Skip to content

BabyCalm Privacy Policy

Effective Date: 5 June 2026
Last Updated: 12 June 2026

1. Introduction

BabyCalm (“BabyCalm”, “we”, “us”, or “our”) is a mobile application owned and operated by BabyCalm Pte. Ltd., a company incorporated in Singapore (UEN: 202610996Z).

This Privacy Policy (“Policy”) describes how we collect, use, disclose, store, transfer, and otherwise process personal data when you (the “User”, “you”, or “your”) access or use the BabyCalm mobile application and any related services (collectively, the “Service”).

By creating an account, accessing, or using the Service, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree with this Policy, you must not access or use the Service.

This Policy is governed by and construed in accordance with the laws of Singapore and is intended to comply with the Personal Data Protection Act 2012 of Singapore (“PDPA”). Where applicable, additional protections under the laws of Indonesia (Undang-Undang Pelindungan Data Pribadi No. 27 of 2022, “UU PDP”) and Malaysia (Personal Data Protection Act 2010, as amended in 2024, “Malaysian PDPA”) shall apply, as set out in Section 14 (Jurisdiction-Specific Provisions).

2. Definitions

In this Policy, unless the context otherwise requires:

2.1 “Personal Data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.

2.2 “Baby Profile Data” means data relating to a baby or child created and managed by a User, including (without limitation) name, date of birth, gender, growth measurements, feeding records, sleep records, health records, and other tracking data.

2.3 “Caregiver” means an individual invited by an Account Owner to access and contribute to a specific Baby Profile.

2.4 “Account Owner” means the User who creates a Baby Profile and holds primary administrative rights over it.

2.5 “Service Provider” means a third-party data processor engaged by us to perform services on our behalf in connection with the Service.

2.6 “Activity Logs” means the categories of log records described in Section 3.1(c).

2.7 “Premium Subscription” and “Baby Profile” have the meanings given to them in our Terms of Service.

3. Personal Data We Collect

3.1 Information You Provide Directly

When you use the Service, we collect the following categories of Personal Data that you voluntarily provide:

(a) Account Information

  • Email address
  • Password (stored as a salted cryptographic hash; we never have access to your plaintext password)
  • Display name (the name by which you wish to be addressed within the Service)

(b) Baby Profile Data

  • Baby’s name and display name
  • Date of birth
  • Gender

(c) Activity Logs

  • Feeding logs (timing, duration, type, amount, milk source, notes)
  • Diaper logs (timing, type, colour, notes)
  • Sleep logs (start time, end time, duration, notes)
  • Temperature logs (timing, value, notes)
  • Vaccination logs (date administered, vaccine name, dose number, clinic name, notes)
  • Growth logs (weight, height, head circumference, timing, notes)
  • Pumping logs (timing, duration, side, amount, notes)
  • Solid food logs (timing, foods consumed, allergens, reactions, notes)
  • Medicine logs (timing, medicine name, amount, unit, adverse-reaction flags, notes) and the medicine list entries you create (medicine name, default amount, unit, and reminder preferences)
  • Custom milk types and favourite foods you create

(d) Caregiver and Sharing Information

  • Email addresses of Caregivers you invite
  • Permission tier assigned to each Caregiver (View Only, Log Only, or Full Access)
  • Display names you assign to other Users’ babies (where you are an invited Caregiver)

(e) Communications and Feedback

  • Messages you send to “Auntie Calm” (our AI assistant feature, where applicable)
  • Feedback messages you submit through the Service
  • Optional email address provided with feedback submissions

3.2 Information Collected Automatically

When you use the Service, we and our Service Providers automatically collect the following:

(a) Device and Technical Information

  • Device model, operating system version, application version
  • Device language and locale settings
  • Push notification token (Firebase Cloud Messaging registration token), where you have enabled push notifications
  • Crash reports and diagnostic data (without personally identifiable information)

