Privacy Policy

Last Updated: April 1, 2026

Effective Date: April 1, 2026

Moments (“the App,” “we,” “us,” or “our”) is developed and operated by Dustin Driese, an individual developer. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Moments app.

We built Moments with privacy as a core principle. Your family's photos, videos, voice notes, and personal data are yours - they are stored securely in our cloud infrastructure with strict access controls, and we do not access your content.

1. Information We Collect

1.1 Account Information

When you sign in with Apple, we receive:

  • A unique, anonymous identifier assigned by Apple (not your Apple ID or email)
  • Your name, only if you choose to share it

We do not receive or store your Apple ID password. Apple's Sign in with Apple service may provide a private relay email address rather than your real email, at your discretion.

1.2 Content You Create

The App stores the following content that you create:

  • Photos and videos of your children
  • Voice notes you record
  • Text notes you write
  • Child profiles including names, dates of birth, and profile photos
  • Milestones you tag on moments

This content is stored locally on your device (as thumbnails) and synced to Supabase, our secure cloud platform, for full-resolution storage and cross-device access.

1.3 Metadata Automatically Extracted

When you add a photo to a moment, the App may extract the following metadata from the image file's EXIF data:

  • GPS coordinates (latitude and longitude) embedded in the photo
  • Date and time the photo was originally taken

This metadata is used to automatically set the moment's date and location. The App also performs reverse geocoding (converting GPS coordinates to a human-readable place name like “Austin, Texas”) using Apple's MapKit and CoreLocation frameworks. This processing happens on your device.

1.4 Legacy Contact Information

If you configure a legacy contact (trusted contact for vault access in case of prolonged inactivity), the following information is stored in our Supabase database:

  • Your legacy contact's name and email address
  • Your inactivity threshold and grace period settings
  • A timestamp of your last app activity (“heartbeat”)
  • A unique record identifier

This data is protected by row-level security policies and is used solely for the purpose of monitoring inactivity and sending a single notification email to your designated contact if triggered. See Section 4 for details.

1.5 Sharing and Co-Parent Data

If you share a child's album with a co-parent using a handoff key:

  • A shared album record is created in Supabase linking both parent accounts
  • The shared child's moments are synced between both parents via Supabase's secure database and storage
  • Handoff keys (format: MOM-XXXX-XXXX) are temporary and can be revoked at any time

1.6 Information We Do NOT Collect

  • We do not collect analytics or usage telemetry
  • We do not collect device identifiers or advertising IDs
  • We do not use tracking pixels, cookies, or fingerprinting
  • We do not collect browsing history or app usage patterns
  • We do not collect contacts, call logs, or messages
  • We do not collect financial or payment information (subscriptions are handled entirely by Apple)

2. How Your Data Is Stored

2.1 On-Device Storage

All content (photos, videos, voice notes, text, child profiles) is stored locally on your device using Apple's SwiftData framework. Large binary data (photos, videos, audio) uses external storage managed by the operating system.

2.2 Cloud Sync

Your data is synced to Supabase, a secure cloud platform built on PostgreSQL. This means:

  • Your data is stored in Supabase's infrastructure, encrypted in transit (TLS) and at rest
  • Row-level security policies ensure only you (and co-parents you explicitly invite) can access your data
  • Full-resolution media is stored in Supabase Storage; only thumbnails remain on your device
  • Media is downloaded on-demand and cached locally for performance

2.3 Shared Data (Co-Parent Albums)

When you share a child's album with a co-parent, a shared album record is created in Supabase linking both accounts. Both participants can read and contribute moments. Shared data is protected by row-level security policies that restrict access to authorized participants only.

2.4 Legacy Contact Records

Heartbeat timestamps and legacy contact registration records are stored in our Supabase database. These records contain minimal information (timestamps, contact email, threshold settings) and are used exclusively for the inactivity monitoring system described in Section 4. Access is restricted by row-level security policies.

3. How We Use Your Information

We use your information solely to provide the App's functionality:

DataPurpose
Apple Sign-In identifierAuthenticate your identity and maintain your session
Photos, videos, voice notesStore and display your children's moments
EXIF GPS coordinatesAuto-populate moment location
EXIF date/timeAuto-populate moment date
Reverse geocoding resultsDisplay human-readable location names
Child profilesOrganize moments by child and display age-based timelines
Heartbeat timestampsMonitor activity for the legacy contact system
Legacy contact emailSend a single notification if your inactivity threshold is reached
Handoff keysEnable co-parent album sharing

We do not use your data for advertising, profiling, marketing, training machine learning models, or any purpose beyond delivering the App's features.

4. Legacy Contact System and Email

The legacy contact feature is an opt-in system designed to ensure a trusted person can access your child's vault if you become inactive for an extended period.

How it works:

  1. You designate a trusted contact and set an inactivity threshold (90, 180, or 365 days) plus a grace period (default 30 days)
  2. Each time you open the App, a heartbeat timestamp is written to our Supabase database
  3. A server-side process (Supabase Edge Function) runs daily to check whether your inactivity threshold plus grace period has elapsed
  4. If triggered, a single notification email is sent to your designated contact with instructions for accessing the vault
  5. No further emails are sent after the initial notification

Third-party service involved:

Resend (resend.com) is used to deliver the notification email. Resend receives only the recipient's email address and the email content at the time of sending. We do not share any other data with Resend.

