Privacy

finliem is a baby day-planner for families. We store data about children, so this policy is deliberately short, specific, and written from the database schema — not marketing copy. Version 2026-06-13 — the same version your in-app consent refers to.

Who is responsible

finliem is run by a UK-based sole trader. For the purposes of UK and EU data-protection law (GDPR), that operator is the data controller for everything described below, contactable at privacy@finliem.com. The operator's name is available on request.

What we store

• Your account: name, email address, and a password hash (or your Apple/Google identity if you sign in that way).
• Your baby: first name, date of birth, and sex. Nothing else — no surname, no photos, no location. This is a design rule (data minimization), not a current limitation.
• Care events: the naps, feeds, nappies, and plan changes you and your invited carers log. Each event records who logged it and when — that history is the audit trail your household sees in the app.
• Health events you choose to log: temperature readings (and whether they were routine, post-vaccine or illness checks), medicines and doses given, vaccinations, foods offered — including any reaction you note — and growth measurements. This is health data about your child (special-category data under UK GDPR), so we name it here explicitly rather than fold it into "care events", and we only store it with the consent described below.
• Notification tokens: if you turn on notifications, a delivery token for each of your devices, so we can nudge your household's other phones to refresh after a change. The pings are content-free — the token is a delivery address, never your logged data — and it is removed when you sign out, when the device re-registers, or when you delete your account.
• Optional integrations you configure: calendar subscription URLs and a Home Assistant token, if you add them. They are used only to read your calendar / room sensors, are never logged, and are excluded from data exports.

Why we have it

• Account, baby, care events, and notification tokens: processed to provide the service you signed up for (contract) — including the content-free pings that keep every carer's phone in sync. A baby's data is added and controlled by their parent or guardian — finliem is offered to adults, never directly to children.
• Health events: processed only with the explicit consent you give when you add a baby (UK GDPR Article 9(2)(a)) — health data sets a higher legal bar than "needed for the service", so we ask for it separately and record the consent (with this policy's version) in the same append-only history as everything else. We use health events for exactly one thing: showing them back to your household and planning your day. Never for profiling beyond that, never shared. Withdraw consent at any time by deleting the baby (or your account) — see "Your rights".
• First-party telemetry: our legitimate interest in keeping the app reliable. It contains event names only and has an off switch in Settings.
• Optional integrations: processed only because you configured them; remove them in Settings at any time.

Providing your account details and your baby's basics is necessary to use finliem — without them the app can't work. Logging health events is optional: leave the consent off and everything else still works.

What we deliberately don't do

• No third-party analytics, advertising, or tracking SDKs — ever. Usage telemetry is first-party, contains event names only (never what you logged), and has an off switch in Settings. You can read back every event we've recorded about your usage in Settings → What we measure — there is no hidden layer.
• No selling, sharing, or "partners". Your family's data is visible to the carers you invite — and, only if you switch it on, to the person who runs the service (see "Helping tune the planner" below). No one else.
• No payloads or tokens in server logs.
• No automated decisions with legal or significant effects. The planner only suggests a shape for the day from the history you've logged, and shows its working — you decide what to do with it.

Helping tune the planner (optional, off by default)

Each baby's profile has a switch: Help tune the planner. It is off unless a parent turns it on, and nothing about the service changes if you leave it off. When on, the person who operates your finliem deployment can read that baby's log — including the health events described above — to check and improve how the planner works against real days. This access is read-only by construction (they cannot add, change, or delete anything), it exists only through an audited, revocable grant, and their planner-tuning sessions may pass through the AI tools they use. The switch is your consent (UK GDPR Articles 6(1)(a) and 9(2)(a)): turning it on is recorded in your change history with this policy's version, and turning it off withdraws the consent and cuts the access immediately — as easy off as on, with no consequence for saying no.

Where it lives

Data is encrypted in transit (TLS) and at rest, and hosted in the UK/EU. Personal access tokens you create for AI assistants (the MCP connector) are stored as hashes and can be revoked in Settings at any time; an assistant connected with your token sees exactly what your own login sees — no more. You can also mint a read-only token, which can view your data but never change it — the safe way to share a window onto your baby's days. Assistants you connect through the OAuth flow work the same way: you approve exactly what they can access, the connection can be revoked in Settings, and deleting your account deletes its tokens and consent records with it.

Who else processes it

We don't sell your data or share it for marketing. To run the service we rely on a couple of outside providers, acting on our instructions: Cloudflare, which sits in front of finliem as a protective proxy, and Apple's and Google's push networks, which deliver the content-free sync ping (a delivery token only — never your logged data). That ping, and any AI assistant you choose to connect, may be handled outside the UK under those providers' own data-transfer protections; your account and care data otherwise stay in the UK/EU.

How long we keep it

Until you delete it — there is no archive beyond backups. Deleting a baby or your account takes effect immediately in the live database. Encrypted backups rotate on a fixed schedule (14 daily, 8 weekly and 12 monthly snapshots), so deleted data ages out of the last backup within twelve months. Backups exist to recover from disaster; they are never used to resurrect deleted data.

Your rights

• Export: Settings → Privacy & data → Export everything gives you the complete event history as JSON.
• Erasure: deleting a baby, or closing your account, permanently cascade-deletes every event and projection. This is enforced by the database, not a cleanup job. Deleting a baby is also how you withdraw the health-data consent — the data goes with it, immediately.
• Access & rectification: the app itself shows everything we hold about your family; care events can be amended on the timeline and account details edited in Settings.
• Restriction & objection: email privacy@finliem.com and we'll restrict the processing in question while we resolve it.
• Complaints: you can complain to the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority — though we'd appreciate the chance to fix it first.

This website

This website sets no cookies, runs no scripts, and loads nothing from third parties — there is nothing here to consent to, which is why there is no cookie banner. It is served from Cloudflare's CDN, which processes standard request logs (IP address, user agent) to deliver and protect the site.

Contact

Questions or concerns: privacy@finliem.com. To report a security issue, email the same address privately — please don't post it in public.