(b) Usage Information

  • Anonymised event data describing your interactions with the Service (such as paywall views, trial starts, subscription restorations, tab navigation events, and feature usage)
  • Aggregated usage metrics for the purpose of improving the Service

(c) Subscription and Transaction Information

  • Subscription status and entitlements (managed via RevenueCat and Apple App Store / Google Play)
  • Transaction identifiers and purchase history (we do not receive or store your payment card details, which are managed exclusively by Apple Inc. or Google LLC)

3.3 Information We Do NOT Collect

We do not collect:

  • Your precise or approximate geographic location
  • Photographs, videos, audio recordings, or media files
  • Contents of your device’s contacts, calendar, or other applications
  • Data from Apple Health, Google Health Connect, or any other health platform
  • Biometric identifiers (such as facial geometry, fingerprints, or voiceprints)
  • Browsing history outside of the Service

3.4.1 You acknowledge that certain Baby Profile Data — specifically, vaccination logs, temperature logs, growth measurements (weight, height, head circumference), medicine logs (including adverse-reaction records), and solid-food allergen records — may be classified as “specific personal data” under the UU PDP (Indonesia), as “sensitive personal data” under the Malaysian PDPA, or as health-related data under the PDPA Healthcare Sector Advisory Guidelines (Singapore).

3.4.2 By creating and storing such logs through the Service, you provide explicit, separate consent to our processing of such data for the purposes set out in Section 4. This consent is in addition to, and separate from, your general consent to this Policy.

3.4.3 You may withdraw consent for any such category at any time by: (a) ceasing to record the relevant category of logs; (b) deleting the relevant logs through the Service; or (c) contacting our Data Protection Officer using the details in Section 15.

3.4.4 The Service is not intended for medical diagnosis, treatment, or prevention. The collection of such information is for personal record-keeping and informational purposes only. Refer to our Terms of Service for the full medical disclaimer.

3.4.5 Where you choose to use our AI chat feature (Auntie Calm), aggregated metrics derived from certain health-related Baby Profile Data described in this Section 3.4 — namely temperature summaries, vaccination counts, and age-appropriate feeding reference ranges derived in part from the baby’s most recent weight measurement — are transmitted to our AI provider as described in Section 7.5. Medicine logs, solid-food allergen records, and the growth measurement values themselves (weight, height, and head circumference) are not transmitted to the AI provider. Such transmission is carried out on the basis of the explicit consent described in Section 3.4.2 and Section 5.1.

4. Purposes for Which We Collect Personal Data

We collect, use, and disclose your Personal Data for the following purposes:

4.1 Service Provision: To create and maintain your account, store and synchronise your Baby Profile Data and Activity Logs across your devices, and provide the core functionality of the Service.

4.2 Caregiver Sharing: To facilitate the invitation, acceptance, and management of Caregivers for shared Baby Profiles.

4.3 AI Chat Feature: To generate “Auntie Calm” chat responses through our AI provider, where you have chosen to use the chat feature. The information sent to the AI provider is described in Section 7.5. Our “Daily Check” and “Weekly Insights” features are generated entirely on your device and do not transmit any data to the AI provider.

4.4 Subscription Management: To process subscription purchases, manage trial periods, restore purchases across devices, and handle billing inquiries through Apple App Store, Google Play, and RevenueCat.

4.5 Communications: To send you transactional notifications (such as Caregiver invite notifications and weekly insight reminders), and, where you have opted in, marketing communications about new features and promotions.

4.6 Service Improvement: To analyse usage patterns, diagnose errors, and improve the performance, reliability, and quality of the Service.

4.7 Legal Compliance: To comply with applicable laws, regulatory obligations, court orders, or lawful requests from public authorities.

4.8 Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraudulent activity, and breaches of our Terms of Service.

Where required under applicable law (including the UU PDP in Indonesia), we rely on the following legal bases for processing your Personal Data:

5.1 Consent: Where you have given us consent to process your Personal Data for one or more specified purposes (for example, when you opt in to receive marketing communications, or when, by initiating a chat with the Auntie Calm AI feature, you consent to the processing described in Section 7.5).

