Privacy Policy

This Privacy Policy is effective as of 21.02.2023

1. Overview

Welcome to CARÁ (the "App"). CARÀ app is owned and managed by the company Babyluv Care OÜ. This Privacy Policy is intended to inform you about how we collect and use your personal information in connection with our App. By using the App, you agree to the terms of this Privacy Policy.

2. Name and Contact Information of the controller

  • Babyluv Care OÜ (Registration Code 16497362)

  • Marati tn 5/1, 11713 Tallinn, Estonia

  • Phone: +372 5682 5955

  • Email: hello@carahealth.io

  • Website: carahealth.io

3. Collection and Storage of Personal Data

3.1 Download via the App Store or Google Play

​​By downloading the CARÁ mobile application, you acknowledge and agree that certain personal information will be transferred to the App Store, including but not limited to your account username, email address, account number, time of download and unique device code. We would like to inform you that we have no control over this data transfer and we assume no liability for it. We will only process your personal information to the extent necessary for downloading the mobile application onto your mobile device.

3.2 Installing the App on your device

We automatically record certain information in log files, which will be stored until automated deletion, without any action required on your part. The recorded data includes language and version of the operating system, and the used platform, specifically whether the platform is iOS or Android.

We process this data for the following purposes:

  • To ensure a smooth connection setup of the mobile application;

  • To ensure comfortable use of our mobile application;

  • To evaluate system security and stability; and

  • For further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR, as our legitimate interests, align with the data collection purposes listed above. We will not use the collected data to draw any conclusions about your identity under any circumstances.

4. Registration of your account

To create a user account onCARÁ, you may use our login system. To register, we require the following information at a minimum:

  • A nickname or pseudonym;

If you wish to connect your email account, we will require the following information at a minimum:

  • Email address

Before the registration process can be completed, you must acknowledge that you have read our privacy policy and accept our terms and conditions.

The legal basis for processing your personal data is Art. 6 para. 1 p. 1 lit. c and f GDPR. The processing is necessary to fulfill the contract between you and CARÀ as well as to protect the legitimate interests of CARÀ or a third party.

5. Push Notifications

Upon commencing the use of our mobile application, you will be presented with the option to enable push notifications. Push notifications are text messages that appear on your device's display with your consent, and are used to provide information about news or motivate you.

If you choose to use push services, your device will be assigned an Apple Device Token or a Google Registration ID, which are encrypted, anonymized device IDs that do not permit individual user identification.

The sole purpose for the use of these IDs by us is to provide push services, and we will not use this data if permission is not granted.

The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR, as the processing is necessary to protect the legitimate interests of the responsible party or a third party.

6. Active Use of the App

If you actively use the CARÁ app, we process further personal data, in particular

  • Your activities in the app, e.g. frequency or duration of use

  • Preferences and symptoms you specify

  • Pregnancy status

  • Selected Location

This data is required by us to offer you all the features of our mobile app.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR – the processing serves to safeguard the legitimate interests of us as the responsible party.

7. Analytics

The tracking measures listed below, which we use, are based on Art. 6 para. 1 sentence 1 lit. f GDPR. We utilize these tracking measures to ensure a needs-based design and continuous optimization of our mobile application, as well as to statistically record its usage and to evaluate it for the purpose of optimizing our offerings. These interests are deemed justified under the aforementioned provision.

We use a set of Google services for our analysis and marketing purposes (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – hereinafter "Google"). These tools collect data about your usage behavior in various ways and statistically evaluate them. We also use your information to display personalized advertising using Google's services. By using our mobile application, you consent to this. The various services, options for revoking your consent easily, and other important information will be explained below.

For further information on how Google handles the data we submit, please visit: https://www.google.com/intl/en/policies/privacy/partners/

The information generated by Google Tools is usually transmitted to and stored by Google on servers located in the United States. Google and its affiliates are certified under the EU-US Privacy Shield.

a) Google Analytics

We use Google Analytics, a web analytics program from Google, on our mobile application and website. Google Analytics uses cookies that are stored on your device and allow for an analysis of your usage. In addition, we have activated the IP anonymization process, which ensures that Google collects IP addresses only from within the European Union. Google will use this information on our behalf to evaluate your usage of our services and those of other users and to provide us with relevant reports and other services. The IP address for your device provided by Google Analytics will not be linked to any other data provided by Google. Google will transfer your data to third parties only in compliance with legal regulations or as part of contractual data processing.

You can prevent the collection and processing of the information generated by Google cookies by setting an opt-out cookie or deactivating Google Analytics in your device's settings. Alternatively, you can install a browser plug-in, which can be found here: https://tools.google.com/dlpage/gaoptout/. For more information on how Google uses cookies, please refer to the Google Privacy Policy(https://www.google.com/intl/en/policies/privacy/).

8. Data Processing

We process your personal information using secure servers located in various regions and countries around the world, and we may use third-party service providers to process or store the data. We take reasonable and appropriate security measures to protect your personal information, and we require our service providers to do the same.

9. User Controls

You have the right to access, correct, or delete your personal information at any time by contacting us at the email address provided below. You may also withdraw your consent at any time by contacting us.

10. Data Subject Rights

You have the right to request access to and receive a copy of your personal information that we hold, to request that we correct any inaccuracies, to request that we erase your personal information, to restrict or object to our processing of your personal information, and to receive a copy of your personal information in a structured, machine-readable format.

11. Information Sharing

We may share your personal information with third-party service providers who help us to provide and improve the App, or with partners who help us to develop and promote our services. We may also disclose personal information in response to legal or regulatory requirements or to protect our rights or the safety of others.

12. Data Retention

We will retain your personal information for as long as necessary to provide the services to you or to comply with legal or regulatory requirements. We will securely dispose of your personal information when it is no longer necessary.

13. Data Transfer Outside the EU

We may transfer your personal information to countries outside the European Economic Area (EEA), such as the United States. We will ensure that such transfer is made lawfully, such as by using standard contractual clauses approved by the European Commission.

14. Security Measures

We take reasonable and appropriate measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. We use encryption, access controls, and other measures to safeguard your personal information.

15. Privacy by Design and Default

We implement data protection measures to ensure privacy by design and by default, such as data minimization, pseudonymization, and encryption.

16. Complaints

If you are not satisfied with our handling of your personal information, you have the right to lodge a complaint with a supervisory authority.

17. Contact Details

If you have any questions or requests regarding the processing of personal data, please contact us by emailing hello@carahealth.io

18. Changes to the Policy

We may update this Privacy Policy from time to time, and we will provide notice of any material changes by email or by posting a notice on our website. We encourage you to review the policy periodically to stay informed about our information practices.