Privacy Policy
Effective date: July 11, 2026 · Last updated: July 11, 2026
This Privacy Policy describes how Don't Buy That Yet (“we”, “us”, or “our”) collects, uses, and shares information when you use the Don't Buy That Yet: Baby mobile application (the “App”) and the websites we operate (together, the “Services”). We built the Services around a simple idea: help you buy less, not learn more about you. We collect the minimum we need to run the audit you ask for.
1. Information we collect
Information you provide
- Your registry or shopping list. The product names you paste or type into the App so we can audit them. The list should contain product names only — please do not include names, addresses, or other personal details in it. We apply automated filtering to the text you submit, but the best protection is not to paste personal information in the first place.
- Household answers. Your answers to the App’s short questionnaire — for example expected due date or baby age range, home and storage type, budget range, and buying preferences. These exist only to shape the audit.
- Messages you send us. If you contact us (for example by email), we receive your email address and the contents of your message.
Information collected automatically
- An anonymous session identifier. The App signs in anonymously to our backend. This identifier is a random value; it is not linked to your name, email address, or phone number — the App never asks for any of those, and there are no user accounts.
- Basic technical data. App version, device platform and OS version, request timestamps, and IP addresses in our server logs, used for security, rate limiting, and debugging.
- Website logs. Our websites are served by Cloudflare and produce standard server logs. We do not run advertising trackers or third-party analytics SDKs, and we do not use advertising identifiers.
Information we do not collect
We do not collect your name, email address (unless you email us), phone number, contacts, photos, precise location, health records, payment details, or advertising identifiers. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
2. How we use information
- To generate your registry audit and savings plan — the service you asked for.
- To operate, maintain, debug, and improve the reliability of the Services.
- To protect the Services, including rate limiting, abuse prevention, and security.
- To comply with legal obligations and enforce our terms.
- To respond when you contact us.
3. How artificial intelligence is used
The audit is generated with the help of large language model (“AI”) providers, such as Anthropic. When you run an audit, we send the product names from your list and your household answers to the AI provider through its commercial API so it can produce the keep / cut / delay / buy-used / buy-new recommendations.
- What is sent is anonymized. The request contains the list text and questionnaire answers only. It does not include your name, email address, phone number, device identifiers, or advertising identifiers — we do not have them to send.
- Your data is not used to train AI models. We do not use your information to train AI models, and the commercial API terms we use with our AI providers prohibit them from training their models on data we send.
- Limited retention by providers. AI providers may retain API inputs and outputs for a limited period for abuse and safety monitoring under their commercial terms, after which they are deleted.
4. How we share information
We share information only with:
- Service providers that process it on our behalf and are authorized to use it only as necessary to provide services to us: cloud hosting and infrastructure (Google Cloud, in the United States), website hosting (Cloudflare), and AI providers (such as Anthropic) as described above.
- Public authorities where required by law, subpoena, or legal process, or to protect the rights, safety, and security of our users, the public, or the Services.
- A successor entity in connection with a merger, acquisition, or sale of assets, in which case this Policy will continue to apply to previously collected data.
We may use aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose, such as understanding which product categories are most often overbought.
5. Data retention
Audit requests and results are retained for a limited period so we can operate the service, investigate problems, and prevent abuse, after which they are deleted or de-identified. Server logs are retained on similar short cycles. Because the App has no user accounts, deleting the App removes the anonymous session from your device; you can also ask us to delete server-side data associated with an audit by contacting us.
6. Your choices and rights
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of personal information, and to opt out of certain processing. Because we hold so little — and cannot link audits to a name or email address — some rights may be technically limited: we may not be able to locate data connected to you specifically unless you can provide the relevant session details. To exercise any right, contact us at the address below; we will not discriminate against you for doing so. Residents of the European Economic Area and the United Kingdom may also lodge a complaint with their supervisory authority.
7. Security
All traffic between the App, our servers, and our service providers is encrypted in transit using HTTPS/TLS. We use administrative and technical safeguards appropriate to the small amount of data we hold. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children’s privacy
The Services are for adults — expecting and new parents — and are not directed at children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.
9. International users
The Services are operated from and processed in the United States. If you use them from outside the United States, you understand that your information is transferred to and processed in the United States and in the countries where our service providers operate.
10. Changes to this policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date above, and for material changes we will provide additional notice within the App or on this site. Continued use of the Services after changes take effect means you accept the revised Policy.
11. Contact us
Questions or requests about privacy: hello@dontbuythatyet.example.