5.2 Performance of a Contract: Where the processing is necessary for the performance of our Terms of Service with you, including the provision of the Service.

5.3 Legal Obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject.

5.4 Legitimate Interests: Where the processing is necessary for our legitimate interests (or those of a third party), provided that such interests are not overridden by your interests, rights, or freedoms. Our legitimate interests include providing, maintaining, and improving the Service, ensuring security, and preventing fraud.

You may withdraw your consent at any time, subject to Section 9 (Your Rights).

6. Disclosure and Sharing of Personal Data

We do not sell, rent, or trade your Personal Data to any third party for monetary or other valuable consideration.

We may disclose your Personal Data only in the following limited circumstances:

6.1 Service Providers

We engage trusted Service Providers to perform specific functions on our behalf. These Service Providers are bound by contractual obligations to process your Personal Data only as instructed by us and to maintain appropriate security measures. The Service Providers we engage are listed in Section 7.

6.2 Caregivers You Authorise

When you invite a Caregiver to access a Baby Profile, the Caregiver will have access to the Baby Profile Data and Activity Logs associated with that profile, in accordance with the permission tier you assign. You may revoke a Caregiver’s access at any time through the Service.

6.2A Personal Data of Invited Caregivers

6.2A.1 When you, as an Account Owner, send an invitation to another individual to join the Service as a Caregiver, you will be required to provide that individual’s email address.

6.2A.2 By submitting a Caregiver’s email address through the Service, you represent and warrant that you have obtained that individual’s prior consent (whether verbally, in writing, or through equivalent means) to share their email with us for the purpose of receiving the invitation.

6.2A.3 We process the invited Caregiver’s email address on the basis of (a) your representation under Section 6.2A.2 and (b) our legitimate interest in facilitating authorised sharing of Baby Profiles, balanced against the limited and time-bound nature of such processing.

6.2A.4 The invited Caregiver’s email address will be retained only as set out in the retention schedule in Section 8.2. If the invitation is not accepted, the Caregiver’s email address will be deleted within ninety (90) days of the date of issue.

6.2A.5 An invited Caregiver may, at any time, request the deletion of their email address from our records by contacting our Data Protection Officer using the details in Section 15.

6.2B.1 In addition to email invitations, the Service allows an Account Owner to generate an anonymous shareable link that grants access to a Baby Profile at a permission tier the Account Owner selects. Unlike an email invitation, a shareable link is not addressed to a specific recipient, and you are not required to provide any other individual’s email address to create one.

6.2B.2 You are responsible for sharing such links only with individuals you intend to authorise as Caregivers. Any person who opens a valid, unexpired link and accepts it may gain access to the relevant Baby Profile at the permission tier you selected, subject to any usage or expiry limits configured for that link. You may revoke an active link at any time through the Service.

We may disclose your Personal Data to law enforcement, regulatory authorities, or other public authorities where: (a) required by applicable law, regulation, court order, or legal process; (b) necessary to protect our rights, property, or safety, or those of our Users or the public; or (c) necessary to investigate, prevent, or take action regarding suspected or actual illegal activity, fraud, or violations of our Terms of Service.

6.4 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of all or substantially all of our assets, or bankruptcy, your Personal Data may be transferred to the successor entity, subject to the protections of this Policy.

We may disclose your Personal Data to other parties where you have given us explicit consent to do so.

