Privacy Policy

1. WHO WE ARE

maisie is operated by Sinéad Hession, a sole trader based in Ireland, trading as maisie ("maisie", "I", "we", "us", "our"). The maisie mobile application and associated services are available at maisieapp.com.

Data Controller: Sinéad Hession (trading as maisie)
Privacy contact: privacy@maisieapp.com
Business address:2 Northcote Avenue, Dun Laoghaire, A96 HF34

As an individual data controller based in Ireland, maisie is subject to the General Data Protection Regulation (EU GDPR) as implemented in Irish law, and supervised by the Data Protection Commission of Ireland (dataprotection.ie).

2. WHAT DATA WE COLLECT

a) Information you provide directly:

• Your name and email address (required for account creation)
• Your baby's name and date of birth (used to personalise your experience, structure your year, and calculate the Love Bubble retroactive flow — never used to profile or independently identify your child)
• Journal entries: the text and photos you add to maisie each day
• Delivery address (only if you order a Storyboard book — collected at point of order, not during app use)
• Payment information (processed by Apple App Store, Google Play, or Stripe — we never store your card details)

b) Information collected automatically:

• Device identifiers (to manage your subscription entitlement across devices)
• App usage data (features used, session frequency) — used in aggregate to improve the product
• Crash reports and error logs — used to identify and fix technical issues
• Push notification interaction data (opened / dismissed) — used to improve notification timing

c) Information from your camera roll (only with your explicit permission):

When you grant photo library access, maisie can surface photos from your camera roll to assist with daily prompt generation. We access your photo library only when you are actively using the app. We do not upload your entire camera roll. Only photos you explicitly select and attach to an entry are stored on our servers.

3. HOW WE USE YOUR DATA

We use your data to:

• Provide, operate, and personalise the maisie app and its features
• Generate personalised daily prompts and affirmation responses (using anonymised entry content via our AI provider — see Section 5)
• Send you push notifications about your daily capture (you can disable these at any time in your device Settings → Notifications → maisie)
• Process and manage your subscription
• Compile your Storyboard book when you place an order
• Improve the app through aggregated, anonymised usage analytics
• Respond to support and data requests

We do not use your data for advertising. We do not sell your data to third parties. We do not profile you for marketing purposes.

4. LEGAL BASIS FOR PROCESSING (GDPR)

We process your data on the following legal bases:

• Contract performance: processing necessary to provide the app and subscription you have signed up for (Article 6(1)(b) GDPR)
• Consent: camera roll access, push notifications (Article 6(1)(a) GDPR — you can withdraw consent at any time)
• Legitimate interests: anonymised analytics to improve the product, crash logging for stability (Article 6(1)(f) GDPR)
• Legal obligation: retaining transaction records in compliance with Irish tax law obligations (Article 6(1)(c) GDPR)

5. THIRD PARTIES WE WORK WITH

We share limited data with the following trusted third-party processors, each bound by a data processing agreement:

• Firebase (Google Ireland Ltd): backend infrastructure, user authentication, and encrypted data storage. Data is stored within the EU/EEA. Google's privacy policy: policies.google.com/privacy
• RevenueCat Inc.: subscription management and entitlement logic. Receives anonymised device identifiers and purchase event data. RevenueCat's privacy policy: revenuecat.com/privacy
• Stripe Payments Europe Ltd: web payment processing. Processes payment data on our behalf. Stripe is PCI-DSS Level 1 compliant. Stripe's privacy policy: stripe.com/ie/privacy
• Apple Inc. / Google LLC: in-app purchase processing via the App Store and Google Play. Governed by Apple's and Google's own privacy policies respectively.
• Anthropic PBC: AI-assisted prompt and affirmation generation. Processes anonymised entry context under a data processing agreement. No personally identifiable information (name, email, baby's name) is transmitted to the AI layer. Anthropic's privacy policy: anthropic.com/privacy
• Mixpanel Inc.: anonymised product analytics. We send event data only — no names, emails, or entry content. Mixpanel's privacy policy: mixpanel.com/legal/privacy-policy
• Print partner (Momento / Artifact Uprising / TBC): when you place a Storyboard book order, your delivery name, address, and selected photos and entries are shared with our print partner solely to fulfil your order. This data is not retained by the print partner beyond order fulfilment.

6. DATA RETENTION

• Account data and journal entries: retained for as long as your account is active, plus 30 days following deletion to allow for recovery requests.
• Storyboard book orders: order and delivery data retained for 7 years for Irish tax compliance.
• Anonymised analytics data: retained for up to 24 months.
• Crash logs: retained for 90 days.

You can request full deletion of your account and all associated data at any time via Settings → Delete my account within the app, or by emailing privacy@maisieapp.com. We will action deletion requests within 30 days.

7. YOUR RIGHTS UNDER GDPR

As a data subject, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: ask us to correct inaccurate data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: ask us to limit how we process your data in certain circumstances
• Portability: receive your personal data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@maisieapp.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission of Ireland at dataprotection.ie.

8. INTERNATIONAL TRANSFERS

Some of our third-party processors (Anthropic, Mixpanel, RevenueCat, Stripe) are based in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the EU–US Data Privacy Framework where applicable.

9. CHILDREN'S PRIVACY

maisie is designed for mothers and adults aged 16 and over. The app is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data without parental consent, please contact us immediately at privacy@maisieapp.com and we will delete it promptly.

Note on baby data: maisie allows mothers to enter their baby's name and date of birth to personalise their experience. This information is associated with the mother's account, is never independently profiled, and is deleted along with the account upon request.

10. DATA SECURITY

We take appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit (HTTPS/TLS 1.2+) and at rest
• Access controls restricting personal data access to authorised personnel only
• Regular review of our security practices and third-party processor agreements
• Firebase Security Rules restricting database access to authenticated users only

No method of electronic storage is 100% secure. If you become aware of any security concern related to maisie, contact us immediately at privacy@maisieapp.com.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email. The "Last updated" date at the top of this document shows when it was last revised. Continued use of maisie after changes are posted constitutes acceptance of the updated policy.

12. CONTACT

For privacy questions, data access requests, or complaints: