Is HannaH free to use?

Yes! HannaH is free to download and use. The free plan includes baby tracking (feeding, sleep, diapers), period tracking, pregnancy tracking, growth charts, milestone logging, and access to bedtime stories. Premium unlocks unlimited features, AI-generated personalized lullabies, guided meditations, and the product safety scanner.

What can I track with HannaH?

HannaH covers every stage: period & menstrual cycle tracking with predictions, trying to conceive with fertile window & ovulation tracking, pregnancy week-by-week with kick counter & contraction timer, and baby care with feeding, sleep, diaper, growth charts, tummy time, bath, medication, temperature, and 400+ developmental milestones.

Does HannaH have AI-generated lullabies?

Yes! HannaH can create personalized AI lullabies using your child's name. Choose from multiple music styles and voices. Songs are generated in seconds and can be saved, shared, and played offline. Premium subscribers get unlimited song generation.

What is the product safety scanner?

HannaH includes a barcode scanner that checks food, cosmetics, and household products for safety. It detects 830+ allergens across 11 languages, provides age-aware safety scores (baby, toddler, child, pregnancy, adult), and flags harmful ingredients using EFSA and EU CosIng regulatory databases.

Is my data safe with HannaH?

Absolutely. HannaH is GDPR and COPPA compliant. Your health data is encrypted and stored securely. We never sell your data to third parties. You can delete your account and all data at any time from Settings. Read our full privacy policy at myhannah.app/privacy.

Does HannaH work offline?

Yes! All tracking features (feeding, sleep, diapers, milestones) work offline. Data syncs automatically when you reconnect. Stories, songs, and meditations can be saved for offline playback.

Privacy Policy

Name: HannaH — Where Hope Begins
Author: MV Studio

Effective Date: February 21, 2026

Last Updated: February 21, 2026

Version: 1.0

HannaH ("the App") is operated by MV Studio ("we", "us", "our"). We are deeply committed to protecting your privacy and your family's data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

HannaH covers every stage of your parenting journey — period tracking, trying to conceive (TTC), pregnancy, and baby care. Because we handle sensitive health and children's data, we hold ourselves to the highest standards of data protection, including compliance with the EU General Data Protection Regulation (GDPR), the US Children's Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA).

Information We Collect
How We Use Your Information
Legal Basis for Processing (GDPR)
Information Sharing & Third Parties
Family & Partner Sharing
Children's Privacy (COPPA)
Data Storage & Security
Data Retention & Deletion
Your Rights
International Data Transfers
Cookies & Local Storage
Push Notifications & Food Safety Alerts
Advertising & Tracking
Social Sharing
Health Platform Integration
Changes to This Policy
Contact Us

1. Information We Collect

a) Account Information

Email address, display name, and profile photo
Authentication provider information (Google, Apple, Facebook, or email/password)
Account creation and last sign-in timestamps

b) Children's Information

Child name, date of birth, gender, and profile photo
Health conditions, allergies, and medications
Over 21 types of tracking events including: feeding (bottle, breast, solid food), sleep, diapers, medication, temperature, vaccinations, symptoms, doctor visits, milestones, growth measurements, tummy time, teething, baths, walks, playtime, and custom events
Developmental milestone achievements with optional photos
Vaccination records and medical appointment history

c) Reproductive & Women's Health Data

This data is classified as "special category data" under GDPR Article 9 and receives enhanced protection.

Period tracking: Flow intensity, symptoms, cycle length, cycle predictions, mood, and energy levels
Trying to Conceive (TTC): Basal body temperature (BBT), cervical mucus observations, ovulation prediction kit (OPK) results, intercourse tracking, and pregnancy test results
Pregnancy: Last menstrual period (LMP) date, due date, baby name, gender, kick counting sessions, contraction timing, hospital bag checklists, pregnancy notes, and weekly progress

d) Mental & Physical Health Data

Mood logs and emotional state tracking
Gratitude journal entries
Meditation session usage and preferences
Weight, water intake, energy levels, and sleep quality

e) Photos & Media

Profile photos for parents and children
Milestone and achievement photos
Photos are stored in Firebase Storage (Google Cloud) in your private account folder

f) Device & Technical Information

Device platform (iOS/Android), operating system version, and device model
Firebase Cloud Messaging (FCM) tokens for push notification delivery
Crash reports and error logs (via Firebase Crashlytics)
App usage analytics (via Firebase Analytics)

g) Subscription Information

Subscription status, billing period, and entitlements (managed by RevenueCat)
We do NOT store credit card numbers — payment processing is handled entirely by Apple App Store or Google Play Store

h) Food Safety Alert Preferences

Your home country code (ISO 3166-1 alpha-2) for routing relevant food safety alerts
Optional travel country for extended alert coverage