Your controls:

  • You can remove a legacy contact at any time, which deletes the associated records
  • You can change the inactivity threshold and grace period at any time
  • Simply opening the App resets the inactivity timer

5. Third-Party Services

The App uses the following third-party services:

ServiceProviderPurposeData Shared
SupabaseSupabase, Inc.Database, storage, auth, and Edge FunctionsAll app content (protected by row-level security policies)
Sign in with AppleAppleAuthentication (via Supabase Auth)Anonymous identifier, name (if shared)
App StoreAppleSubscription billingPayment handled entirely by Apple
MapKit / CoreLocationAppleReverse geocodingGPS coordinates (processed on-device or via Apple's servers)
ResendResend, Inc.Legacy contact email deliveryRecipient email address, email content (only when triggered)

We do not use any advertising networks, analytics SDKs, crash reporting tools, or social media integrations.

6. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties for their own purposes.

We may disclose information only in the following limited circumstances:

  • Co-parents you invite: When you share a child's album, the co-parent can see the shared child's moments, profile, and any moments either parent adds
  • Legacy contacts (if triggered): Your designated contact receives an email with vault access instructions only after your configured inactivity period elapses
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or other legal process. However, because your private data is protected by row-level security policies and encryption, we restrict access to only what is necessary to operate the service
  • Service providers: Supabase and Resend process limited data as described in Section 5, solely to provide their respective services

7. Data Retention

  • On-device data: Remains on your device until you delete it or uninstall the App
  • Cloud data: Remains in Supabase until you delete it within the App or request account deletion. Upon account deletion, all associated data is permanently removed from our servers.
  • Heartbeat records: Remain in our Supabase database as long as you have legacy contacts configured. Removing all legacy contacts deletes associated records.
  • Subscription data: Managed entirely by Apple per their data retention policies

When you delete a child's profile within the App, all associated moments (photos, videos, voice notes, text notes) are permanently deleted via cascade deletion.

8. Data Export and Portability

The App provides a built-in export feature that lets you download all your data:

  • Export a single child's vault or all children at once
  • Exports include all photos, videos, voice notes, and a structured moments.json manifest
  • Exported as a standard ZIP file you can save and use however you wish

9. Your Rights and Controls

You have full control over your data:

  • Access: All your data is visible within the App at all times
  • Export: Use the built-in export feature to download a complete copy of your data
  • Delete: Delete individual moments, children's profiles, or your entire account
  • Modify: Edit or update any content within the App
  • Sharing controls: Revoke co-parent access by revoking the handoff key
  • Legacy contacts: Add, modify, or remove trusted contacts at any time
  • Account deletion: Request deletion of your account and all associated data

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. To exercise any data rights, please contact us at hello@usemoments.app.

10. Children's Privacy

Moments is designed for parents to document their children's lives. Important considerations:

  • The App is intended for use by adults (parents and guardians). Children should not use the App themselves.
  • We do not knowingly collect information directly from children under 13 (or the applicable age in your jurisdiction)
  • Photos and information about children are stored in the parent's secure cloud account and controlled entirely by the parent
  • Co-parent sharing is initiated and controlled by the parent who created the child's profile
  • We comply with the Children's Online Privacy Protection Act (COPPA) and do not collect personal information from children

If you believe a child has provided us with personal information without parental consent, please contact us at hello@usemoments.app and we will take steps to remove such information.

11. Security

We implement the following security measures:

  • Authentication: Sign in with Apple via Supabase Auth provides industry-standard authentication without exposing passwords
  • Encryption in transit: All data synced to Supabase uses TLS encryption
  • Encryption at rest: Data stored in Supabase is encrypted at rest
  • Row-level security: Database access is controlled by row-level security policies, ensuring users can only access their own data and data explicitly shared with them
  • Minimal data collection: By collecting only what is necessary, we minimize the potential impact of any security incident

No system is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

12. International Data Transfers

Your data is stored in Supabase's cloud infrastructure, which may involve servers in multiple regions. Supabase's handling of data transfers is governed by Supabase's privacy policy and applicable data transfer mechanisms.

Email delivery for legacy contact notifications is handled by Resend. Resend's data processing practices are governed by Resend's privacy policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Updating the “Last Updated” date at the top of this policy
  • Providing notice within the App

Your continued use of the App after changes are posted constitutes acceptance of the revised Privacy Policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the “sale” of personal information - we do not sell your personal information
  • Non-discrimination for exercising your privacy rights

15. European Privacy Rights (GDPR)

If you are in the EEA or UK, our legal bases for processing are:

  • Contract performance: Processing necessary to provide the App's features
  • Legitimate interest: Legacy contact inactivity monitoring
  • Consent: Optional features like location extraction from photos

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise these rights, contact us at hello@usemoments.app.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@usemoments.app
Website: https://usemoments.app
Developer: Dustin Driese