Hey Ladybird Privacy Policy

Last Updated: 17 April 2026

Hello, and welcome to Hey Ladybird. We know that as a parent, you are handing over the keys to your family’s most important information, and we do not take that responsibility lightly. This privacy policy explains in clear, plain English exactly what personal data we collect, why we need it, how we protect it, and how you can easily delete it at any time.

 

Data Controller: Hey Ladybird Ltd

Company Number: 17074553 (registered in England and Wales)

ICO Registration: ZC106730

Registered Address: Available via Companies House (company number 17074553)

Contact: hello@heyladybird.co.uk

1. Children’s Data & Our Promise to Parents

Hey Ladybird is an app built for adults to manage family life, but because it stores your children’s routines, medical details, and school information, protecting children’s data is our highest priority. Children do not use our app directly and cannot create accounts. All data about your children is entered by you, the parent or guardian.

We process your children’s data in strict accordance with the Information Commissioner’s Office (ICO) Children’s Code (Age Appropriate Design Code). This means:

Best Interests: Every feature we build is designed with the best interests of the child as a primary consideration.

High Privacy by Default: Analytics are disabled by default when you join, and we do not collect any geolocation data.

No Profiling: We do not profile children, use targeted advertising, or use “nudge” techniques to encourage you to provide more data than necessary.

Data Minimisation: We only ask for the data required to make the app work. Optional fields such as religion, ethnicity, and first language exist solely to support auto-filling UK school registration forms which routinely request this information — they are never required.

In compliance with the Data (Use and Access) Act 2025 (effective 5 February 2026), Hey Ladybird adheres to the strengthened “children’s higher protection matters” requirements. We embed data protection by design into every feature, ensuring your children’s data is stored in private-by-default databases and handled with age-appropriate care. We conduct regular Data Protection Impact Assessments focusing on how we safeguard children’s information.

2. Special Category Data (Medical & Health)

To help you manage your family’s health and automatically fill out complex medical forms, you may choose to store health information in Hey Ladybird. Under UK data protection law, this is known as “special category data” and includes NHS numbers, allergies, medical conditions, medications, and dietary requirements.

We will only ever process this data if you give us your explicit consent during onboarding or in your app Settings. You can withdraw this consent at any time. If you withdraw consent, all medical fields are immediately hidden from view and no new medical data will be extracted from your documents. You can delete any existing medical data at any time by editing your family profiles or by deleting your account entirely.

3. The Data We Collect

To provide a service that genuinely takes the mental load off your shoulders, we need to store the data that makes up your family’s life. Below is the complete list. You only provide the data you choose to — most fields are entirely optional.

Your Parent/Guardian & Family Profile Data

Identity & Account: Full name, preferred name, email address, password (encrypted), date of birth, gender, nationality, relationship to the family (e.g. Mum, Dad, Guardian), marital status, household type.

Contact & Address: Home address, mobile phone, work phone, work email.

Employment: Employment status, employer name, job title, work address, work schedule, and availability settings.

Financial & Benefits: Annual income bracket, whether you receive benefits, current benefits, housing type. Used securely by Ladybird Spots to check your eligibility for UK family support.

Official Documents & IDs: National Insurance number (for benefits checking), passport number and expiry, driving licence number and expiry, DBS check expiry. Used by The Nest for document expiry tracking and renewal reminders.

Medical (with explicit consent): NHS number, allergies, medical conditions, medications, disability status, mental health conditions, GP surgery details.

Emergency Contacts: Next of kin name, phone, and relationship.

Your Children’s Data

Identity: Full name, preferred name, date of birth, gender.

School & Education: School name, school address, school phone, year group, class name, teacher name, teacher email. Whether they have an EHCP or social worker.

Medical (with explicit consent): NHS number, allergies, medical conditions, medications, dietary requirements, GP details, dentist details.

Optional Demographics: Religion, ethnicity, first language. These fields exist solely to support auto-filling UK school registration forms which routinely request this information. They are never required and only stored when you explicitly enter them.

Other: Profile photograph, photo consent flag, blanket trip consent flag, emergency contacts, and general notes.

