Web portal sign-inDownload mobile app

Privacy policy

This policy explains what information LiluTrack collects, how we use it, and when we share it— whether you only browse this site, use the apps on your phone, or sign in for optional online features.

Last updated: May 1, 2026. If we change this policy, we will update this page and the “last updated” date. Where required by law, we will provide additional notice.

Who we are

“LiluTrack,” “we,” “us,” and “our” mean the team behind LiluTrack: this website at heylilu.com, our mobile apps, the LiluTrack web experience (including pages we host under our app domain), and the systems that run optional accounts and sync when you choose to use them.

For privacy questions or requests, use the Contact page on this website.

What this policy covers

This policy applies to:

  • Visitors to our marketing website (including when you load pages or fonts).
  • Anyone who submits a message through the website contact form (stored on our backend).
  • Users who create an account or use optional online features in LiluTrack mobile apps or the LiluTrack web application.
  • Users who keep all baby logs only on their own devices without using our online account features (see Offline use).

This policy does not govern third-party services you choose separately (for example your device manufacturer, Apple App Store or Google Play, or your email provider). Those services have their own policies.

Offline use

You can use LiluTrack without an online account. What you enter stays on your phone or tablet and is not uploaded for sync unless you later turn on cloud features (covered below). In offline-only use, we do not receive your journal contents from your device.

Local data remains subject to your device security, backups, and any tools you use outside LiluTrack.

Your journal itself stays offline as described above. Separately, if the app hits a serious error or crashes while your phone has internet, it may send a short technical report to help us fix the problem—that is not your baby log and does not replace backup or sync. See Crash and error reports below.

Crash and error reports

Our mobile apps can send crash and error reports to Functional Software, Inc. (Sentry), our crash-reporting partner. That may happen when something goes wrong and your phone is online—even if you never create an account or turn on cloud sync. Reports are meant for troubleshooting: for example app version, device type, and details about what failed. We use them to fix bugs and keep the app stable.

These reports are not your journal and are not a backup. We set them up so ordinary journal entries are not part of them. Please only use each field in the app for what it is meant for.

Sentry processes this information on our behalf. Read more in Sentry's privacy policy.

Categories of information

Depending on how you use LiluTrack, we may process:

  • Account and authentication data (when you use online features): for example email address, authentication identifiers, and security-related signals processed by our identity provider (Google Firebase Authentication).
  • Profile and security details for sync (when you use online features): what you add to your profile (such as display name), plus the technical keys and related information the apps need to encrypt your journal and share it only with caregivers you invite.
  • Encrypted journal data and basic sync details (when you use online features): entries are encrypted on your phone or tablet before they leave it. Our systems hold that encrypted data plus ordinary operational details (such as timestamps and IDs) so authorized accounts can sync and open the right timeline.
  • Contact form submissions: email address, optional name, message text, and basic details tied to sending the form (such as when it was sent).
  • Crash and error reports from the mobile apps: short technical reports sent when something fails (see Crash and error reports), which may include device and app identifiers and details about the error.
  • Running the service: routine logs from our hosting providers when you use online features—for example to keep the site secure and fix outages.

We do not run third-party advertising or analytics trackers on this marketing website as of the last updated date above. Loading this site may still cause your browser to request assets from Google Fonts; those requests are governed by Google's policies.

Why we use information

We use personal data to:

  • Provide, operate, maintain, and improve LiluTrack.
  • Authenticate users, prevent abuse, and protect account security.
  • Deliver optional sync, sharing between caregivers you authorize, and web access to the same encrypted journal.
  • Respond to contact messages and provide support when you reach out.
  • Meet legal obligations and enforce our terms.

Where the GDPR or similar laws apply, we rely on appropriate bases such as performance of a contract, legitimate interests (for example security and product improvement that does not override your rights), and, where required, consent.

Encryption and what we can access

Journal entries are encrypted on your device before they reach our systems. Keys stay with you—your password and any recovery material you save—so routine service operation does not require us to read the contents of your journal.

We still handle other personal information in the usual way for an online product: for example your account email, who is invited to share a baby's log, and technical details needed to run the service. If you contact us, we see what you send. Our hosting providers also see typical connection information (such as IP addresses) while you use online features.

If you lose your password and recovery material, encrypted data may be impossible to recover—for you and for us. That trade-off is intentional so only you and people you authorize can read the journal.

Infrastructure and subprocessors

LiluTrack's online services are built on Google Firebase and related Google Cloud products (including, depending on feature, Firebase Authentication, Firestore, Cloud Functions, and related networking and logging). Google processes data on our behalf as a service provider. Google's terms and privacy notices apply to their processing, for example Firebase's privacy and security information and Google's Privacy Policy.

Data you sync is stored in Google's cloud infrastructure. Locations and replication depend on how the Firebase project is configured; data may be processed in the United States and other countries where Google operates facilities.

Crash and error reports from the apps may go to Functional Software, Inc. (Sentry). See Crash and error reports and Sentry's legal and compliance information.

Retention

We keep account-related and synced data for as long as your account exists and as needed to provide the service. You can delete your online profile and related server-side data from within the LiluTrack apps where that feature is offered; deletion removes associated authentication and profile records according to our deletion routines.

Contact messages are retained until they are deleted as part of normal administration or mailbox hygiene. Server logs are retained for a period typical for security and operations, then rotated or deleted according to provider capabilities and our practices.

Sharing

We do not sell your personal information. We share data with service providers (such as Google) as necessary to run the product, and when required by law, court order, or lawful government request, or to protect rights, safety, and integrity of users and the service.

When you invite other caregivers to a shared baby, you ask us to make the encrypted journal and the access rules for it available only to those accounts.

Your choices and rights

Depending on where you live, you may have rights to:

  • Access, correct, or update certain account information through the apps or web UI.
  • Request deletion of personal data, subject to legal exceptions.
  • Object to or restrict certain processing, or request portability where applicable.
  • Lodge a complaint with a supervisory authority.

To exercise rights that are not available self-serve in the product, contact us through the Contact page. We may need to verify your request.

Children

LiluTrack is intended for adult caregivers maintaining records about an infant or child. Accounts are not intended to be opened by children under 13 (or the digital consent age in your jurisdiction). If you believe a child has created an online account without appropriate consent, contact us and we will take appropriate steps.

Security

We use industry-standard transport security for online traffic and reasonable administrative and technical safeguards. No method of storage or transmission is perfectly secure.

International users

If you access LiluTrack from outside the country where our servers are located, your information may be transferred across borders. Where required, we rely on appropriate safeguards offered by our providers (such as contractual clauses).

Changes to this policy

We may update this policy from time to time. Material changes will be reflected on this page with an updated “last updated” date, and where the law requires, we will notify you through the product or by email.

See also Terms of use · Product privacy overview · Home