Privacy Policy

Effective Date: 01/04/2026
App Name: The Little Things

1. Introduction

We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our app.

This policy complies with:

• The Protection of Personal Information Act (POPIA)

• The General Data Protection Regulation (GDPR)

By using our app, you agree to this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect:

• Name

• Email address

• Account credentials

2.2 Children’s Information

Our app allows you to create and manage profiles for children. This may include:

• Child’s name

• Date of birth

• Photos and media

• Diary entries and notes

You confirm that you are the parent, legal guardian, or have obtained appropriate consent to upload and manage this information.

2.3 Usage Data

We may collect limited technical data such as:

• Device type

• App usage logs

• IP address

3. How We Use Your Information

We use your data to:

• Provide and maintain the app

• Store and display diary entries and media

• Enable secure sharing between authorized users

• Improve functionality and performance

• Ensure security and prevent unauthorized access

4. Security and Encryption

We take the protection of your data seriously.

4.1 End-to-End Encryption

All sensitive content, including:

• Diary entries

• Photos and media

• Child profiles

is protected using end-to-end encryption. This means:

• Data is encrypted on your device before being transmitted

• Only authorized users can decrypt and view the content

4.2 Secure Sharing via Access Codes

To share a child’s profile:

• A randomly generated 8-character access code is used

• Codes are time-limited and expire after 48 hours

• Only users with a valid code and account can request access

• Access must be explicitly approved by the profile owner

4.3 Account Security

Access to data is restricted to:

• Authenticated (logged-in) users

• Users explicitly granted permission

We implement safeguards such as:

• Authentication controls

• Secure communication (HTTPS)

• Access restrictions

5. Legal Basis for Processing (GDPR)

We process personal data based on:

• Consent

• Contractual necessity

• Legitimate interests (security, improvements)

6. Sharing of Information

We do not sell or trade your personal data.

We only share data:

• With users you explicitly authorize

• With service providers (e.g., cloud hosting), who cannot access encrypted content

• When required by law

7. International Data Transfers

Your data may be processed in countries outside your own.

We ensure appropriate safeguards, including:

• GDPR-compliant service providers

• Data protection agreements

8. Data Retention

We retain your data:

• While your account is active

• Until you delete your account

After deletion:

• Data is permanently deleted within [30] days

• Encrypted backups are securely removed thereafter

9. Your Rights

Under POPIA and GDPR, you have the right to:

• Access your data

• Correct or update your data

• Delete your data

• Withdraw consent

• Object to processing

• Lodge a complaint with a data protection authority

10. Children’s Privacy

We process children’s data only with verified parental or guardian consent.

We do not allow children to create accounts directly.

11. Cookies and Tracking

We may use limited tracking technologies for:

• Authentication

• Performance monitoring

12. Third-Party Services

We may use third-party providers (e.g., hosting or analytics).
These providers are contractually obligated to protect your data and comply with applicable laws.

13. Changes to This Policy

We may update this policy from time to time.
You will be notified of material changes.

14. Contact Us

Email: mienghabehardien@gmail.com