Kiduvo Privacy Policy
This Privacy Policy explains how NK Software (Pty) Ltd ("we", "us", "Kiduvo") collects, uses, stores and shares information when you use the Kiduvo mobile application and related services (collectively, the "Service"). Kiduvo is a child health record-keeping app for parents and caregivers. We are committed to handling your information transparently and in line with the South African Protection of Personal Information Act (POPIA) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Who we are
The data controller responsible for your personal information is NK Software (Pty) Ltd, registered in South Africa. You can contact us at proteabyte@gmail.com for any privacy-related question, access request, correction or deletion.
2. Information we collect
We only collect information that is necessary to provide the Service. Specifically:
Account information
- Email address — used to identify your account and contact you about service-related issues.
- Full name — used to personalise the app.
- Country — used to load the correct childhood vaccine schedule.
- Authentication identifier from Google Sign-In, where you choose that sign-in method.
Information you record about your child(ren)
The core purpose of Kiduvo is to let you keep a single, organised record of your child's health journey. You may choose to enter the following about each child:
- First name, surname, date of birth, blood type, photo and profile colour.
- Allergies, chronic conditions and medical notes.
- Vaccination history (administered and scheduled doses).
- Illness episodes, temperature readings and symptoms.
- Medications, doses given and reminders.
- Doctor diagnoses, treatment plans and visit notes.
- Growth measurements (weight, height, percentiles).
- Developmental milestones.
- Deworming records and appointment reminders.
- Care-team contacts (e.g., your paediatrician or daycare).
- Documents you upload to the Document Gallery (e.g., birth certificates, prescriptions, medical reports, photos).
All of this information is provided voluntarily by you. We do not obtain children's information from any other source.
Subscription information
If you subscribe to Kiduvo Premium, the purchase is processed by the Google Play Store or Apple App Store. We do not see, collect or store your payment card details. We do receive, via our subscription provider RevenueCat, a non-personal entitlement record that tells the Service whether your account is on the Free or Premium tier and when your subscription is due to renew.
Diagnostic information
Our backend may log technical events (such as failed sign-ins or server errors) so that we can diagnose and fix problems. These logs do not contain the contents of your child's health records. We also use Firebase Analytics to count high-level feature events (e.g., "a vaccine was marked as given") and Firebase Crashlytics to record stack traces when the app crashes. Neither tool transmits the contents of your child's health records.
Advertising identifier
Free-tier users see banner advertisements served by Google AdMob at the bottom of certain screens. AdMob may receive your device's advertising ID (a resettable identifier you control in your phone's settings) and your approximate IP location in order to serve and measure ads. Because Kiduvo is treated as a child-directed service, we configure AdMob to disable personalised advertising — only family-safe, non-behavioural ads are served, and your advertising ID is not used to build a profile across apps. Premium subscribers do not see ads.
3. How we use your information
We use your information solely to:
- Provide the features of the Service (display records, generate reminders, compute vaccine schedules, etc.).
- Authenticate you and keep your account secure.
- Operate the subscription system (Free vs. Premium gating).
- Communicate with you about service notices and your account (e.g., password resets).
- Diagnose problems and improve reliability.
- Comply with our legal obligations.
We do not use your child's health records to target advertising, build marketing profiles, or sell data to third parties. Banner ads in the free tier are served as non-personalised, family-safe ads only, with personalisation disabled at the SDK level.
4. Who we share your information with
We share information only with the limited service providers required to run the Service, and only to the extent each provider needs to perform its function. The current sub-processors are:
| Provider | Purpose | Data accessed |
|---|---|---|
| Supabase, Inc. | Hosting our database, authentication and document storage. | All account and health data you enter. |
| RevenueCat, Inc. | Managing subscriptions and entitlements across Google Play and Apple App Store. | Your Kiduvo user ID and subscription status (no health data). |
| Google LLC | Optional Google Sign-In and Google Play in-app billing. | Your Google account email, name and avatar (if you choose Google Sign-In); store-side purchase tokens (if you subscribe via Google Play). |
| Apple Inc. | App Store distribution and in-app billing (where applicable). | Store-side purchase tokens (if you subscribe via Apple). |
| Google AdMob | Serving non-personalised, family-safe banner advertisements to free-tier users. | Advertising ID, approximate IP location, basic device information. No health record content. |
| Google Firebase | Anonymous analytics (feature usage counts) and crash reporting. | Installation ID, device model, OS version, crash stack traces, basic event names. No health record content. |
| Resend, Inc. | Sending transactional emails (sign-up confirmation, password resets) from noreply@kiduvo.app. | Your email address and the email body content. No health record content. |
We may also disclose information when required by law, to protect the safety of users, or as part of a corporate transaction (e.g., a merger), in which case we will inform you in advance.
5. Where your information is stored
Your account and child records are stored on Supabase infrastructure. Supabase operates data centres in several regions; the Kiduvo project is hosted in a single region selected by us. Data is encrypted in transit using TLS and encrypted at rest by the hosting provider. Documents you upload to the Document Gallery are stored in Supabase Storage and access-controlled to your account only.
6. How long we keep your information
We retain your data for as long as your account is active. If you delete your account, we remove all personal information and child records within 30 days. Backup copies are purged within a further 30 days. Some non-personal aggregated logs may be retained longer for security and integrity purposes.
7. Your rights
Wherever you live, you have the right to:
- Access a copy of the personal information we hold about you and your child(ren).
- Correct inaccurate information — most of which you can edit directly in the app.
- Delete your account and all associated child records.
- Export your data in a portable format.
- Object to any processing not strictly necessary to provide the Service.
- Lodge a complaint with a supervisory authority — in South Africa, the Information Regulator (inforegulator.org.za).
To exercise any of these rights, email proteabyte@gmail.com from the address on your account. We respond within 30 days.
8. Children's privacy
Kiduvo is designed for use by parents, legal guardians and caregivers, and it is not directed at children. The application is rated for users aged 18 and over. While the records you keep in Kiduvo describe children, the data is provided to us by an adult account holder who is responsible for that child's welfare. If you believe a child has created an account directly without parental consent, please contact us and we will remove the account.
9. Security
We protect your information with a combination of technical and organisational measures, including TLS encryption for all data in transit, encryption at rest at the hosting layer, row-level security policies that prevent one user from reading another user's data, password hashing, and access logging. No system is perfectly secure, however, and you should also protect your account by choosing a strong password and not sharing it.
10. International transfers
Because our service providers operate globally, your information may be processed outside South Africa or the European Economic Area. Where we transfer personal information across borders, we rely on the protections and safeguards offered by those service providers (including Standard Contractual Clauses where applicable).
11. Changes to this Policy
We may update this Privacy Policy from time to time. When we make a material change we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the app or by email. Continuing to use the Service after an update means you accept the revised Policy.
12. Contact
Questions, requests or concerns? Email proteabyte@gmail.com and a human will reply.