Privacy Policy

Privacy Policy for BubbleMom

Effective Date: [01/01/2025]
Last Updated: [01/04/2025]

Accelerate Partners OÜ ("BubbleMom," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered WhatsApp chatbot service for pregnancy and maternal support.

For a quick overview of key points, see our Privacy Summary at the end of this document.

1. Information We Collect

1.1 Information You Provide

When you interact with BubbleMom, we collect:

  • WhatsApp Phone Number: Required for service delivery
  • Age Verification: To ensure you are 18 or older
  • Pregnancy/Parenting Stage: To personalize content (optional)
  • Health Questions: The queries you submit for informational support
  • Feedback: Any ratings or comments you provide

1.2 Information Collected Automatically

Through WhatsApp and our services, we automatically collect:

  • Usage Data: Interaction timestamps, message frequency
  • Device Information: Device type, operating system (via WhatsApp metadata)
  • Analytics Data: Aggregated usage patterns (via Plausible Analytics)

1.3 Special Category Data

Health Information: Your pregnancy-related questions and maternal health queries constitute "special category data" under GDPR and similar sensitive data under other privacy laws. We process this data only with your explicit consent and implement enhanced protections.

1.4 Data We Do NOT Collect

We do not collect:

  • Medical records or diagnoses
  • Location data
  • Financial information (except payment data via Stripe)
  • Social media profiles
  • Contacts from your phone

2. How We Use Your Information

2.1 Primary Purposes

We use your information to:

  • Provide Service: Deliver AI-powered informational support via WhatsApp
  • Personalize Content: Tailor information to your pregnancy stage
  • Ensure Safety: Verify age and prevent misuse
  • Process Payments: Handle subscriptions for premium tiers
  • Improve Service: Enhance AI responses through anonymized data analysis

2.2 Legal Bases for Processing

We process your data based on:

  • Consent: For health-related data and WhatsApp communications
  • Contract: To provide the services you've requested
  • Legitimate Interests: For service improvement and security
  • Legal Obligations: To comply with applicable laws

2.3 AI Training and Improvement

We use anonymized and aggregated data to improve our AI system:

  • Individual conversations are anonymized after processing
  • No personal identifiers are retained in training data
  • Aggregated patterns help improve response accuracy
  • You can opt-out of contributing to AI improvements

3. Data Retention

3.1 Ephemeral User Data

Active Conversations: We retain your personal data only temporarily to provide continuity in your current conversation. This data is automatically deleted after 30 days of inactivity.

3.2 Anonymized Data

AI Training Data: Conversations are anonymized and aggregated for AI improvement. No personal identifiers are retained.

3.3 Account Data

  • Basic Account Info: Retained while your account is active
  • Payment Records: 7 years for tax compliance
  • Legal Records: As required by law

4. How We Share Your Information

4.1 Service Providers

We share data with trusted service providers who assist our operations:

  • WhatsApp (Meta): For message delivery (end-to-end encrypted)
  • Stripe: For payment processing (PCI DSS compliant)
  • Supabase: For secure data storage
  • Postmark: For transactional emails
  • Plausible Analytics: For privacy-friendly analytics (EU-hosted)
  • N8N: For workflow automation (EU-hosted)

4.2 We Do NOT

  • Sell your personal information
  • Share health data with advertisers
  • Provide data to insurance companies
  • Share data with employers

4.3 Legal Disclosures

We may disclose information if required by law, court order, or to protect rights and safety.

