Privacy policy.

01A quick summary

02Information we collect

We collect only the information we need to operate the Service.

3.1 Information you provide

• Account information. You can create an account using Sign in with Apple, Google Sign-In, or email. With Sign in with Apple, Apple shares an account identifier and, if you choose to share them, your name and email address; you may also use Apple's private relay address to keep your real email hidden. With Google Sign-In, we receive your Google account identifier, name, email address, and profile picture. With email sign-in, we collect the email address you provide and use a one-time link or code to verify it. We never receive your Apple or Google password.
• Profile information. A display name and optional profile picture you choose to set inside the app.
• Moment content. The photos and videos you capture or upload inside a Moment, the title and dates you set for the Moment, the invite codes you generate, and the list of people you invite.
• Communications. If you email us, send us feedback, or report a problem, we receive the contents of that message and your contact details.

3.2 Information collected automatically

• Device and technical information. Device model, operating system version, app version, language, time zone, and a device identifier generated for diagnostic purposes.
• Diagnostic and crash data. Limited logs that help us diagnose crashes and stability issues. These logs do not contain the contents of your photos or videos.
• Product analytics. We use PostHog to understand which features are used and to spot issues. Analytics events are anonymous: we do not send your email, account ID, name, or any other identifier that could link them back to you, and they never contain the contents of your photos, videos, or messages.
• Push notification token. If you enable push notifications, we store the token issued by Apple or Google so we can deliver notifications about your Moments.
• Approximate location. We do not request precise location. We may infer an approximate region from your IP address for security and fraud prevention.

3.3 Purchase information

• In-app purchases. Purchases are processed by Apple through the App Store using In-App Purchase. Apple shares with us a receipt and a transaction identifier so we can grant the entitlement you bought. We do not see your full payment card details. Apple's handling of your payment information is governed by Apple's privacy policy.

3.4 Information we do not collect

• We do not collect precise GPS location.
• We do not collect contacts, calendar, or microphone data unless a future feature explicitly asks for permission and you grant it.
• We do not use third-party advertising SDKs, ad identifiers (IDFA), or cross-app tracking. Our App Store privacy manifest is set to "Data Not Used to Track You".
• We do not link product analytics to your identity. PostHog events are not tagged with your email, account ID, name, or any other personal identifier.

03Your photos and videos

This is the section that matters most to us.

• Where they live. Media you capture or upload is stored in encrypted object storage operated by our infrastructure provider (Supabase). It is encrypted in transit (HTTPS / TLS) and at rest.
• Who can see them. Only people who are members of the same Moment, signed in with the account that joined it. Access is enforced at the database layer using row-level security and signed, short-lived URLs.
• What we do with them. Nothing beyond storing them so you and the people in your Moment can view them. We do not view your media in the ordinary course of running the Service. We do not use your media to train, fine-tune, or evaluate machine learning models. We do not sell your media. We do not show it to advertisers.
• Limited operational access. A small number of authorised engineers may need to access raw storage in narrow, audited circumstances, for example to investigate a security incident or to comply with a legal order. Such access is logged.
• Backups. Routine encrypted backups exist for disaster recovery. When you delete content, it is removed from active storage immediately. Residual copies in encrypted backups are overwritten on our standard backup rotation, no later than 30 days.
• What happens when you delete a Moment, an item, or your account. The associated photos and videos are deleted from active storage. See Section 06 for the full deletion flow.

04How we use information

We use your information only for the following purposes:

We do not use your personal information for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

05Legal bases for processing (UK and EU users)

If you are in the United Kingdom or the European Economic Area, we rely on the following legal bases under the UK GDPR and the EU GDPR:

• Performance of a contract. To provide the Service you signed up for, including storing and delivering your Moments.
• Legitimate interests. To keep the Service secure, prevent abuse, debug issues, and run our business in a sustainable way. We balance these interests against your rights and freedoms.
• Consent. Where we ask for it, for example to send push notifications or to access your camera or photo library. You can withdraw consent at any time in your device settings.
• Legal obligation. Where we are required to retain or disclose information by law.

06Data retention and deletion

We retain personal information only for as long as we need it.

• Moment content. Retained while the Moment exists and you are a member of it. Removing yourself from a Moment, or the host deleting the Moment, removes your access. Deleting your own media removes it from the Moment and from active storage.
• Account data. Retained while your account is active.
• Purchase records. Retained for the period required by tax and consumer-protection laws (typically up to 7 years), in a form sufficient to meet those obligations.
• Diagnostic logs. Retained for up to 90 days, then deleted or aggregated.

