Privacy policy
How Healthsters handles your data, why we collect it, and your rights.
The short version: we collect the minimum data we need to run Healthsters, never sell it, never track your children commercially, and you can ask us to delete it at any time. The longer version is below — read it if you'd like the detail.
In this policy
1. Who we are
Healthsters is a daily wellbeing app for families with children aged 3 to 10. We're building it from Bucharest, Romania.
For the purposes of EU data protection law (GDPR), we are the data controller of the personal data we process when you use Healthsters, sign up for our waiting list, or otherwise interact with us.
If you're a former customer of Ariloom (an earlier project from the same team), some of your previous customer data may be included in our records under the same legal entity.
2. What data we collect
If you join our waiting list
- Your first name and email address
- Your consent to be contacted about Healthsters' launch
- Technical metadata about the signup (IP address, user agent, referrer) for security and abuse prevention
If you use the Healthsters app
- Account details: email, name, password (encrypted)
- Child profile information: your child's first name, age, dietary preferences, activity preferences, and any limitations you provide (e.g. allergies). This information is provided by you, the parent — never by the child directly.
- Family activity data: which activities and meals you complete, your daily streak, badges earned, and notes you choose to record
- Optional photo journal: photos you choose to attach to completed activities, stored privately in your family's account
- Device information: device type, operating system version, and a push notification token (if you've enabled notifications)
- Usage analytics: anonymised information about how features are used, to help us improve the product
- Subscription information (for paid users): managed by RevenueCat, our subscription platform — we never see or store your card details
If you contact us
- The email address you write from and the content of your message
3. Why we collect it
We process your data only for these specific purposes:
- To provide the service you signed up for — running your account, generating personalised activities and meal ideas, tracking your streaks and badges, syncing across devices
- To communicate with you about the service — including launch announcements, important updates, and (if you opt in) optional reminder emails
- To improve the product — through anonymised usage analytics
- To comply with our legal obligations — such as tax records, fraud prevention, and responding to lawful requests from authorities
The legal basis for each kind of processing depends on the purpose: typically your consent (for marketing), contract performance (to deliver the service you signed up for), or legitimate interest (to keep our systems secure and improve them).
4. How long we keep it
- Waiting list signups: until you unsubscribe, ask us to delete your data, or until the waiting list is closed (typically up to 6 months after app launch)
- Active user accounts: for as long as your account is open, plus 12 months after deletion for backup and accounting purposes
- Child profile data: deleted alongside the parent's account, never retained independently
- Photo journal entries: deleted whenever you delete them, or alongside the account
- Anonymised analytics: retained indefinitely, but cannot be linked back to you
- Financial records: 5 years, as required by Romanian tax law
5. Who we share data with
We don't sell your data. We never have, we never will. We do work with a small set of trusted service providers ("data processors") to actually run Healthsters:
- Google Firebase (Google Ireland Limited): hosting, authentication, real-time database, file storage
- RevenueCat: subscription management for paid users (we never see your card details)
- SendGrid (Twilio Ireland Limited): transactional and marketing email delivery
- Anthropic: AI-powered meal and activity generation (processed via API; no user identifiers are sent — only generic input like age range and dietary preferences)
- PostHog: anonymised product analytics
- Cloudflare: website hosting, security, and DNS
Each of these providers is bound by a data processing agreement that requires them to handle your data only for the specific purpose we've contracted them for. We choose providers carefully, with GDPR compliance as a baseline requirement.
We may also share your data if we're legally required to — for example, in response to a court order — but only when we have a clear obligation to do so.
6. Children's data
Healthsters is intentionally designed to be parent-led. Children don't have their own accounts. Children don't enter their own data. All information about a child in our system was provided by the parent and is controlled by the parent.
We don't:
- Show advertising to children
- Use children's data to build commercial profiles
- Sell, share, or otherwise transfer children's data to third parties for commercial purposes
- Allow children to communicate with other users in any way
If you're a parent and you'd like all data relating to your child removed from our systems, contact us and we'll do it within 30 days.
7. Your rights under GDPR
If you're in the European Economic Area (EEA) or the UK, you have legally-protected rights regarding your personal data:
- Access: ask us for a copy of the personal data we hold about you
- Rectification: ask us to correct inaccurate or incomplete information
- Erasure ("right to be forgotten"): ask us to delete your data
- Restriction: ask us to stop processing your data in certain ways
- Portability: receive your data in a portable format you can transfer to another service
- Objection: object to specific types of processing, including direct marketing
- Withdraw consent: where processing is based on your consent, withdraw it at any time
- Lodge a complaint: with the Romanian data protection authority (ANSPDCP) or your local supervisory authority
To exercise any of these rights, email us at hello@healthsters.app from the address associated with your account, and we'll respond within 30 days.
8. Contact us
Healthsters
Operated from Bucharest, Romania
Email: hello@healthsters.app
For data protection questions, please use the email above and put "Data protection" in the subject line.
Updates to this policy
We may update this policy from time to time to reflect changes in how Healthsters works or in applicable law. When we make significant changes, we'll notify users with active accounts via email at least 30 days before the changes take effect.
This policy was last updated in May 2026.