Cocoon Privacy Policy

Effective date: 2026-06-15 Last updated: 2026-06-15

Cocoon is a private, offline-first journal and tracking app for parents and caregivers. This policy explains, in plain language, what information Cocoon handles, why, and the choices you have. We've tried to keep it readable — your family's data is yours, and we treat your child's information as sensitive.

This app is provided by Brent Satill ("Cocoon", "we", "us"), Australia. If anything here is unclear, contact us at privacy@getcocoonapp.com.

A note on who this is for

Cocoon is a tool for adults — parents and caregivers. The account holder is an adult (the parent or caregiver who signs up). The subject of the records you keep — feeds, sleep, nappies, photos, milestones — is your child. Cocoon is not directed to children and is not intended to be used by children to create their own accounts. You, the adult account holder, decide what to record about your child and who in your family can see it. You are responsible for the child information you choose to enter.

What we collect

We only collect what's needed to run the app for you. We do not use advertising or third-party analytics SDKs, and we do not sell your data. The only analytics are our own first-party usage events, described below.

1. Account information

  • Your email address and an authentication credential (password, managed securely by our authentication provider). Used to create your account, sign you in, secure your data, recover access, and send essential service emails (for example, password resets and family invitations).

2. The family and child data you log Everything you choose to enter about your child or family, including:

  • Child profiles (name or nickname, date of birth, sex if you enter it, photo).
  • Tracked events — feeds (breast/bottle/pump), nappies/diapers, sleep, solids, growth measurements, health and medication notes, milestones, and free-text notes.
  • Photos and videos ("moments") you add to the journal, plus any captions, tags, people, or mood you attach.
  • Optional location tags on journal moments (see "Location" below).
  • Milk stash entries, import data you bring in from other apps, and any preferences/settings.

3. Optional AI assistant messages If you use the in-app AI assistant, we process the messages you type and the relevant slices of your own logged data needed to answer them (see "The AI assistant" below).

4. Limited technical data Basic information needed to operate and secure the service (for example, authentication tokens and timestamps, and error information if something goes wrong). We do not build advertising or cross-app tracking profiles.

5. Usage analytics (first-party) The app sends a small set of named usage events to our own backend so we can understand which features are used and improve the app (see "Usage analytics" below).

We do not intentionally collect device identifiers for advertising, contacts, your address book, or your browsing history.

Usage analytics (first-party)

To understand how Cocoon is used and make it better, the app records first-party usage events — for example: the app being opened (used for daily/monthly active-use counts), an account being created, an event or journal entry being logged, the trends or import screens being viewed, a caregiver invitation being sent or accepted, and interest registered in a paid tier. Each event carries its name, a small set of non-content properties, and a random per-install identifier (a UUID generated on your device and stored locally) so we can count unique installs and sessions.

  • What it is not: these events never include the content of your logs, journal entries, photos, messages, or your location. There are no third-party analytics SDKs, no advertising identifiers, and no cross-app or cross-site tracking — events go only to our own backend (Supabase, same region and protections as the rest of your data).
  • Why: to measure whether the app works (retention, feature usage) and decide what to improve.
  • Retention: usage events are kept while your account is active. Deleting your account also deletes the usage analytics associated with it, and the local install identifier is cleared from your device.

Location (optional)

Location is always optional and only used if you ask for it. When you tap "use my location" on a journal moment, the app reads your device's precise GPS coordinates at that moment to help label where a memory happened (for example, "Grandma's house"). The place tag you attach (label plus coordinates) is saved as part of that journal entry, so it syncs to our backend with the rest of your journal. Frequently used place labels are remembered locally on your device to autofill the field; these "remembered places" are private and are not synced to our servers.

If you choose to turn those coordinates into a place name, the app sends them to a third-party reverse-geocoding service (BigDataCloud) to get back a nearby locality name. This only happens on your explicit action and while you're online; if it fails, you simply type a label yourself. We never read your location in the background and never use it for advertising or analytics.

How we use your information

  • To provide the app: store and display your logs, journal, trends, growth percentiles, milestones, and guides; keep the app working offline and sync across your devices.
  • Multi-caregiver sharing: let caregivers you invite see and add to a shared child's records.
  • The AI assistant: answer your questions about your own logged data, when you use it.
  • Security and integrity: authenticate you, protect accounts, prevent abuse, and fix bugs.
  • Essential communication: account, security, and family-invitation emails.

We do not use your data for advertising, and we do not sell or rent it.

