authenticated users

No method of electronic storage is 100% secure. If you become aware of any security concern related to maisie, contact us immediately at privacy@maisieapp.com.

✦ changes

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the Service, applicable law, or our data practices. We will notify you of material changes via the app or by email before they take effect. The “Last updated” date at the top of this document shows when it was last revised. Continued use of maisie after changes are posted constitutes acceptance of the updated policy. If you do not agree to material changes, you may delete your account before they take effect.

These Terms should be read alongside our Terms and Conditions, which govern your use of the maisie app and services.
✦ contact us

12. Contact

For privacy questions, data access or erasure requests, or complaints:

Sinéad Hession (trading as maisie)

privacy@maisieapp.com

[Business address — to be added before publishing]

Response time: we aim to acknowledge all privacy requests within 2 working days and resolve them within 30 days.


Supervisory Authority: Data Protection Commission of Ireland

dataprotection.ie · info@dataprotection.ie · +353 (0)761 104 800

If you need support right now:

Want to understand more about the first year?

Read: what nobody tells you →