5. International Data Transfers

Your data may be transferred internationally. We ensure appropriate safeguards:

  • EU to Non-EU: Standard Contractual Clauses or adequacy decisions
  • Data Localization: Compliance with local requirements (China, Russia)
  • Encryption: All transfers are encrypted
  • Limited Access: Only authorized personnel with need-to-know

6. Your Privacy Rights

6.1 Universal Rights

Regardless of location, you can:

  • Access: Request a copy of your personal data
  • Correct: Update inaccurate information
  • Delete: Request deletion of your data
  • Opt-out: Unsubscribe from communications

6.2 Regional Rights

European Union (GDPR):

  • Data portability
  • Object to processing
  • Restrict processing
  • Withdraw consent
  • Lodge complaints with supervisory authorities
  • Right to explanation of automated decisions

California (CCPA/CPRA):

  • Know what personal information is collected
  • Know if information is sold/shared (we don't sell data)
  • Opt-out of sale/sharing
  • Non-discrimination for exercising rights
  • Correct inaccurate information
  • Limit use of sensitive information

Canada (PIPEDA):

  • Know why information is collected
  • Expect reasonable security
  • Access information and challenge accuracy
  • Withdraw consent (subject to legal requirements)

Australia (Privacy Act):

  • Anonymity option where practicable
  • Access and correction rights
  • Complaint mechanisms
  • Cross-border disclosure notifications

Other Jurisdictions: We respect privacy rights under PIPL (China), APPI (Japan), and Middle Eastern privacy laws. Contact us for specific information.

6.3 Exercising Your Rights

To exercise any privacy right:

  • Email: [email protected]
  • WhatsApp: Send "PRIVACY RIGHTS" to our chatbot
  • Response time: Within 30 days (or as required by law)

7. Data Security

7.1 Technical Measures

We implement industry-standard security:

  • Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure: Secure cloud hosting with regular security audits
  • Monitoring: 24/7 security monitoring and intrusion detection

7.2 Organizational Measures

  • Employee training on data protection
  • Confidentiality agreements
  • Regular security assessments
  • Incident response procedures

7.3 WhatsApp Security

Your conversations benefit from WhatsApp's end-to-end encryption, meaning only you and BubbleMom can read your messages.

8. Children's Privacy

Age Restriction: BubbleMom is not intended for users under 18. We do not knowingly collect information from children. If we discover a user is under 18, we immediately delete their account and data.

9. Cookies and Tracking

9.1 Limited Tracking

As a WhatsApp-based service, we use minimal tracking:

  • No Cookies: WhatsApp doesn't use browser cookies
  • Analytics: Plausible Analytics (privacy-friendly, no cookies)
  • No Advertising Trackers: We don't use ad networks

9.2 Do Not Track

We respect Do Not Track signals where technically feasible.

10. AI Transparency

10.1 Automated Decision-Making

BubbleMom uses AI to:

  • Generate informational responses
  • Personalize content recommendations
  • Identify potential emergency situations

Human Oversight: AI responses are based on curated medical information sources. No medical decisions are made solely by AI.

10.2 Your Rights Regarding AI

You have the right to:

  • Understand how AI processes your queries
  • Request human review of AI responses
  • Opt-out of certain AI features

11. Third-Party Links

Our service may reference third-party resources. We are not responsible for the privacy practices of external sites. Please review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via WhatsApp or email at least 30 days before they take effect.

13. Contact Information

13.1 Data Controller

Accelerate Partners OÜ
Sepapaja 6
Tallinn 15551
Estonia
Registration: 16845613
VAT: EE102845613

13.2 Contact Channels

13.3 Supervisory Authorities

EU residents may lodge complaints with their local data protection authority. Estonia's authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

14. Privacy Summary

Quick Reference Guide

What We CollectWhy We Collect ItHow Long We Keep It
WhatsApp numberService deliveryWhile account active
Health questionsProvide information30 days (ephemeral)
Usage patternsService improvementAnonymized indefinitely
Payment infoProcess subscriptions7 years (tax compliance)

Key Points:

  • ✅ We provide informational support, NOT medical advice
  • ✅ Your health data is encrypted and protected
  • ✅ We never sell your personal information
  • ✅ You can delete your data anytime
  • ✅ 18+ only service

Your Control:

  • Access your data: Send "MY DATA" via WhatsApp
  • Delete account: Send "DELETE ACCOUNT" via WhatsApp
  • Opt-out: Send "STOP" via WhatsApp

By using BubbleMom, you acknowledge that you have read and understood this Privacy Policy.