Legal

Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how Parentlog collects, uses, stores and protects your personal data when you use our app and website. Please read it carefully. By using Parentlog, you acknowledge that you have read and understood this policy.

1. Who we are

Parentlog is operated by Almira Labs Ltd, a company registered in England and Wales. Registered office: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

For all privacy-related enquiries, contact us at legal@parentlog.app. We are the data controller for the personal data you provide to us.

2. What data we collect

We collect the following categories of personal data:

  • Account data - your name (if provided), email address, and authentication credentials when you sign up. If you sign in with Apple, we receive only the data Apple shares with us under your chosen sharing settings.
  • App content (your records) - journal entries, expense records, calendar entries, messages, and any files you upload (receipts and photos). This data belongs to you. Every record is cryptographically timestamped and verified at the moment of writing to preserve its integrity.
  • Information about third parties you enter - your co-parent's name and email address (when you initiate a pairing), and information about your children that you choose to record. You are responsible for ensuring you have the right to enter this information.
  • Usage and diagnostic data - crash reports, feature usage, and performance data collected via our analytics and crash-reporting tools. This data is anonymised or pseudonymised and cannot be used to identify you.
  • Device data - device type, operating system version, and app version, used for compatibility and diagnostic purposes.
  • Payment data - subscription payments are processed entirely by Apple via the App Store. We do not receive or store your card details.

3. How we use your data

We use your data to:

  • Provide, maintain and improve the Parentlog service
  • Authenticate your account and keep it secure
  • Generate PDF exports at your request, including server-side cryptographic verification
  • Send service notifications (new messages from your co-parent, pairing requests) via push notification
  • Diagnose crashes and improve app stability
  • Comply with our legal obligations

We do not sell your data to third parties. Ever. We do not use your content for advertising. We do not read your private journal entries, messages or records except where required by law.

4. Legal basis for processing (UK & EU GDPR)

We process your data under the following legal bases:

  • Contract (Article 6(1)(b)) - processing necessary to provide the service you have signed up for, including storing your records, generating exports, and enabling co-parent communication.
  • Legitimate interests (Article 6(1)(f)) - crash reporting, fraud prevention and security monitoring, where this does not override your rights and interests.
  • Legal obligation (Article 6(1)(c)) - where we are required to process or retain data to comply with applicable law.

5. Data relating to children

Parentlog is intended for use by adults (aged 18 and over). The app may contain information about children entered by their parents or guardians - for example, custody schedule records or expense notes relating to a child. This information is subject to the same security and access controls as all other user data.

We do not knowingly collect personal data directly from children. If you believe a child has provided us with data without appropriate authorisation, please contact us at legal@parentlog.app.

Where you store health-related information about a child in the Info Library, such as allergies or medical details, this constitutes special category personal data under Article 9 UK GDPR. We process this data under Article 9(2)(c) (vital interests) to support the health and safety of the child, and only to the extent that you choose to enter it. This data is subject to the same access controls and security measures as all other records.

6. Shared data and co-parent pairing

When you connect with a co-parent using an invite code or email, a pairing is established. All data you created before pairing remains private to you; pairing does not automatically share any existing records. Once paired, shared features become active for new records. Handovers, expense requests, settlements, shared calendar days, schedule proposals, swap requests, messages, and Info Library cards created after pairing are visible to both parents. Journal entries are the exception: they remain private by default, and you choose whether to share each one individually at the time of writing.

Shared entries, including messages, are considered the personal data of both you and your co-parent. Because these records may be used as legal evidence, they cannot be deleted by either party unilaterally. Any request to delete shared records will be handled in accordance with our legal obligations and, where applicable, will require the agreement of both parties.

Your private entries remain yours alone and are never visible to your co-parent.

7. Immutability and record integrity

Parentlog is built on a principle of record integrity. The majority of records are immutable once saved: messages, handovers, submitted expenses, settlements, calendar records, schedule proposals, and swap requests cannot be edited or deleted after saving by any user. Private journal entries and Info Library cards can be amended; when amended, the original is preserved alongside the revision so nothing is silently overwritten. The amendment history remains available within the app. Every record is assigned a server-set timestamp and a SHA-256 cryptographic hash at the moment of creation to preserve its evidential integrity.