2. How We Use Your Information

Core functionality: Tracking feeding, sleep, diapers, growth, milestones, and generating insights and analytics (WHO growth charts, cycle predictions, sleep trends)
Food safety alerts: Delivering relevant recall notifications based on your country (FDA, EU RASFF)
Partner sharing: Enabling your partner to view and contribute to shared child data
Reports: Generating PDF doctor reports and GDPR data exports at your request
Notifications: Sending feeding reminders, appointment reminders, and re-engagement notifications
Personalization: Recommending meditations, articles, and content relevant to your lifecycle stage
Subscription management: Managing your premium subscription and feature access
App improvement: Analyzing crash reports and anonymized usage patterns to improve stability and features
Advertising: Displaying non-personalized advertisements on the free tier
Security: Detecting unauthorized access, preventing abuse, and maintaining audit trails

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on the following legal grounds:

Consent — Article 6(1)(a)

HealthKit/Health Connect integration, food safety alert subscriptions, push notifications, advertising identifier access (iOS ATT), and analytics collection.

Contractual Necessity — Article 6(1)(b)

Core app functionality (tracking, insights, data storage), subscription management, and account administration.

Legitimate Interest — Article 6(1)(f)

Crash reporting and stability monitoring, security logging and fraud prevention, rate limiting to prevent abuse.

Explicit Consent for Special Categories — Article 9(2)(a)

Processing of reproductive health data (period, TTC, pregnancy), physical and mental health data, children's health and medical data. You provide explicit consent during onboarding and can withdraw it at any time.

4. Information Sharing & Third Parties

We do NOT sell your personal information to any third party. We share data only with the service providers necessary to operate the App:

Service	Data Shared	Purpose	Retention
Firebase / Google Cloud	All app data (encrypted in transit and at rest)	Database, authentication, file storage, push notifications, analytics, crash reporting	Until account deletion
RevenueCat	User ID, purchase transactions	Subscription & in-app purchase management	Per RevenueCat policy
Google AdMob	Device advertising ID (if consent given on iOS)	Non-personalized advertisements (free tier only)	Per Google policy
Google / Apple / Facebook	Email, name, profile photo (during sign-in). Facebook automatic event logging and advertiser ID collection are disabled.	Authentication	Per provider policy
Apple Siri / Google Speech Recognition	Voice audio (processed by OS speech services, not stored by HannaH)	Speech-to-text for voice input	Per Apple/Google policy

We may also disclose your information if required by law, court order, or governmental authority, or to protect our rights, safety, or the rights and safety of others.

6. Children's Privacy (COPPA Compliance)

HannaH is designed for use by parents and guardians — not by children directly. We comply with the US Children's Online Privacy Protection Act (COPPA).

We collect children's data (name, date of birth, health information) only from verified parents/guardians
We do not engage in behavioral advertising targeted at children
We do not create profiles of children for marketing purposes
Parents can view, export, and delete all of their children's data at any time through the App's Settings

7. Data Storage & Security

We employ multiple layers of security to protect your data:

Cloud Storage

All cloud data is stored in Firebase (Google Cloud Platform) with encryption in transit (TLS) and at rest
Firebase Security Rules enforce strict access control — users can only access their own data, and partners can only access data explicitly shared with them
Photos are stored in Firebase Storage in user-specific private folders

Local Storage

The App uses an offline-first architecture — your data is stored locally on your device using encrypted Hive databases, enabling full functionality without internet
All local data is automatically cleared when you sign out
iOS Home Screen widgets access limited data through a sandboxed App Group container

Security Measures

Immutable security audit trail logging authentication events and data access
Multi-layer defense against data leaks between accounts during sign-out/sign-in
Rate limiting to prevent abuse of tracking features
Strong password requirements (minimum 12 characters with complexity rules) for email/password accounts

8. Data Retention & Deletion

Account data: Retained until you delete your account
Crash reports: Retained for 90 days by Firebase Crashlytics
Analytics data: Retained per Firebase Analytics default settings (up to 14 months)
Legal acceptance records: Retained indefinitely as an immutable audit trail for compliance purposes
Security event logs: Retained indefinitely for fraud prevention and legal compliance

