← KiddoCareLast updated: 25 March 2026

Privacy Policy

KiddoCare ("we", "our", or "us") is committed to protecting your personal data in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA) and applicable international standards.

1. Data We Collect

We collect the following information when you use KiddoCare:

  • Account data: Email address, display name, and authentication credentials via Firebase Auth.
  • Child health data: Temperatures, symptoms, medication records, vaccine history, growth measurements, and notes you enter about your child.
  • Photos and media: Images you upload for symptom capture or vaccine records, stored encrypted in Firebase Storage.
  • Device data: Device type, OS version, and push notification tokens for sending reminders.
  • Usage data: App interaction patterns to improve our AI guidance (anonymised).
  • Advertising data: On iOS, if you grant permission via the App Tracking Transparency prompt, we collect your device advertising identifier (IDFA) to measure the effectiveness of our advertising campaigns. On Android, we collect anonymous app event data for the same purpose. No health data is ever shared with advertising platforms.

2. How We Use Your Data

  • To provide AI-powered health guidance and triage recommendations.
  • To generate pre-hospital diary PDF exports for your doctor.
  • To send medication dose reminders and health check-in notifications.
  • To improve our AI models using anonymised, aggregated data.
  • To maintain account security and prevent fraud.
  • To measure the performance of our advertising campaigns and understand how users discover KiddoCare (with your consent on iOS).

3. Data Storage and Security

Your child's health data is sensitive and we treat it accordingly:

  • All data is encrypted at rest and in transit (TLS 1.2+).
  • Photos and media are encrypted before storage using AES-256.
  • Our backend servers are hosted on Railway (US region) with strict access controls.
  • Firebase Storage access is governed by security rules — only you can access your data.
  • We do not sell your personal data to any third party.

4. Third-Party Data Processors (AI Services)

When you use the AI health chat feature, KiddoCare transmits certain personal data to the following third-party processors. Your explicit consent is required before this feature activates.

Anthropic, Inc. — Claude AI (AI health responses)

Data transmitted: Symptom descriptions you enter, your child's age and weight, and the conversation history of your current session.

Purpose: Generating AI-powered triage guidance and health recommendations.

Anthropic Privacy Policy ↗

OpenAI — Whisper API (voice transcription)

Data transmitted: Voice audio recordings when you use the microphone input in the AI chat.

Purpose: Speech-to-text transcription only. Audio is processed in real-time and not retained by OpenAI beyond transcription.

OpenAI Privacy Policy ↗

Data shared with Anthropic and OpenAI is used solely to deliver the AI feature. We do not authorise either provider to use your data for training their models beyond what is described in their respective privacy policies. Neither provider sells your data.

Other third-party services:

  • Firebase (Google): Authentication, data storage, and push notifications.
  • RevenueCat: Manages subscription billing. Payment details are processed by Apple or Google and not stored by us.
  • Meta (Facebook): Ad attribution and campaign measurement via the Facebook App Events SDK. Collects anonymous app events (install, registration, subscription) and, with your consent on iOS, the device advertising identifier. No child health data is shared with Meta. See the Meta Privacy Policy ↗.
  • Google Analytics: Anonymous app usage analytics via Firebase Analytics to understand feature adoption, screen views, and app stability. No personally identifiable health data is sent to Google Analytics.

5. Data Retention and Deletion

You may delete your account and all associated data at any time from the app's Settings screen. Upon deletion, your data is permanently removed from our systems within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely.

6. Advertising and Tracking

KiddoCare uses Meta (Facebook) App Events and Google Analytics to measure the effectiveness of our advertising campaigns and understand how parents discover the app. This helps us reach more families who need KiddoCare.

What is shared: Anonymous app events such as app install, account registration, and subscription start. These events contain no child health data, no symptom descriptions, no medical information, and no personally identifiable health records.

iOS users: On first use, KiddoCare will ask for your permission to track via Apple's App Tracking Transparency prompt. If you decline, we respect your choice - ad attribution will use Apple's privacy-preserving SKAdNetwork instead. You can change this at any time in iOS Settings > Privacy & Security > Tracking.

Android users: KiddoCare does not collect the Android Advertising ID. Anonymous event data is collected for campaign measurement only.

7. Children's Privacy

KiddoCare is intended for use by parents and caregivers. We do not knowingly collect data directly from children. All health data entered about a child is entered and controlled by the parent or guardian account holder.

8. Your Rights (PDPA)

Under Malaysia's PDPA, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of your personal data.
  • Withdraw consent for data processing at any time.

To exercise these rights, contact us at privacy@kidoscareapp.com.

9. Contact Us

If you have questions about this policy or how we handle your data, please reach us at hello@kidoscareapp.com.

Privacy Policy — KiddoCare