How to delete your data

• Delete a single photo or video: open the Moment, long-press the item, and choose Delete.
• Delete a Moment: the host can delete the Moment from its settings. All media in that Moment is deleted.
• Leave a Moment: removes your access, but does not delete media uploaded by other members.
• Delete your account: open the app, go to Settings, then Delete Account. This removes your profile, your media across all Moments, and any Moments where you were the only member. Within 30 days, residual copies in encrypted backups are overwritten on our standard backup rotation. Purchase records may be retained for legal and accounting purposes as described above. Step-by-step instructions ›

If you cannot access the app for any reason, you can request deletion by emailing hello@yourlittlemoments.com from the address associated with your account.

07How we share information

We do not sell your personal information. We share information only in the limited circumstances below.

8.1 Service providers (processors)

We use the following providers to operate the Service. They act on our instructions and are bound by contracts that protect your information.

8.2 Other people in your Moments

Information you choose to share inside a Moment (your display name, profile picture, and the media you upload) is visible to the other members of that Moment. This is the entire point of the Service.

8.3 Legal and safety

We may disclose information if we believe in good faith that it is necessary to:

• comply with a law, regulation, legal process, or enforceable governmental request;
• enforce our Terms of Service;
• detect, prevent, or address fraud, security, or technical issues;
• protect the rights, property, or safety of Little Moments, our users, or the public.

Where legally permitted, we will notify you before disclosing your information in response to a legal request.

8.4 Business transfers

If we are involved in a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have.

08Security

We take reasonable and appropriate technical and organisational measures to protect your information, including:

• TLS encryption for data in transit.
• Encryption at rest for stored media and database backups.
• Row-level security policies that scope every read and write to the correct user.
• Short-lived signed URLs for media access.
• Least-privilege access controls for our team, with audit logging.
• Regular review of our infrastructure providers' security posture.

No system is perfectly secure. If we become aware of a security incident that affects your personal information, we will notify you and the relevant authorities as required by law.

09Your rights

Depending on where you live, you have some or all of the following rights:

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to correct information that is inaccurate or incomplete.
• Deletion. Ask us to delete your personal information. See Section 06 for the in-app flow.
• Portability. Receive a copy of your information in a structured, commonly used, machine-readable format.
• Objection and restriction. Object to, or ask us to restrict, certain processing.
• Withdraw consent. Where we rely on your consent, withdraw it at any time. Withdrawal does not affect processing carried out before the withdrawal.
• Lodge a complaint. Complain to your local data protection authority. In the UK, that is the Information Commissioner's Office (ico.org.uk). In the EU, your local supervisory authority.

California residents (CCPA / CPRA)

California residents have the right to:

• know what categories of personal information we have collected and how we use them;
• request access to specific pieces of personal information;
• request deletion of personal information;
• correct inaccurate personal information;
• opt out of the sale or sharing of personal information;
• limit the use of sensitive personal information;
• not be discriminated against for exercising these rights.

We do not sell personal information and we do not share personal information for cross-context behavioural advertising. We do not process sensitive personal information for purposes that require an opt-out.

To exercise any of these rights, email hello@yourlittlemoments.com. We will verify your identity using the email address linked to your account and respond within the timeframe required by applicable law.

10Children

Little Moments is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@yourlittlemoments.com so we can delete it.

11Cookies and the website

The yourlittlemoments.com marketing website uses only strictly necessary cookies and similar technologies required to load the site, remember your basic preferences, and protect against abuse. We do not use advertising cookies or third-party analytics that profile you across sites. If this changes, we will update this policy and, where required, ask for your consent.

12Push notifications

If you allow notifications, we send you messages about activity in your Moments, for example when someone joins or uploads media. You can turn off notifications at any time in your device settings. Notification tokens are deleted when you sign out or delete your account.

13Third-party links

The app and website may include links to third-party services. Their privacy practices are governed by their own policies, not this one. We encourage you to read them.

14Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If the changes are material, we will give you reasonable advance notice through the app, by email, or both, before they take effect. Your continued use of the Service after the changes take effect means you accept the updated policy.

15Contact us

Questions, requests, or complaints? Email hello@yourlittlemoments.com and we will get back to you.