Account Deletion

When you delete your account (Settings > Delete Account), we perform a complete cascade deletion:

All Firestore documents (profiles, events, achievements, chat history, medical records)
All Firebase Storage files (photos, media)
All local Hive databases on your device
Your Firebase Authentication account
Image caches and temporary files

You can export all your data in JSON format (GDPR data export) before deleting your account. Individual child profiles can also be deleted separately.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

✓

Right to Access

View all your data in the App or export it via Settings > Export My Data (JSON and PDF formats available)

✓

Right to Deletion

Delete your entire account and all associated data via Settings > Delete Account, or delete individual child profiles

✓

Right to Data Portability

Export your data in structured JSON format for transfer to another service

✓

Right to Withdraw Consent

Disable HealthKit integration, food safety alerts, or analytics at any time through Settings

✓

Right to Object

Opt out of analytics tracking and advertising

✓

Right to Restrict Processing

Control partner sharing preferences to restrict who can access your data

✓

Right to Rectification

Edit your profile information, children's data, and tracking events at any time

✓

Right to Lodge a Complaint

Contact your local Data Protection Authority (DPA) if you believe we have violated your rights

To exercise any of these rights, use the in-app settings or contact us at hannah@mv-studio.net. We will respond to GDPR requests within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in the United States by the following services:

Firebase / Google Cloud — Database, authentication, and storage infrastructure
RevenueCat — Subscription management

For EU/EEA users, these transfers are protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with each provider. Where applicable, we rely on the EU-US Data Privacy Framework.

11. Cookies & Local Storage

HannaH is a native mobile app and does not use web cookies
We use encrypted local databases (Hive) to store your data on-device for offline functionality
iOS Home Screen widgets use an App Group shared container to display your data on the lock screen
We use Firebase Remote Config to manage feature flags and app configuration — no personal data is used in this process
No cross-app tracking is performed

12. Push Notifications & Food Safety Alerts

Push Notifications

We store Firebase Cloud Messaging (FCM) tokens to deliver push notifications to your device
Notifications include feeding reminders, appointment reminders, and re-engagement messages
You can disable all notifications at any time through your device settings or the App

Food Safety Alerts

If enabled, we subscribe you to FCM topics based on your country code to deliver relevant food recall alerts
Alert sources include the US FDA (Food and Drug Administration) and the EU RASFF (Rapid Alert System for Food and Feed)
Alerts cover infant formula, baby food, and toddler food recalls
Your country code is stored solely for alert routing and is never shared with advertisers
You can enable or disable food safety alerts at any time in Settings
Food safety alerts are provided for informational purposes only and are not a substitute for checking product labels

13. Advertising & Tracking

The free tier of HannaH displays non-personalized advertisements served by Google AdMob. These ads are not based on your behavior, interests, or health data
The premium tier is completely ad-free
On iOS, we request App Tracking Transparency (ATT) consent before accessing the Identifier for Advertisers (IDFA). If you deny this request, no advertising identifier is collected
We use Firebase Analytics to collect anonymized app usage data (screen views, feature usage). You can opt out of analytics through your device settings
Firebase Crashlytics collects crash reports to help us maintain app stability. Crash reports may include device information but are not linked to your personal identity
We do NOT engage in behavioral profiling, cross-app tracking, retargeting, or data broker sharing

15. Health Platform Integration

HannaH can optionally connect to Apple HealthKit (iOS) or Google Health Connect (Android) to read health data such as sleep, weight, water intake, and steps
This integration requires your explicit permission and is available only on the premium tier
Health platform data is stored locally on your device and synced to your private Firebase account — it is never shared with third parties
You can disconnect the health platform integration at any time through the App Settings
We primarily read data from health platforms. Write access (e.g., logging weight entries) is minimal and clearly indicated

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements
For material changes, we will notify you via an in-app notification before the changes take effect
The "Last Updated" date at the top of this page indicates when the policy was last revised
Your continued use of the App after notification constitutes acceptance of the updated policy
Previous versions are available upon request by emailing us

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

Company: MV Studio
Email: hannah@mv-studio.net

We aim to respond to all privacy inquiries within 30 days. For EU/EEA residents, you also have the right to lodge a complaint with your local Data Protection Authority.