Privacy Policy

Last Updated: May 26, 2026

Effective Date: May 26, 2026

Moments (“the App,” “we,” “us,” or “our”) is developed and operated by Dustin Driese, an individual developer. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Moments app.

We built Moments with privacy as a core principle. Your family's photos, videos, voice notes, transcripts, and personal data are yours - they are stored securely in our cloud infrastructure with strict access controls, and we do not view, mine, or use your content for any purpose beyond delivering the App's features.

1. Information We Collect

1.1 Account Information

When you sign in with Apple, we receive:

  • A unique, anonymous identifier assigned by Apple (not your Apple ID or email)
  • Your name, only if you choose to share it

We do not receive or store your Apple ID password. Apple's Sign in with Apple service may provide a private relay email address rather than your real email, at your discretion.

1.2 Content You Create

The App stores the following content that you create:

  • Photos and videos of your children
  • Voice notes you record, including their automatically-generated text transcripts
  • Text notes and letters you write
  • Child profiles including names, dates of birth, and profile photos
  • Milestones you tag on moments

This content is stored locally on your device (as thumbnails for media) and synced to Supabase, our secure cloud platform, for full-resolution storage and cross-device access.

1.3 Voice Note Transcription

When you record a voice note, the App automatically transcribes it to text using Apple's on-device Speech Recognition framework. The transcription process happens entirely on your phone - the audio is not sent to any transcription service or third-party processor for the purpose of generating the transcript.

Once generated, the resulting transcript is stored alongside the audio recording, and both are synced to Supabase as part of the associated moment. This enables searching your voice notes by what was said and displaying word-by-word highlighting during playback. You can edit any transcript at any time to correct words the recognizer misheard.

1.4 Metadata Automatically Extracted

When you add a photo to a moment, the App may extract the following metadata from the image file's EXIF data:

  • GPS coordinates (latitude and longitude) embedded in the photo
  • Date and time the photo was originally taken

This metadata is used to automatically set the moment's date and location. The App also performs reverse geocoding (converting GPS coordinates to a human-readable place name like “Austin, Texas”) using Apple's MapKit and CoreLocation frameworks, which may query Apple's geocoding service. The resulting date, GPS coordinates, and human-readable location are stored as part of the moment record and synced to Supabase alongside your other content.

1.5 Legacy Contact Information

If you configure a legacy contact (trusted contact for album access in case of prolonged inactivity), the following information is stored in our Supabase database:

  • Your legacy contact's name and email address
  • Your inactivity threshold and grace period settings
  • A timestamp of your last app activity (“heartbeat”)
  • A unique record identifier

This data is protected by row-level security policies and is used solely for the purpose of monitoring inactivity and sending a single notification email to your designated contact if triggered. See Section 4 for details.

1.6 Sharing and Co-Parent Data

If you share a child's album with a co-parent using a handoff key:

  • A shared album record is created in Supabase linking both parent accounts
  • The shared child's moments are synced between both parents via Supabase's secure database and storage
  • Handoff keys (format: MOM-XXXX-XXXX) are temporary and can be revoked at any time

1.7 Information We Do NOT Collect

  • We do not collect behavioral analytics or usage telemetry (which screens you visit, how long you spend in the App, what you tap)
  • We do not collect Apple's IDFA or IDFV device identifiers, or any advertising IDs
  • We do not use tracking pixels, cookies, or fingerprinting
  • We do not collect browsing history or app usage patterns
  • We do not collect contacts, call logs, or messages
  • We do not collect financial or payment information (subscriptions are handled entirely by Apple)

We do collect a limited set of crash and error diagnostics to identify and fix bugs - see Section 1.8 below. This data does not include the content of your moments, your name, your email, or any data that identifies you personally.

1.8 Crash and Error Diagnostics

To identify and fix bugs that affect your experience, the App reports crashes and non-fatal errors to Sentry, an industry-standard error monitoring service. We have configured Sentry to minimize the data shared:

  • Personally Identifiable Information is explicitly disabled (no IP address, no Apple Sign-In identifier, no email, no name)
  • The content of your moments (photos, videos, voice notes, transcripts, text notes) is never sent
  • Sample rates are reduced in production so most sessions are not profiled

What Sentry does receive when an error occurs:

  • The stack trace and error message
  • App version, build number, and environment (debug or production)
  • Device model and iOS version (standard crash report metadata)
  • Internal operation identifiers (for example, the random UUID assigned to a moment) and the name of the operation that failed, to help diagnose sync issues
  • Recent log lines from the App as “breadcrumbs” showing what happened leading up to the error

We do not use Sentry for performance analytics or feature usage tracking - only for crash and error monitoring.

2. How Your Data Is Stored

2.1 On-Device Storage

All content (photos, videos, voice notes, transcripts, text, child profiles) is stored locally on your device using Apple's SwiftData framework. Large binary data (photos, videos, audio) uses external storage managed by the operating system.