Your Pets’ Data

Details: Name, species, breed, gender, colour, date of birth, temperament, weight, neutered status.

IDs: Microchip number, kennel club number, pet passport number and expiry.

Healthcare: Vet surgery details, medical conditions, medications, allergies, dietary requirements, vaccination/flea/worming due dates.

Insurance: Provider, policy number, expiry date.

Calendar Events, Action Items & Costs

When you scan a letter, forward an email, or share from another app, we extract and store:

Calendar Events: Title, description, dates, times, location, event type, recurrence, reminders, and linked action items.

Action Items: Task title, description, due date, priority, status, linked costs and payment methods.

Family Costs: Description, amount, currency, payment method, due date, and whether it is voluntary.

Family Contacts: Names, roles, organisation, phone numbers, and email addresses extracted from school correspondence.

Documents & Emails

Stored Documents: File type, size, document category, title, expiry date, and the original scanned image (stored in our secure, private filing system).

Forwarded Emails (Ladybird Post): Sender address, subject line, email body (sanitised to remove potentially harmful content before storage), attachments, and extracted content.

Shared Items: Content shared via the iOS Share Extension from apps like WhatsApp, Mail, Safari, Photos, and Files.

Technical Data

Analytics (with consent only): Anonymised app usage events via PostHog. No personally identifiable information is included. You must opt in — analytics are off by default.

Error Tracking: Crash reports via Sentry with all personally identifiable information stripped before transmission.

Consent Records: Timestamps and IP addresses recorded when you grant or withdraw consent, for our legal records.

4. How We Collect Your Data

We only collect data that you choose to bring into Hey Ladybird:

Ladybird Lens: When you scan physical school letters using your device camera or select a photo from your photo library. Photos are processed on our secure servers for text extraction and are not accessed or stored beyond what is needed for the scan.

Ladybird Post: When you forward school emails to your unique, secure @post.heyladybird.co.uk address.

iOS Share Extension: When you share content from any iOS app (WhatsApp, Mail, Safari, Photos, Files) directly into Hey Ladybird.

Manual Entry: When you type details directly into your Family Hub, calendar, or lists.

AI Extraction: Our AI securely reads documents and emails you provide to identify dates, costs, action items, and contacts. You always review and approve what the AI finds before anything is saved.

Birthday Sync: We automatically generate calendar events from the dates of birth you provide for your family members and pets.

5. Why We Use Your Data & Our Lawful Basis

Under UK data protection law, we must have a lawful basis for everything we do with your data:

What we do	Lawful Basis
Provide your account, manage your subscription, scan documents, parse emails, run AI extraction, and operate the calendar, lists, and filing system.	Performance of a Contract (Article 6(1)(b))
Store and process medical/health data (NHS numbers, allergies, medications, disabilities) for family profiles and form filling.	Explicit Consent (Article 9(2)(a))
Store standard children’s data (names, school info, dates of birth) entered by parents to organise family routines.	Legitimate Interests (Article 6(1)(f))
Track app errors and crashes to keep the service stable and secure (via Sentry).	Legitimate Interests (Article 6(1)(f))
Send push notifications (morning summaries, event reminders, document expiry warnings, birthday messages).	Consent (Article 6(1)(a))
Collect anonymised product analytics to understand how parents use the app and improve features (via PostHog).	Consent (Article 6(1)(a))
Send marketing emails with tips, updates, and feature announcements (via MailerLite). Only sent if you explicitly opted in.	Consent (Article 6(1)(a))

6. Who We Share Your Data With

We do not sell your personal data. We do not share your data with advertisers. We do not use your data for targeted advertising.

We only share your data with trusted third-party services that provide the essential technology to make Hey Ladybird work. We have Data Processing Agreements in place with every one of them:

Supabase (Frankfurt, Germany) — Hosts our secure database, manages user authentication, and provides encrypted file storage for your documents and photos.

Anthropic — Claude API (USA) — The AI that reads the text from your scanned documents and emails to identify dates, costs, and tasks. Data sent to Anthropic via the API is not used to train their models, as per their commercial API terms.

