Privacy Policy

This Privacy Policy describes how Samio ("we", "us") collects and processes personal data when you use the Samio mobile application (the "App"). We take your privacy seriously and only collect what we need to run the service.

1. Data controller

Samio is operated by Alexander Andersson as an individual developer based in Sweden. For privacy questions or to exercise your rights, contact us at alle7000.andersson@gmail.com.

2. What we collect

Account data

• Email address (from email sign-up or Sign in with Apple, including Apple's private relay addresses)
• Display name
• Password (stored only as an argon2id hash — we never see your plain password)
• Apple subject identifier (if you sign in with Apple)

Family and baby data

• Your baby's name, date of birth, optional sex, and an optional photo you upload (photos are automatically re-encoded on our server to strip any embedded metadata like EXIF/GPS)
• Household information and invitations sent to co-parents
• Feeding events, sleep sessions, diaper changes, milk inventory, growth measurements (weight, height, head circumference), and any notes you add

Device and technical data

• Device identifier and platform (iOS/Android) for session management
• Expo push notification token (only if you allow notifications)
• IP address of requests, used for rate-limiting and security only — not retained long-term

3. Why we process your data (legal basis)

• To provide the service (contract, GDPR Art. 6.1.b): store your logs, sync data between you and your co-parent, keep you signed in, send reminders.
• Your consent (GDPR Art. 6.1.a): push notifications, photo library access, camera access. You can revoke these from your device settings at any time.
• Legitimate interest (GDPR Art. 6.1.f): security, fraud prevention, rate-limiting, detecting abuse.

4. Who we share data with

We do not sell your data. We share only with:

• Co-parents you invite to your household — they see the same baby data as you.
• Apple — if you use Sign in with Apple (their privacy policy applies to that flow), and the Apple Push Notification service for iOS reminders.
• Expo Push Notification Service (operated by Expo, Inc.) — used to deliver reminders to your device. They see the push token and notification payload only.
• Resend — delivers transactional email (verification, password reset). They see your email address and the email content.
• Our hosting provider — the database and API servers are operated on a reputable cloud provider within the EU/EEA.

We do not use third-party analytics, advertising, or tracking SDKs.

5. Data retention

• Account and family data is kept for as long as your account exists.
• Refresh tokens expire after 30 days of inactivity.
• Invitations expire after 7 days.
• Rate-limit records are kept for up to 24 hours.
• Server request logs are retained for up to 30 days for abuse detection and debugging, then purged.
• Encrypted database backups rotate on a short window; when you delete your account, live data is erased immediately and backup snapshots are overwritten within the rotation period.
• When you delete your account (see section 7), all your personal data is permanently erased within a reasonable time, including revocation of any Apple Sign-In tokens.

If your household has a co-parent, deleting your account removes you from it. The household and baby data stays with the co-parent. If you are the only member, the entire household and all logs are deleted.

6. Security

• All network traffic uses HTTPS/TLS.
• Passwords are hashed with argon2id (memory-hard, OWASP-recommended parameters).
• Refresh tokens and reset tokens are peppered and hashed at rest.
• Access tokens are short-lived, JWT-signed, and checked against session revocation on every request.
• Token reuse detection is in place — stolen tokens are automatically revoked.
• Uploaded photos are re-encoded server-side to strip metadata (EXIF, GPS, embedded profiles) before storage.

No system is perfectly secure. If you suspect unauthorised access, email us immediately.

7. Your rights

Under the GDPR, you have the right to:

• Access — ask what data we hold about you.
• Rectify — correct inaccurate data (most fields are editable in-app).
• Erase — delete your account via Settings → Account & sharing → Delete account, or email us.
• Restrict or object to processing.
• Data portability — download a complete JSON copy of all your data in-app via Settings → Account & sharing → Export my data.
• Withdraw consent — revoke push/camera/photo permissions in your device settings.
• Lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) if you believe we have mishandled your data.

8. Data about your baby

Samio is designed to be used by parents and caregivers to track their own child. The baby is not a user of the App. The parent (account holder) is responsible for managing their child's information and deciding what to log.

9. International transfers

We host data within the EU/EEA where possible. Some third-party services (e.g. Apple, Expo Push) may process data outside the EEA under appropriate safeguards (Standard Contractual Clauses or equivalent).

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The "Last updated" date above reflects the current version.

11. Contact

Questions? Requests? Write to alle7000.andersson@gmail.com.