2.2 Cloud Sync

Your data is synced to Supabase, a secure cloud platform built on PostgreSQL. This means:

  • Your data is stored in Supabase's infrastructure, encrypted in transit (TLS) and at rest
  • Row-level security policies ensure only you (and co-parents you explicitly invite) can access your data
  • Full-resolution media is stored in Supabase Storage; only thumbnails remain on your device
  • Media is downloaded on-demand and cached locally for performance

2.3 Shared Data (Co-Parent Albums)

When you share a child's album with a co-parent, a shared album record is created in Supabase linking both accounts. Both participants can read and contribute moments. Shared data is protected by row-level security policies that restrict access to authorized participants only.

2.4 Legacy Contact Records

Heartbeat timestamps and legacy contact registration records are stored in our Supabase database. These records contain minimal information (timestamps, contact email, threshold settings) and are used exclusively for the inactivity monitoring system described in Section 4. Access is restricted by row-level security policies.

3. How We Use Your Information

We use your information solely to provide the App's functionality:

DataPurpose
Apple Sign-In identifierAuthenticate your identity and maintain your session
Photos and videosStore and display your children's moments
Voice note audioStore and play back recordings of your child's voice
Voice note transcriptsEnable text search of voice notes and word-by-word playback highlighting
EXIF GPS coordinatesAuto-populate moment location
EXIF date/timeAuto-populate moment date
Reverse geocoding resultsDisplay human-readable location names
Child profilesOrganize moments by child and display age-based timelines
Heartbeat timestampsMonitor activity for the legacy contact system
Legacy contact emailSend a single notification if your inactivity threshold is reached
Handoff keysEnable co-parent album sharing
Crash and error diagnosticsIdentify and fix bugs (via Sentry, with PII disabled and no user content shared - see Section 1.8)

We do not use your data for advertising, profiling, marketing, training machine learning models, or any purpose beyond delivering the App's features and keeping it reliable.

4. Legacy Contact System and Email

The legacy contact feature is an opt-in system designed to ensure a trusted person can access your child's album if you become inactive for an extended period.

How it works:

  1. You designate a trusted contact and set an inactivity threshold (90, 180, or 365 days) plus a grace period (default 30 days)
  2. Each time you open the App, a heartbeat timestamp is written to our Supabase database
  3. A server-side process (Supabase Edge Function) runs daily to check whether your inactivity threshold plus grace period has elapsed
  4. If triggered, a single notification email is sent to your designated contact with instructions for accessing the album
  5. No further emails are sent after the initial notification

Third-party service involved:

Resend (resend.com) is used to deliver the notification email. Resend receives only the recipient's email address and the email content at the time of sending. We do not share any other data with Resend.

Your controls:

  • You can remove a legacy contact at any time, which deletes the associated records
  • You can change the inactivity threshold and grace period at any time
  • Simply opening the App resets the inactivity timer

5. Third-Party Services

The App uses the following third-party services:

ServiceProviderPurposeData Shared
SupabaseSupabase, Inc.Database, storage, auth, and Edge FunctionsAll app content (protected by row-level security policies)
Sign in with AppleAppleAuthentication (via Supabase Auth)Anonymous identifier, name (if shared)
App StoreAppleSubscription billingPayment handled entirely by Apple
MapKit / CoreLocationAppleReverse geocodingGPS coordinates (processed via Apple's frameworks, which may query Apple's geocoding service)
Speech RecognitionAppleOn-device transcription of voice notesAudio is processed locally on your device; no audio or transcript is sent to Apple
ResendResend, Inc.Legacy contact email deliveryRecipient email address, email content (only when triggered)
SentryFunctional Software, Inc. dba SentryCrash and non-fatal error reportingStack traces, app/OS/device metadata, internal operation identifiers, and log breadcrumbs - with PII explicitly disabled and no user content (see Section 1.8)

We do not use any advertising networks, behavioral analytics SDKs, or social media integrations. The only diagnostic service we use is Sentry, scoped narrowly to crash and error reporting as described above.

6. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties for their own purposes.

We may disclose information only in the following limited circumstances:

  • Co-parents you invite: When you share a child's album, the co-parent can see the shared child's moments, profile, and any moments either parent adds
  • Legacy contacts (if triggered): Your designated contact receives an email with album access instructions only after your configured inactivity period elapses
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or other legal process. However, because your private data is protected by row-level security policies and encryption, we restrict access to only what is necessary to operate the service
  • Service providers: Supabase, Resend, and Sentry process limited data as described in Section 5, solely to provide their respective services

7. Data Retention

  • On-device data: Remains on your device until you delete it or uninstall the App
  • Cloud data: Remains in Supabase until you delete it within the App or request account deletion. We retain your data indefinitely while your account is active, since the App is designed for long-term keepsake use.
  • Account deletion: Upon account deletion (initiated from within the App or by request via email), all associated data is permanently removed from our servers within 30 days.
  • Heartbeat records: Remain in our Supabase database as long as you have legacy contacts configured. Removing all legacy contacts deletes associated records.
  • Subscription data: Managed entirely by Apple per their data retention policies

When you delete a child's profile within the App, all associated moments (photos, videos, voice notes, transcripts, text notes) are permanently deleted via cascade deletion.