This means that data deletion rights under UK GDPR (see Section 10) may be subject to legally recognised exceptions where records are reasonably required for the establishment, exercise or defence of legal claims.

8. Data storage and security

Data is held within the United Kingdom (London region) and is subject to UK GDPR. For users based in the European Union, transfers of personal data from the EU to the UK are covered by the European Commission's adequacy decision for the UK.

We take the security of your records seriously. Access to your data is strictly controlled, your private records are visible only to you, and shared records only to you and your connected co-parent. All data in transit is encrypted. We implement technical and organisational measures appropriate to the sensitivity of the information we hold.

No system is completely secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.

9. How long we keep your data

We retain your account and content data for as long as your account is active. If your subscription lapses or is cancelled, your data is not immediately deleted, because we believe your records may still be important to you, and we give you time to export them.

After cancellation: your records are retained for 12 months from the date your subscription ends. During this period you can log back in and download a PDF export of your records (a reasonable limit on export frequency applies). If you re-subscribe at any point during this window, your account is fully restored and the 12-month retention period resets from the new cancellation date, should you cancel again.

Paired accounts: if you are paired with a co-parent, records you share cannot be deleted while the other party's account remains active, even if your own subscription has ended. Once both subscription have been cancelled, shared records are retained for 12 months from the date of the last cancellation, then deleted. This is because shared records may form part of ongoing legal proceedings that neither party has full control over.

Account deletion: if you request full account deletion, we will delete your personal data within 30 days, subject to the paired-account rules above and the exceptions listed below.

We may retain data beyond these periods where:

  • We are required to do so by law or court order
  • Retention is reasonably necessary for the establishment, exercise or defence of legal claims

Anonymised diagnostic data (crash logs, usage statistics) may be retained indefinitely as it cannot be linked back to you.

10. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Access - request a copy of the personal data we hold about you
  • Rectification - ask us to correct inaccurate account data (note: confirmed records cannot be altered by design; see Section 7 for detail)
  • Erasure - request deletion of your personal data, subject to the exceptions described in Sections 7 and 9
  • Restriction - ask us to limit how we process your data in certain circumstances
  • Portability - receive your data in a structured, machine-readable format (your PDF export function serves this purpose for your records)
  • Object - object to processing based on legitimate interests
  • Withdraw consent - for any processing based on consent, at any time, without affecting prior processing
  • Automated decision-making - you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Parentlog does not use automated decision-making or profiling of this kind.
  • Lodge a complaint - you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have handled your personal data unlawfully.

To exercise any of these rights, contact us at legal@parentlog.app. We will respond within 30 days. We may ask you to verify your identity before we act on your request.

11. Third parties we share data with

We share your data only with the following parties, and only to the extent necessary:

  • Google LLC - infrastructure provider for authentication, database, file storage, cloud functions and crash reporting. Google processes data on our behalf under a data processing agreement.
  • Apple Inc. - payment processing via the App Store. Apple processes payment data under their own privacy policy. We do not receive your card details.
  • Legal and regulatory authorities - where we are required to disclose data by law, court order or warrant. We will notify you where legally permitted to do so.

No other third parties receive your personal data.

12. Cookies

The Parentlog website uses only strictly necessary cookies, for example, to remember your preferences so the site works correctly. We do not use advertising, tracking or analytics cookies that require your consent. Under UK PECR, no cookie consent banner is required where only strictly necessary cookies are used.

13. Changes to this policy

We may update this policy from time to time. We will notify you of any significant changes via email or an in-app notice at least 14 days before they take effect. The "last updated" date at the top of this page always reflects the most recent revision. Continued use of Parentlog after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact and complaints

For any privacy questions or to exercise your rights, contact us at legal@parentlog.app. We will respond within 30 days.

If you are not satisfied with our response, you have the right to raise a concern directly with the Information Commissioner's Office (ICO), the UK's data protection authority, at ico.org.uk.