Privacy Policy

Last updated: March 26, 2026

Who We Are

Milkie is a mobile application designed to support breastfeeding and early parenthood. The data controller is Alex Music, an individual developer operating under the Apple Developer Program. We take your privacy seriously and are committed to protecting the personal data you share with us.

Contact: privacy@milkie.app

This policy explains how we collect, use, store, and protect your personal data. We apply strong privacy protections to all users regardless of location. Where applicable, we comply with the California Consumer Privacy Act (CCPA/CPRA), and we will adapt to EU General Data Protection Regulation (GDPR) requirements when the app becomes available in the European Union.

What Data We Collect

We collect the following categories of personal data:

Account Data:

  • Email address (via Apple Sign-In)
  • Authentication identifiers
  • Language preference

Baby Profile Data:

  • Baby's first name
  • Date of birth
  • Birth weight and current weight entries

Health & Tracking Data:

  • Breastfeeding session logs (duration, side, latch quality)
  • Bottle feeding logs (volume, milk type)
  • Pump session logs (duration, volume, side)
  • Diaper logs (type, time)
  • Sleep logs (duration, quality)
  • Mood entries
  • Pain logs (location, intensity)
  • Baby weight measurements

Onboarding Health Data:

  • Pregnancy health information
  • Delivery type
  • Nipple shape
  • Breastfeeding experience level
  • Support system information
  • Health challenges
  • Feeding goals and preferences

AI Chat Data:

  • Messages you send to our AI assistant
  • AI-generated responses
  • Chat session history

Technical Data:

  • Device type and operating system version
  • App version
  • Crash logs and error reports
  • Timezone setting

Why We Collect Your Data

We process your personal data for the following purposes:

With Your Consent:

  • Processing of health-related data (feeding, mood, pain, weight logs) to provide the tracking features you use
  • Sending your messages to our AI assistant for chat responses
  • Processing onboarding health questionnaire data to personalise your experience

You can withdraw your consent at any time by deleting your account or contacting us at privacy@milkie.app.

To Provide the Service:

  • Creating and managing your account
  • Providing the core tracking and logging features
  • Delivering the AI chat service (free and premium tiers)

For App Improvement & Safety:

  • Improving the app's features and reliability
  • Detecting and preventing abuse of the service
  • Maintaining security and fixing bugs

We do NOT:

  • Sell your personal data to anyone
  • Use your data for advertising
  • Profile you for marketing purposes
  • Share your data with data brokers

Your data exists solely to provide you with a personalised, private experience.

How We Use Artificial Intelligence

Milkie includes an AI-powered chat assistant to provide informational guidance about breastfeeding. Here is how it works:

Chat Messages: When you send a message, it is transmitted to Anthropic's Claude API (Sonnet model) to generate a response. Anthropic is a US-based company. Your messages are sent via encrypted connection and are not used by Anthropic to train their models (per our Data Processing Agreement with Anthropic).

Important: AI responses are informational only and are NOT medical advice. The AI does not have access to your full health history unless you share it in the chat. AI-generated content may contain inaccuracies and has not been reviewed by a medical professional in real time.

International Transfers: Messages sent to Anthropic are transferred to the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest). Anthropic is bound by a Data Processing Agreement that prohibits them from using your data for their own purposes.

Where Your Data Is Stored

Your personal data is stored on Supabase infrastructure located in the EU-Frankfurt (eu-central-1) region. This means your data stays within the European Union.

Security measures include:

  • Encryption at rest (AES-256) for all database storage
  • Encryption in transit (TLS 1.2+) for all data transfers
  • Row-Level Security (RLS) ensuring you can only access your own data
  • Authentication via Apple Sign-In with secure token management
  • Regular security updates and monitoring

Local Storage: The app stores preferences and cached data locally on your device using AsyncStorage. This data never leaves your device and is not accessible to us or any third party.

Who We Share Your Data With

We share your data only with the following processors, strictly for providing the service:

Supabase Inc. Database hosting and authentication (EU-Frankfurt)

Anthropic PBC AI chat responses (United States, with SCCs)

Apple Inc. Authentication via Apple Sign-In

Expo / EAS App updates and build infrastructure

Sentry (Functional Software Inc.) Crash reporting and error diagnostics (United States). Sentry receives device type, OS version, app version, crash stack traces, and may receive user identifiers (email, user ID) when errors occur. Data is used solely for diagnosing bugs and improving app stability.

We do NOT:

  • Sell your personal data to anyone
  • Share your data with advertisers
  • Use third-party analytics or tracking services
  • Allow any third party to use your data for their own purposes

If this ever changes, we will notify you and request your explicit consent before any new sharing occurs.

Your Rights

You have the following rights regarding your personal data:

Access: You can request a copy of all data we hold about you.

Correction: You can correct inaccurate data through the app settings or by contacting us.

Deletion: You can delete your account at any time from the app settings. This triggers deletion of all your personal data within 30 days.

Data Portability: You can request your data in a structured, machine-readable format.

Withdraw Consent: You can withdraw consent at any time.

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell your personal information. To exercise your rights, contact us at privacy@milkie.app.

To exercise any of these rights, contact us at privacy@milkie.app. We will respond within 30 days.

Data Retention

Active Account: Your data is kept for as long as your account is active and you continue to use the service.

Account Deletion: When you delete your account, all your personal data is permanently deleted within 30 days. This includes all tracking logs, chat history, baby profiles, and onboarding data.

Audit Logs: For security purposes, we retain anonymised audit logs (hashed, non-identifiable) for 90 days after account deletion. These logs cannot be used to identify you.

AI Chat History: Chat messages sent to Anthropic are not retained by Anthropic beyond the API request. On our side, chat history is deleted when you delete your account.

Backups: Encrypted database backups that may contain your data are automatically rotated and fully purged within 30 days of account deletion.

Children's Privacy

Milkie is designed for parents and caregivers. The app is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children.

Baby data (name, weight, feeding logs) is entered by the parent or caregiver and is considered the parent's personal data.

If you believe a child under 16 has provided us with personal data, please contact us at privacy@milkie.app and we will promptly delete it.

Cookies and Local Storage

Milkie is a mobile application and does not use cookies.

We use AsyncStorage (a local, on-device storage mechanism) to store:

  • Your authentication session token
  • App preferences (language, theme, unit preferences)
  • Cached data for offline use

This data is stored only on your device, is not transmitted to any server for tracking purposes, and is not accessible to third parties. You can clear this data by logging out or uninstalling the app.

We do not use any tracking pixels, fingerprinting, or cross-app tracking technologies.

International Users

Milkie is currently available in the United States. We apply strong privacy protections to all users regardless of location.

United States: California residents benefit from rights under the CCPA/CPRA, including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

Canada: Your rights under PIPEDA and applicable provincial legislation are respected.

European Union: When Milkie becomes available in the EU, we will comply with GDPR requirements. We already apply privacy-by-design principles that meet or exceed most international standards.

Your data is stored on secure servers with encryption at rest and in transit.

Contact Us

For any questions about this privacy policy or your personal data:

Email: privacy@milkie.app

We aim to respond to all enquiries within 30 days.

Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will:

  • Notify you within the app before the changes take effect
  • Update the "Last updated" date at the top of this policy
  • Where required by law, ask for your consent to the new terms

We encourage you to review this policy periodically. Continued use of the app after changes take effect constitutes acceptance of the updated policy.