8. Data Export and Portability

The App provides a built-in export feature that lets you download all your data:

  • Export a single child's album or all children at once
  • Exports include all photos, videos, voice notes, transcripts, and a structured moments.json manifest
  • Exported as a standard ZIP file you can save and use however you wish

9. Your Rights and Controls

You have full control over your data:

  • Access: All your data is visible within the App at all times
  • Export: Use the built-in export feature to download a complete copy of your data
  • Delete: Delete individual moments, children's profiles, or your entire account directly from within the App's settings
  • Modify: Edit or update any content within the App, including correcting voice note transcripts
  • Sharing controls: Revoke co-parent access by revoking the handoff key
  • Legacy contacts: Add, modify, or remove trusted contacts at any time
  • Account deletion: Delete your account and all associated data from within the App. You may also request account deletion by emailing us.

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. To exercise any data rights, please contact us at hello@usemoments.app.

10. Children's Privacy

Moments is designed for parents and guardians to document their children's lives. The App is intended for use by adults only - children should not use the App themselves. Because the App's core purpose is to store personal information about children on behalf of their parents, we want to be especially clear about how that information is handled:

  • Parents control the data. All information about a child (including their name, date of birth, photos, videos, voice recordings, transcripts, and location data) is stored in the parent's account and is fully controlled by that parent. The child is not a user of the App and does not have an account.
  • Voice recordings are stored. When you record a voice note of your child, the audio and its on-device-generated transcript are stored in your account. These recordings are protected by the same row-level security and encryption that protects all your data.
  • Co-parent and legacy access. A child's data is only shared with other adults (co-parents or legacy contacts) when you, the parent, explicitly choose to share or designate access.
  • Gift Key transfer. If you set up a Gift Key, a child's album becomes accessible to them at a future date you choose. From that point forward, the child (then an adult, in the typical use case) controls the album and the data within it.
  • We do not collect from children. We do not knowingly collect any personal information directly from children under 13 (or the applicable age in your jurisdiction). We comply with the Children's Online Privacy Protection Act (COPPA).

If you believe a child has provided us with personal information without parental consent, please contact us at hello@usemoments.app and we will take steps to remove such information.

11. Security

We implement the following security measures:

  • Authentication: Sign in with Apple via Supabase Auth provides industry-standard authentication without exposing passwords
  • Encryption in transit: All data synced to Supabase uses TLS encryption
  • Encryption at rest: Data stored in Supabase is encrypted at rest
  • Row-level security: Database access is controlled by row-level security policies, ensuring users can only access their own data and data explicitly shared with them
  • Minimal data collection: By collecting only what is necessary, we minimize the potential impact of any security incident
  • Crash and error monitoring: We monitor crashes and non-fatal errors via Sentry (see Section 1.8) so that bugs - including any that could affect security or data integrity - are identified and fixed quickly

No system is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

12. International Data Transfers

Your data is stored in Supabase's cloud infrastructure, which may involve servers in multiple regions. Supabase's handling of data transfers is governed by Supabase's privacy policy and applicable data transfer mechanisms.

Email delivery for legacy contact notifications is handled by Resend. Resend's data processing practices are governed by Resend's privacy policy.

Crash and error diagnostics are processed by Sentry (Functional Software, Inc.), based in the United States. Sentry's data processing practices, including its handling of international transfers, are governed by Sentry's privacy policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes include things like new categories of data we collect, new third-party services we use, or new ways we use your information. If we make material changes, we will notify you by:

  • Updating the “Last Updated” date at the top of this policy
  • Providing notice within the App

Your continued use of the App after changes are posted constitutes acceptance of the revised Privacy Policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the “sale” of personal information - we do not sell your personal information
  • Non-discrimination for exercising your privacy rights

15. European Privacy Rights (GDPR)

If you are in the EEA or UK, our legal bases for processing are:

  • Contract performance: Processing necessary to provide the App's features
  • Legitimate interest: Legacy contact inactivity monitoring; crash and non-fatal error diagnostics via Sentry to keep the App reliable and secure (with PII disabled and no user content shared - see Section 1.8)
  • Consent: Optional features like location extraction from photos

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise these rights, contact us at hello@usemoments.app.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@usemoments.app
Website: https://usemoments.app
Developer: Dustin Driese