How your data is stored and protected

  • Offline-first: what you log is saved on your device first and works with no connection. Sync is a background convenience, not a requirement.
  • Cloud storage: when you're signed in and online, your data syncs to our backend hosted on Supabase, in the Australia (Sydney) region (ap-southeast-2) for Australian data residency. Photos and videos are stored in private, access-controlled storage and served only via short-lived signed links to people who are authorized.
  • Encryption: data is encrypted in transit (HTTPS/TLS) and at rest.
  • Access control: Row-Level Security (RLS) is enforced on the server so each family can only ever read or write its own records. Your child's information is treated as sensitive.

Sharing — only with people you invite

  • Caregivers you invite: when you invite a partner, grandparent, or nanny to your family, they can see and contribute to the shared child's records. Membership is at the family level — inviting someone once gives them access to the children in that family. You control who is invited.
  • No selling, no ads: we never sell your data and run no advertising.
  • Service providers (sub-processors): we use a small number of vetted providers strictly to run the service (see "Third parties" below). They process data only on our instructions.
  • Legal: we may disclose information if required by law, or to protect the rights, safety, and security of users and the service.

The AI assistant — how your data is handled

The optional in-app assistant is a transparent lens on your own logged data. It does not diagnose and is not medical advice; it is designed to point you to a GP or child-health nurse for any health concern.

  • What happens: when you send a message, the request goes to our secure server function, which authenticates you, reads only your own family's data through the same Row-Level Security controls, and sends your message plus the relevant data slices to our AI provider, Anthropic (the Claude API), to generate a reply.
  • What the provider receives: your typed message and the specific logged data needed to answer it (for example, summaries of recent sleep or feeds). The app shows you which data the assistant looked at under each answer.
  • Training: we instruct our AI provider to process your inputs only to return a response to you, and not to train their general models on your data. Anthropic processes the data as our service provider under their commercial terms.
  • Key safety: your device never holds the AI key; all AI processing is server-side. A guardrail reframes any reply that drifts toward medical claims.
  • Optional: if you never use the assistant, no assistant messages are processed.

Children's data

The records in Cocoon describe a child, but the account is held and controlled by an adult. Cocoon is a parenting/caregiving utility intended for use by adults; it is not directed to children and we do not knowingly allow a child to register their own account. Because the adult account holder enters and controls all child information, that information is handled under this policy with the same protection as any other sensitive personal data. If you believe a child has created an account, contact us at privacy@getcocoonapp.com and we'll act on it.

How long we keep your data, and how to delete it

  • While your account is active, we keep your data so the app works across your devices and for your invited caregivers.
  • In-app deletion: you can delete your account at any time from Settings → Delete account (type DELETE to confirm). This permanently removes your account and the records of any child you solely manage. Important: families you share with others keep their data for those other caregivers — your deletion does not erase a shared family's history from the other members' accounts. This action cannot be undone.
  • Export first if you want a copy: you can take a complete copy of your data with you before deleting. Settings → Export everything produces a single backup file containing every log, growth measurement and journal entry plus your photos and videos, which you can restore on any device. You can also export a date-range report as PDF or CSV from the summary screen.
  • After deletion, residual copies may persist for a short period in encrypted backups before being overwritten on our providers' normal cycles.

Your rights and choices

Depending on where you live, you may have rights to access, correct, export, or delete your data, to object to or restrict certain processing, and to withdraw consent. You can exercise most of these directly in the app (view, edit, export, and delete). For anything else, contact privacy@getcocoonapp.com and we'll respond within a reasonable time. Australian users may also contact the Office of the Australian Information Commissioner (OAIC); EEA/UK users may contact their local data protection authority.

Third parties (sub-processors)

Provider Purpose Where
Supabase Cloud database, authentication, file storage, sync (encrypted, RLS-protected) Australia (Sydney, ap-southeast-2)
Anthropic (Claude API) Powers the optional AI assistant; processes your message + your own data slices to return a reply Per Anthropic's commercial terms
BigDataCloud Optional, on-demand reverse-geocoding of coordinates into a place name (only when you tap "use my location" and choose to label it) External API

We do not use third-party advertising or analytics SDKs.

International transfers

Your primary data is stored in Australia. Where a service provider (for example, the AI provider or geocoding service) processes data outside Australia, we rely on appropriate safeguards and process only the minimum necessary.

Changes to this policy

We may update this policy as the app evolves. We'll revise the "Last updated" date and, for material changes, provide notice in the app.

Contact

Questions, requests, or privacy concerns: privacy@getcocoonapp.com Brent Satill, Australia

Cocoon is not a medical device and does not provide medical advice or diagnosis. It is an observation and context tool. For any health concern about your child, contact your GP or child-health nurse.