7. Service Providers and Cross-Border Data Transfers

The Service is built on infrastructure provided by the following Service Providers, each of which may process your Personal Data outside of Singapore, Indonesia, or Malaysia:

7.1 Supabase

Purpose: Backend database, user authentication, and real-time data synchronisation. Data Processed: Account Information, Baby Profile Data, Activity Logs, Caregiver and Sharing Information, Auntie Calm chat history, feedback submissions, push notification tokens. Processor: Supabase, Inc. Location of Processing: Asia-Pacific (Singapore). Privacy Policy: https://supabase.com/privacy

7.2 RevenueCat

Purpose: Subscription management and entitlement verification. Data Processed: Anonymous user identifier, subscription status, transaction identifiers. Processor: RevenueCat, Inc. Location of Processing: United States. Privacy Policy: https://www.revenuecat.com/privacy

7.3 PostHog

Purpose: Product analytics and event tracking. Data Processed: Anonymised event names and properties (such as paywall views and feature usage). No Baby Profile Data or Activity Logs are sent to PostHog. Processor: PostHog Inc. Location of Processing: United States (US Cloud). Privacy Policy: https://posthog.com/privacy

7.4 Sentry

Purpose: Error tracking and crash diagnostics. Data Processed: Stack traces, device information, application version. We have configured Sentry to not send personally identifiable information by default (the sendDefaultPii setting is disabled). Processor: Functional Software, Inc. (d/b/a Sentry). Location of Processing: United States. Privacy Policy: https://sentry.io/privacy/

7.5 Firebase (Google LLC)

Purpose: (a) Push notification delivery via Firebase Cloud Messaging; (b) the “Auntie Calm” AI chat feature via Firebase AI Logic (Gemini). Data Processed:

  • For push notifications: device token, message content (such as Caregiver invite notifications).
  • For the AI chat feature (Auntie Calm): when you send a chat message, the following are transmitted for each Baby Profile linked to your Account (including profiles shared with you by other Users), regardless of which baby the conversation concerns: the baby’s display name (the nickname you have set for the baby, or the baby’s name where no nickname has been set), the baby’s gender, and the baby’s age, together with aggregated metrics derived from that baby’s Activity Logs. These metrics include, without limitation: counts of feeding (including a breakdown by feed type and total bottle volumes), diapering (including a breakdown by diaper type), and sleep (including total durations); temperature summaries (including minimum, maximum, and average values and counts of elevated readings); vaccination counts; age-appropriate feeding reference ranges derived in part from the baby’s most recent weight measurement; and a comparison against the previous week. Your most recent chat messages (up to the most recent thirty (30) messages) are also sent with each request to enable conversational continuity. For conversations that exceed this window, earlier messages are transmitted to the AI provider in order to generate a condensed conversation summary, and that summary is included with subsequent requests; the first messages of a conversation are also used to generate a conversation title. We do not send the free-text notes attached to your logs, exact event timestamps, medicine logs, solid-food allergen records, or any Caregiver identifiers to the AI provider. Our “Daily Check” and “Weekly Insights” features are generated entirely on your device and send no data to the AI provider. Processor: Google LLC. Location of Processing: Multi-regional, on Google’s global infrastructure. Privacy Policy: https://policies.google.com/privacy

7.6 Resend

Purpose: Delivery of Caregiver invitation emails. Data Processed: The invited Caregiver’s email address, your display name (or, where no display name is set, your email address), the baby’s name, the assigned permission tier, and any personal message you include in the invitation. Processor: Plus Five Five, Inc. (d/b/a Resend). Location of Processing: United States. Privacy Policy: https://resend.com/legal/privacy-policy

7.7 Apple Inc. and Google LLC (Independent Payment Controllers)

Purpose: Processing of subscription payments via the Apple App Store (iOS) and Google Play Store (Android). Data Processed: Payment card details, billing address, and transaction information are collected and processed exclusively by Apple Inc. or Google LLC. We do not receive or store your payment card details. Status: Apple Inc. and Google LLC act as independent data controllers in respect of payment data and are not Service Providers acting on our behalf. Their processing is subject to their own privacy policies and is governed by your separate agreement with each of them. Privacy Policies: https://www.apple.com/legal/privacy/ and https://policies.google.com/privacy

7.8 Cross-Border Transfer Safeguards

Where Personal Data is transferred outside of your jurisdiction of residence (Singapore, Indonesia, or Malaysia), we ensure that:

(a) The recipient is contractually bound to provide a standard of protection comparable to that required under the applicable local data protection law; (b) Where applicable, Standard Contractual Clauses or equivalent safeguards are in place; and (c) The recipient has implemented appropriate technical and organisational security measures.