Google Cloud Vision (EU/USA) — Provides the OCR technology that turns photos of physical letters into readable text.

Twilio SendGrid (USA) — Processes the school emails you forward to your Ladybird Post address and delivers transactional emails (e.g. email verification, welcome messages).

Stripe (USA) — Processes payments for subscriptions purchased directly through our website. Stripe handles all payment card data securely — no raw payment data touches our servers.

Apple App Store (USA) — Handles subscription payments made through the iOS app securely. No raw payment data ever touches our servers.

RevenueCat (USA) — Manages your subscription status and connects your App Store or Stripe purchase to your Hey Ladybird account.

Expo (USA) — Delivers push notifications to your device (morning summaries, event reminders, birthday alerts, document expiry warnings).

PostHog (Frankfurt, Germany) — Helps us understand anonymised app usage trends. This data contains no personally identifiable information and is only collected with your consent.

Sentry (Frankfurt, Germany / USA) — Tracks errors and crashes so we can fix bugs quickly. All personally identifiable information is stripped before transmission.

MailerLite (EU) — Sends our email newsletters and trial tips, but only if you explicitly opted in to marketing emails.

7. International Data Transfers

Some of our technology partners are based outside the UK:

Transfers to the EU: Data stored with Supabase, PostHog, and MailerLite is hosted in Frankfurt, Germany. These transfers are protected by the UK’s adequacy regulations for the EEA.

Transfers to the USA: Data processed by Anthropic, Google Cloud, Twilio SendGrid, Stripe, Apple, RevenueCat, Expo, and Sentry is transferred to the USA. These transfers are protected by Data Processing Agreements incorporating Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum, which legally bind our US partners to protect your data to UK standards.

8. How Long We Keep Your Data & How to Delete It

We believe your data belongs to you.

Active Accounts: We retain your data for as long as you have an active Hey Ladybird account. Scanned documents are kept only as long as you choose to store them in The Nest — you can delete individual documents at any time.

Deleting Your Account: You can delete your account at any time in the app (Settings > Delete Account). When you do, we trigger an automated cascading purge that permanently deletes your account, all child profiles, all family member profiles, all pet profiles, every calendar event, every action item, every cost, every contact, every stored document and photo — instantly and irreversibly.

Error Tracking: Sentry crash logs (with personal identifiers already stripped) are automatically deleted after 90 days.

9. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

Access: Request a copy of all personal data we hold about your family.

Rectification: Correct any inaccurate data.

Erasure: Delete your account and all associated data (available directly in the app).

Portability: Request a copy of your data in a machine-readable format by emailing hello@heyladybird.co.uk. We will provide this within one calendar month.

Objection: Object to processing based on legitimate interests.

Restriction: Request we limit how we use your data.

Withdraw Consent: Turn off analytics, marketing emails, or medical data consent at any time via Settings.

To exercise any right, email us at hello@heyladybird.co.uk. We will respond within one calendar month.

10. Automated Decision-Making & AI

Hey Ladybird uses Artificial Intelligence (Claude by Anthropic) to read school letters and emails so you don’t have to type them out. We also use Google Cloud Vision to turn photos of physical letters into readable text. However, our AI does not make any automated decisions that affect you or your children.

Every piece of data the AI extracts passes through our Unified Review Funnel. The AI suggests dates, costs, and contacts — but you, the parent, always have the final say. You must review, verify, edit, or delete every item before it is saved. No automated decision-making with legal or significant effects takes place.

11. Cookies

The Hey Ladybird mobile app does not use cookies. Our website (heyladybird.co.uk) uses minimal, essential cookies to ensure the page functions correctly and to process any purchases securely.

12. Changes to This Policy

As we add new features, we may update this privacy policy. If we make significant changes — especially regarding how we handle your children’s data — we will notify you via the email address on your account or through a prominent in-app notification.

13. How to Complain

We hope we can resolve any concerns directly — please email us at hello@heyladybird.co.uk.

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

“Less remembering. More living.”