Privacy Policy
Last updated: April 6, 2026
Introduction
This Privacy Policy describes how Novi Homines Software Oy ("we", "us", or "our") handles information when you use the Vaava mobile application.
By using Vaava, you agree to this Privacy Policy. We do not sell your data. Our business model is built on providing value through our app, not through data monetization.
Local Data
In basic use, Vaava operates completely on your devices. We do not collect, store, or transmit any of your personal data or baby tracking information to our servers or any other third party services.
What stays on your device:
- All baby event data (feedings, diaper changes, sleep, etc.)
- Device pairing information
- App preferences and settings
Device pairing:
When you pair devices (e.g., phone with tablet or partner's phone), synchronization happens directly between your devices over your local network via peer-to-peer connections. No baby data passes through our servers.
Privacy Promise: By default, we have zero access to your baby or any other data.
Vaava Plus and Cloud Sync
Vaava Plus is optional. If you enable Vaava Plus cloud features, we process a limited set of account and service data so subscription and encrypted sync can work.
Data processed for Vaava Plus:
- Account identifiers (such as email and Firebase user ID)
- Subscription entitlement metadata (such as status, tier, renewal/expiry time, and provider references)
- Device and sync metadata (such as device ID, device name/type/platform, and sync cursors)
- Encrypted sync data (ciphertext and cryptographic metadata)
- Wrapped key material needed for end-to-end encrypted household sync and recovery
For Vaava Plus cloud sync, baby event content is stored as encrypted ciphertext. The backend stores wrapped keys and encrypted payloads required for syncing but is not designed to read readable event content.
Optional Crash Reporting
Vaava includes an optional crash reporting feature powered by Firebase Crashlytics to help us diagnose technical failures and improve reliability.
- Disabled by default - Crash reporting starts only if you enable it
- User-controlled - You can enable or disable it at any time in Vaava Settings
- No baby tracking data - Crash reports do not include your baby event content
What may be collected when enabled:
- Crash stack traces and technical error details
- App version, bundle or package identifier, and crash timestamp
- Device and operating system details such as model, OS version, memory, and storage state
- Crashlytics installation identifiers and Firebase session identifiers used to group crash reports
- Technical app state around the crash, such as whether the app was in the foreground or background
What Vaava does not attach:
- No custom user ID is attached to Crashlytics reports
- No custom logs or custom keys are added by Vaava
- No analytics breadcrumb events are sent with crash reports in the current setup
Crash diagnostics are used only for app stability and debugging, not for advertising or marketing.
Voice Event Parsing
When you use the voice input feature, audio is transcribed using on-device speech recognition when possible. In some cases, voice data may be processed by external AI services (like Google Gemini) to convert natural language into structured event fields.
- Voice data is processed transiently and not stored
- AI processing is used solely for converting speech to structured data
- No voice recordings are retained after processing
Third-Party Services
Vaava uses the following third-party services:
- Firebase Crashlytics - Optional crash diagnostics (disabled by default, user-controlled in Settings).
- Firebase Authentication - Account sign-in and identity for Vaava Plus.
- RevenueCat - Used only for Vaava Plus subscription entitlement processing and lifecycle webhooks.
- Apple App Store / Google Play - Used only for Vaava Plus in-app purchase billing and subscription management.
- Voice dictation feature - The voice dictation feature uses a 3rd party services to create structured data from the text transcript. No data is stored related to the voice dictation feature.
These services have their own privacy policies. We only share the minimum necessary data with each service to provide the stated functionality.
Data Security
We implement industry-standard security measures:
- TLS encryption
- In local network data sharing is encrypted with indusrty standard encryption methods (like AES-256)
- No baby data collection in Local Mode (zero data to protect)
- Industry-standard security practices for app infrastructure
Your Rights
You can:
- Export your data from supported app features
- Delete local app data from your device
- Request account deletion for Vaava Plus account data from within supported app flows
- Manage or cancel subscriptions through your App Store or Google Play account settings
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes through the app. Continued use of Vaava after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: hello@vaava.app
Company: Novi Homines Software Oy