8. Data Retention

8.1 We retain your Personal Data for as long as is necessary to fulfil the purposes set out in this Policy, or for such longer period as may be required by applicable law. Our retention schedule by data category is set out below.

8.2 Retention schedule by category.

Data categoryRetention period
Account Information (email, password hash, owner name)For the life of your Account, plus thirty (30) days after Account deletion
Baby Profile Data (names, dates of birth, gender)For the life of your Account, plus thirty (30) days after Account deletion or Baby Profile deletion
Activity Logs (feeds, diapers, sleep, temperature, vaccinations, growth, pumping, solid foods, medicines)For the life of your Account, plus thirty (30) days after Account deletion or Baby Profile deletion
Caregiver invitations (pending)Until accepted, declined, revoked, or ninety (90) days from the date of issue, whichever is earlier
Caregiver records (accepted)For the life of the underlying Baby Profile
Push notification tokensUntil invalidated by the platform (Apple / Google) or until you disable notifications, whichever is earlier
Subscription and transaction recordsSeven (7) years from the date of the relevant transaction, in accordance with applicable tax and accounting law
Feedback submissionsTwo (2) years from the date of submission
Crash reports and diagnostic dataNinety (90) days from receipt
Analytics events (anonymised)Twenty-four (24) months from the date of the event
Sync queue and operational logsNinety (90) days from generation
Disaster-recovery backups (de-identified)Up to ninety (90) days from creation, then securely destroyed
Anonymised aggregate data (which cannot identify you)Indefinitely, for analytical and research purposes

8.3 Local device data. Some Personal Data is stored locally on your device (in the Service’s database and in device preferences). This data is removed when you uninstall the Service (except for a small amount of preference data held in the device’s secure storage, which your device’s operating system may retain after uninstallation), or when you use the “Delete all my data” or account-deletion functions in the Service settings. Signing out of your Account ends your session but does not, by itself, delete the data stored locally on that device; the data is retained on the device so that it remains available when you next sign in.

8.4 Legal hold. Notwithstanding the periods set out above, we may retain Personal Data for longer where: (a) required by law, regulation, or court order; (b) necessary to defend or pursue legal claims; or (c) necessary to investigate suspected fraud, security incidents, or violations of our Terms of Service.

9. Your Rights

Subject to applicable law, you have the following rights in relation to your Personal Data:

9.1 Right of Access

You have the right to request confirmation of whether we are processing your Personal Data and, if so, to obtain a copy of such data.

9.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete Personal Data we hold about you. Most account information and Baby Profile Data can be corrected directly through the Service.

9.3 Right to Deletion

You have the right to request the deletion of your Personal Data, subject to limited exceptions (for example, where retention is required by law). You may delete your account at any time through the Service settings.

Where we process your Personal Data on the basis of your consent, you have the right to withdraw such consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

9.5 Right to Data Portability

You have the right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format. The Service provides an “Export Data” feature, available to all Users at no charge, that enables you to export feeding, diaper, and temperature logs in PDF or CSV format, and vaccination logs in PDF format. For a Baby Profile shared with you by another User, in-app export is available when that User has granted you Full Access. You may also request a copy of your Personal Data — including categories not covered by the in-app export — at no charge by contacting our Data Protection Officer using the details in Section 15.

9.6 Right to Object

You have the right to object to the processing of your Personal Data on grounds relating to your particular situation, where the processing is based on our legitimate interests.

9.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. See Section 14 for details of the supervisory authorities in Singapore, Indonesia, and Malaysia.

9.8 Exercising Your Rights

9.8.1 To exercise any of the rights set out above, please contact our Data Protection Officer using the details in Section 15. We may require you to verify your identity before processing your request.

