← Back to app

Privacy Policy

How GrowWell Kid handles your data

1. Who we are

GrowWell Kid is a growth tracking application for parents and guardians, operated by Ambrose Technologies Ltd, 8 Tollgate, Stanbridge Earls, Romsey SO51 0HE ("we", "us", "our"). Ambrose Technologies Ltd is the data controller for personal data processed through this service.

If you have any questions about this policy, you can reach us at hello@growwellkid.com.

2. What data we collect

We collect the following information:

• Child's first name, date of birth, and biological sex
• Child's photo (optional)
• Height and weight measurements
• Parent or guardian's email address and display name (via Google or Apple sign-in)

3. Why we collect it

We use your data to track your child's growth against UK-WHO and CDC centile standards and to display percentile charts. That is the sole purpose of this application.

4. Lawful basis for processing

• Health data: Explicit consent (UK GDPR Article 9(2)(a)). You provide consent when you enter your child's measurements.
• Account management: Legitimate interest (UK GDPR Article 6(1)(f)). We need your sign-in details to provide cloud sync and multi-device access.

5. Where your data is stored

Your data is stored locally on your device using IndexedDB. If you choose to sign in, your data also syncs to a Cloudflare D1 database located in the EU (Western Europe region).

Cloudflare, Inc. acts as a sub-processor, hosting the database and application servers. Cloudflare processes data within the EU. No other sub-processors are used.

All data is encrypted in transit using HTTPS. Data at rest in Cloudflare D1 is encrypted by the hosting provider.

6. Who has access

Only you. We do not share, sell, or provide your data to any third party. No analytics or advertising services have access to your data.

7. Data retention

Your data is kept until you delete it. Deleting a child removes all their measurements. Deleting your account removes all server-side data. Local data stored on your device can be cleared separately through your browser settings.

8. Your rights

Under UK GDPR, you have the right to:

• Access your data (use "Export My Data" in Settings)
• Rectify inaccurate data (edit measurements or child details in the app)
• Have your data deleted (use "Delete Account" in Settings)
• Data portability (use "Export My Data" in Settings to download your data)
• Withdraw consent at any time
• Restrict processing
• Lodge a complaint with the ICO (ico.org.uk)

9. Cookies

We use one cookie: an authentication session cookie. It is HttpOnly, Secure, SameSite=Lax, and expires after 7 days. This cookie is strictly necessary for sign-in functionality.

We do not use tracking, analytics, or advertising cookies.

10. Third-party services

Google and Apple are used for authentication only (OAuth sign-in). We receive your name and email address from these providers when you choose to sign in. No other third-party services process your data.

11. Children's data

All child data is entered by parents or legal guardians. We rely on parental consent for processing children's health data. We design our service in accordance with the ICO Age Appropriate Design Code (Children's Code).

12. Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR Articles 33 and 34. Where the breach is likely to result in a high risk to you, we will also notify affected users without undue delay.

13. Changes to this policy

We may update this policy from time to time. Material changes will require you to re-consent before continuing to use the service. The consent version is tracked in the app, and you will be prompted to review and accept the updated policy when you next use the app.

14. Contact

For data protection queries, contact hello@growwellkid.com.

Last updated: March 2026