Privacy Policy

Honey Bun is a baby-care tracker that helps caregivers log feedings, diaper changes, and medicine doses. We built it to be useful at 3 AM with one hand free, and we treat your data the same way we'd want ours treated. This policy explains exactly what we collect, why, where it lives, and how to get rid of it.

What we collect

• Account information. When you sign in with Apple or Google, we receive your email address and a unique user identifier from that provider. We do not receive your password.
• Baby details you enter. Your baby's name and feeding-window preferences you configure in Settings.
• Care logs you create. Feeding sessions (bottle volumes, nursing durations), diaper changes, and medicine doses, with timestamps.
• Conversations with the AI assistant. The text and voice messages you exchange with the in-app assistant, plus a summary of your recent care logs that the assistant uses to answer questions.
• Device push tokens. An anonymous identifier provided by Apple Push Notification Service (on iPhone) or Firebase Cloud Messaging (on Android) so we can send you feeding reminders and missed-window alerts, along with your device model, OS version, and app version so we can identify your device when you contact support. We do not see your phone number.
• Alexa linking metadata. If you choose to link Honey Bun with Amazon Alexa, a short-lived pairing code and your linked status are stored.
• Anonymous usage analytics. Which features get used (e.g., AI assistant opened, settings toggled, sign-in method) via Firebase Analytics. We do not collect the contents of your care logs or your AI conversations here — only event names and basic parameters describing app behavior, tied to your account so we can understand retention.
• Crash diagnostics. When the app crashes, Firebase Crashlytics sends us a report containing the stack trace, your device model, iOS or Android version, app version, and a short trail of recent in-app events ("breadcrumbs") leading up to the crash. No care log contents, AI conversations, or other personal information are included in crash reports. This data lets us find and fix bugs faster.

We do not collect: your location, your contacts, your photos, advertising identifiers, tracking across other apps for advertising, or any data we don't actively need for the features above.

How we use it

• To show you your own care logs and the history view.
• To sync your data across the devices signed into your account (your phone, your partner's phone) in real time.
• To send reminders, missed-feeding alerts, and lock-screen feeding banner updates.
• To answer questions you ask the AI assistant, grounded in your real care logs.
• To process voice utterances if you use Alexa to log entries.

We do not use your data for advertising. We do not sell, rent, or share your data with marketers. We do not train AI models on your data.

Where it's stored

All of your data lives in Google Firebase (Firestore database, Firebase Authentication, Firebase Cloud Messaging) on servers operated by Google Cloud in the United States. Access is scoped to your authenticated account — other Honey Bun users cannot see your data, and our database security rules enforce this server-side.

Third parties we share with

Honey Bun relies on a small number of service providers to function. We only share the minimum data each needs:

• Google Firebase — hosts your account, your care logs, the messages that deliver notifications, anonymous usage analytics (Firebase Analytics), and crash diagnostics (Firebase Crashlytics). Firebase privacy.
• Google Sign-In and Apple Sign In — used to authenticate you. Only the email and user ID returned by these providers is stored on our side, in your user record in our database, so we can identify you when you contact support.
• OpenAI — powers the AI assistant. See the dedicated AI assistant section below for the full disclosure (what's sent, what's not, your consent, your revocation).
• Amazon Alexa — if you link Alexa, basic pairing metadata is exchanged with Amazon's Alexa platform so voice commands can reach your account. Amazon Alexa privacy.

AI assistant (powered by OpenAI)

When you use Honey Bun's AI assistant — by tapping the sparkles icon in the app and either typing or speaking — Honey Bun sends the following data to OpenAI, LLC, over an encrypted HTTPS connection:

• The text or transcribed speech of each message you send
• A short, structured summary of your recent activity: counts and times of the most recent feeds, diapers, and medicine doses (no notes or free-form text)
• Your child's first name and feeding-window settings, so the assistant can answer in context

We do not send your email address, your password, payment information, your location, photos, or full session contents beyond the most recent activity summary.

OpenAI processes this data on its own servers under its own published privacy policy at openai.com/policies/privacy-policy. OpenAI does not use this data to train its models per our API agreement. We have reviewed OpenAI's policy and confirmed it provides protections equivalent to those described in this Privacy Policy, including encryption in transit and at rest, scoped employee access, and a published data-retention policy.

Consent. You explicitly consent to this sharing the first time you open the AI assistant inside Honey Bun. Before that, no data is sent to OpenAI. If you decline, all other Honey Bun features (manual logging, Live Activity, Alexa integration, notifications, sync) continue to work normally.

Revocation. You can revoke consent at any time in Settings → AI Assistant. Revoking stops new transmissions immediately and clears chat history on your device. Data previously sent to OpenAI is retained according to OpenAI's policy; to request deletion of historical data on OpenAI's side, contact them directly.

Your rights and choices

• Access. Everything we store about you appears in the app. Open Settings or History to see your logs and preferences.
• Correction. Edit any care log, baby name, or preference from inside the app.
• Deletion. Open the app → Settings → Delete Account. This permanently removes your account, every care log, your preferences, your device tokens, and your AI conversation history. The action is immediate and cannot be undone. You may also email us at the address below to request manual deletion.
• Export. Request a copy of your data by emailing us at the address below; we will provide a JSON export within 30 days.

Children

Honey Bun is designed to be used by adults (parents and caregivers) to record information about a child. The app is not directed at children, and children are not the users. We do not knowingly collect information directly from anyone under 13. If you believe a child has signed up for an account, contact us and we will delete it.

Data retention

We keep your data for as long as your account is active. Deleting your account through the in-app flow removes all associated data immediately. Server backups roll off within 30 days.

Security

Data is transmitted over HTTPS and stored encrypted at rest by Google Cloud. Access is gated by your account credentials and verified server-side on every request. We do not store passwords ourselves; authentication is handled by Apple, Google, and Firebase Authentication.

Changes to this policy

If we change anything material about how Honey Bun handles your data, we will update this page and adjust the "Last updated" date at the top. For significant changes, we will also notify you in the app the next time you open it.

Contact

Questions, deletion requests, or anything else: support@honeybun.family.