9.8.2 Response timelines. (a) Correction requests will be acted upon as soon as reasonably possible. Where we have disclosed the relevant Personal Data to a third party in the twelve (12) months preceding the correction request, we will, where reasonably practicable, notify that third party of the correction. (b) All other requests will be substantively responded to within thirty (30) calendar days, or such shorter period as may be required by applicable law in your jurisdiction. Where a request is complex or where multiple requests are received from the same individual, we may extend this period by up to a further sixty (60) days, with notice to you of the extension and the reasons for it.

9.8.3 We will not charge a fee for processing your request, unless the request is manifestly unfounded, repetitive, or excessive, in which case a reasonable fee may apply or we may refuse the request.

10. Personal Data Concerning Children

10.1 Adult Users only. The Service is intended exclusively for use by adults aged eighteen (18) years or older (or the age of majority in your jurisdiction, if higher) who are parents, legal guardians, or authorised caregivers of a child.

10.2 The Service collects data about children, from adults. Baby Profile Data is created and submitted by an adult User using the Service. The Service does not solicit, knowingly receive, or process Personal Data submitted directly by a child. The data subject for purposes of consent and processing is the adult User who creates the Baby Profile.

10.3 Your responsibilities as a parent, legal guardian, or authorised caregiver. By creating a Baby Profile, you represent and warrant that: (a) you are the parent, legal guardian, or otherwise legally authorised to act in respect of the child; (b) you have the legal authority to provide the Baby Profile Data and to grant the consents set out in this Policy in respect of that data; and (c) you will manage Caregiver access rights for that Baby Profile in accordance with applicable law and any custodial arrangements that apply to the child.

11. Security

11.1 We implement appropriate technical and organisational measures designed to protect your Personal Data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

(a) Encryption of data in transit using Transport Layer Security (TLS); (b) Encryption of authentication credentials (passwords are stored as salted cryptographic hashes); (c) Row-level security policies on our backend database to enforce access controls; (d) Regular review of access logs and security configurations; and (e) Restricted internal access to Personal Data on a need-to-know basis.

11.2 Despite these measures, no method of electronic transmission or storage is one hundred per cent (100%) secure. While we strive to protect your Personal Data, we cannot guarantee absolute security.

11.3 Breach notification. Where a personal data breach has occurred that is of a significant scale or is likely to result in significant harm to affected individuals, we will notify: (a) the Personal Data Protection Commission of Singapore within three (3) calendar days of becoming aware of the breach, in accordance with Part VIA of the PDPA; (b) the Indonesian supervisory authority within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 46 of the UU PDP; (c) the Personal Data Protection Department of Malaysia within seventy-two (72) hours of becoming aware of the breach, in accordance with Section 12B of the Malaysian PDPA (as amended in 2024); and (d) affected Users as soon as practicable, by email to the address associated with each affected Account or by an in-app notice, where it is reasonably necessary to do so to enable affected Users to take steps to mitigate the harm.

11.4 We will not notify affected Users where the relevant data protection authority directs us not to do so, or where notification is not required under applicable law.

12. Cookies and Tracking Technologies

The Service is a native mobile application and does not use cookies. The analytics events described in Section 3.2(b) are collected through software development kits embedded in the application, not through cookies or web tracking technologies. Please refer to Section 7 for details of the analytics Service Providers we engage.

13. Marketing and Promotional Communications

13.1 We may send you marketing communications about new features, promotions, or other updates only where you have explicitly opted in to receive such communications.

13.2 You may opt out of marketing communications at any time by: (a) Following the unsubscribe instructions included in any marketing email; or (b) Contacting us using the details in Section 15.

13.3 Even if you opt out of marketing communications, we will continue to send you transactional and service-related communications that are necessary for the operation of the Service.

14. Jurisdiction-Specific Provisions

14.1 Singapore (PDPA)

For Users resident in Singapore:

(a) The Service is operated in compliance with the Personal Data Protection Act 2012 of Singapore. (b) Our Data Protection Officer can be contacted at the details in Section 15. (c) You may lodge a complaint with the Personal Data Protection Commission of Singapore at https://www.pdpc.gov.sg. (d) Withdrawal of consent may, in some cases, prevent us from continuing to provide the Service to you. We will inform you of any such consequences before processing your withdrawal request.

14.2 Indonesia (UU PDP)

For Users resident in Indonesia:

(a) The Service is operated in compliance with Law No. 27 of 2022 on Personal Data Protection (Undang-Undang Pelindungan Data Pribadi, “UU PDP”). (b) For the purposes of the UU PDP, BabyCalm Pte. Ltd. is the Data Controller (Pengendali Data Pribadi) in respect of your Personal Data. (c) We have designated a Data Protection Officer in accordance with Article 53 of the UU PDP, contactable at the details set out in Section 15. (d) Where required by Articles 51–52 of the UU PDP, we will appoint a representative within the Republic of Indonesia and publish that representative’s contact details. Until that appointment, you may direct any UU PDP enquiries to our Data Protection Officer. (e) The lawful bases on which we rely for processing your Personal Data are set out in Section 5. For “specific personal data” (including health-related Baby Profile Data described in Section 3.4), we rely on your explicit consent. (f) You have additional rights under the UU PDP, including the right to delay or limit the processing of your Personal Data, the right to delete or destroy your Personal Data, and the right to seek compensation in accordance with Article 12 of the UU PDP. (g) You may lodge a complaint with the Indonesian Personal Data Protection Authority once established, or, pending its establishment, with the Ministry of Communication and Digital Affairs of the Republic of Indonesia (Kementerian Komunikasi dan Digital Republik Indonesia). (h) Cross-border transfers of your Personal Data are made in accordance with Article 56 of the UU PDP, including (where applicable) by ensuring that the recipient jurisdiction provides equivalent or higher protection, by obtaining your explicit consent, or by relying on standard contractual clauses or other lawful safeguards.

14.3 Malaysia (Malaysian PDPA)

For Users resident in Malaysia:

(a) The Service is operated in compliance with the Personal Data Protection Act 2010 (as amended in 2024) of Malaysia. (b) We have designated a Data Protection Officer, who is contactable using the details in Section 15. (c) You have the right of access and the right of correction in respect of your Personal Data, exercisable as set out in Section 9. (d) Where Personal Data we hold about you constitutes “sensitive personal data” under Section 40 of the Malaysian PDPA (including health-related Baby Profile Data described in Section 3.4), we process such data on the basis of your explicit consent. (e) You may lodge a complaint with the Personal Data Protection Department of Malaysia (Jabatan Perlindungan Data Peribadi) at https://www.pdp.gov.my.

14.4 Other Jurisdictions

For Users resident in jurisdictions other than Singapore, Indonesia, or Malaysia: this Policy applies to you to the extent permitted by your local law. The provisions of Singapore law shall apply by default. To the extent that your local law provides additional rights or protections, we will comply with such additional requirements where applicable.

15. Contact and Data Protection Officer

If you have any questions, concerns, or requests in relation to this Policy or the processing of your Personal Data, please contact our Data Protection Officer:

Data Protection Officer
BabyCalm Pte. Ltd.

Email: hello@babycalm.app

16. Changes to This Policy

16.1 We may update this Policy from time to time to reflect changes in our practices, the Service, applicable law, or other factors.

16.2 Where we make material changes, we will notify you through the Service or by email (where you have provided one) at least seven (7) days before the changes take effect. The “Last Updated” date at the top of this Policy will reflect the date of the most recent revision.

16.3 Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

17. Entire Policy and Severability

17.1 This Policy, together with our Terms of Service, constitutes the entire understanding between you and us with respect to the processing of your Personal Data in connection with the Service.

17.2 If any provision of this Policy is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed and the remaining provisions shall continue in full force and effect.

END OF PRIVACY POLICY

Coming soon

BabyCalm is not on the App Store or Google Play just yet — we are putting the finishing touches in place. It will be here very soon.