Privacy Policy
Last updated: March 15, 2026
1. Introduction
This Privacy Policy explains how ParentMate.com, a service provided by Ewa Jarzemska, 20 Białostocka Street Apt 40, 03-741 Warsaw Poland, collects, uses, stores, and shares your personal data when you use the ParentMate website, application, and AI-powered parenting support chatbot (collectively, the "Service").
We respect your privacy and are committed to protecting your personal data in compliance with:
- The EU General Data Protection Regulation (GDPR, Regulation 2016/679);
- The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018;
- The California Consumer Privacy Act (CCPA/CPRA), as applicable; and
- Other applicable data protection laws.
Contact for all privacy matters: privacy@parentmate.com
2. Data Controller
The data controller responsible for your personal data is:
Ewa Jarzemska, 20 Białostocka Str Apt 40, 03-741 Warsaw, Poland
Email: privacy@parentmate.com
3. What Data We Collect
3.1 Data You Provide Directly
| Data Category | Examples | When Collected |
|---|---|---|
| Account data | Name, email address, password (hashed) | Registration |
| Authentication data | Google or Apple account identifiers | OAuth sign-in |
| Payment data | Payment method details (processed and stored by Stripe; we do not store full card numbers) | Subscription purchase |
| Conversation data | Messages you send to ParentMate, including descriptions of parenting situations, your child's age, behavior, and other context you choose to share | During use of the chatbot |
| Support requests | Email content, attachments | When you contact us |
3.2 Data We Collect Automatically
| Data Category | Examples | How Collected |
|---|---|---|
| Usage data | Pages visited, features used, conversation count, session duration | Application logs, Google Analytics |
| Device and browser data | IP address, browser type, operating system, device type, screen resolution | Automatically via web server and analytics |
| Cookie data | Session identifiers, preferences, analytics identifiers, advertising identifiers | Cookies and similar technologies (see Section 10) |
| Location data (approximate) | Country/region derived from IP address | Automatically |
3.3 Data About Your Children
ParentMate does not directly collect data from children. However, when you use the chatbot, you may voluntarily share information about your child (such as their age, name, behavior, or developmental concerns) within your conversation messages.
This information is treated as part of your Conversation Data and is subject to the protections described in this Privacy Policy. We do not use children's data for marketing or advertising purposes.
4. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing the Service — processing your conversations and generating AI responses | Performance of contract (Art. 6(1)(b)) |
| Account management — creating and maintaining your account, authentication | Performance of contract (Art. 6(1)(b)) |
| Payment processing — managing subscriptions and billing via Stripe | Performance of contract (Art. 6(1)(b)) |
| Service improvement — using conversation data to improve ParentMate's AI model and response quality | Legitimate interest (Art. 6(1)(f)) — see Section 4.1 |
| Analytics — understanding how users interact with the Service | Legitimate interest (Art. 6(1)(f)) |
| Email communications — sending onboarding emails, service updates, and (with consent) marketing | Consent (Art. 6(1)(a)) for marketing; legitimate interest for transactional |
| Advertising and remarketing — serving relevant ads on third-party platforms | Consent (Art. 6(1)(a)) |
| Legal compliance — responding to legal requests, enforcing our Terms | Legal obligation (Art. 6(1)(c)) / legitimate interest (Art. 6(1)(f)) |
4.1 AI Model Improvement — Detailed Disclosure
We use anonymized and aggregated conversation data to improve ParentMate's AI model, response accuracy, and overall Service quality. This means:
- Conversation patterns and topics may be analyzed to identify areas where the model can be improved.
- Before any data is used for model improvement, it is stripped of direct personal identifiers (name, email, specific identifying details).
5. Third-Party Service Providers (Data Processors)
We share your personal data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Amazon Bedrock (AWS) | AI model hosting and inference — processes your conversation messages to generate responses | Conversation content (prompts and responses) | United States |
| Stripe | Payment processing | Payment method details, billing address, transaction data | United States |
| Vercel | Website and application hosting | All data transmitted through the Service | United States |
| Google Analytics | Website analytics and usage tracking | IP address (anonymized), usage data, device data, cookie identifiers | United States |
| Mailchimp (Intuit) | Email communications (onboarding, service updates, marketing) | Email address, name, email engagement data | United States |
| Google Ads | Advertising and remarketing | Cookie identifiers, hashed email (where applicable), browsing activity on our site | United States |
| Meta (Facebook/Instagram) | Advertising and remarketing via Meta Pixel | Cookie identifiers, browsing activity on our site, conversion events | United States |
5.1 Amazon Bedrock — Important Disclosure
Your conversation messages are sent to Amazon Bedrock (AWS) for processing. AWS may store and process prompts and responses for operational purposes in accordance with their privacy policy. We recommend reviewing the AWS Privacy Notice at https://aws.amazon.com/privacy/ for details.
All third-party providers are bound by data processing agreements that require them to process your data only on our instructions and in compliance with applicable data protection laws.
6. International Data Transfers
Your personal data is stored and processed on servers located in the United States (via Vercel, Amazon Bedrock (AWS), and other providers listed in Section 5).
As ParentMate is established in the EU, and we serve users in the EU and UK, transfers of personal data to the United States are protected by:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, incorporated into our agreements with US-based processors;
- UK International Data Transfer Addendum for transfers from the UK; and/or
- Adequacy decisions, where applicable.
For US-based users, data is processed in the United States and no international transfer mechanism is required.
You may request a copy of the relevant transfer safeguards by contacting privacy@parentmate.com.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your active account, plus 30 days after account deletion to allow recovery |
| Conversation data | For the duration of your active account; deleted within 90 days of account deletion |
| Payment data | As required by applicable tax and financial regulations (typically 5–7 years for transaction records, held by Stripe) |
| Analytics data | Aggregated and anonymized; retained indefinitely |
| Email engagement data | For the duration of your subscription to our mailing list; deleted within 30 days of unsubscribing |
| Cookie data | See Section 10 for specific cookie durations |
| Anonymized model training data | Retained indefinitely (cannot be linked back to you) |
After deletion, residual copies in backups are overwritten within 90 days.
8. Your Rights
8.1 Rights Under GDPR and UK GDPR
If you are located in the EU or UK, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your personal data.
- Right to restriction of processing — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format or request transfer to another controller.
- Right to object — object to processing based on legitimate interest (including AI model improvement).
- Right to withdraw consent — where processing is based on consent (e.g., marketing emails, advertising cookies), withdraw at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — file a complaint with your local supervisory authority. For Poland: Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warsaw, https://uodo.gov.pl.
8.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Opt out of the sale or sharing of personal information. We do not sell personal information in the traditional sense. However, certain advertising activities (e.g., targeted advertising via Meta Pixel and Google Ads) may constitute "sharing" under CCPA. You may opt out via our cookie consent banner or by contacting us.
- Non-discrimination — we will not discriminate against you for exercising your rights.
8.3 How to Exercise Your Rights
Contact us at privacy@parentmate.com with your request. We will respond within:
- 30 days for GDPR/UK GDPR requests (extendable by 60 days for complex requests);
- 45 days for CCPA requests (extendable by 45 days).
We may need to verify your identity before processing your request.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit — all data transmitted to and from ParentMate is encrypted using TLS 1.2 or higher.
- Encryption at rest — personal data stored in our databases is encrypted.
- Access controls — access to personal data is limited to authorized personnel on a need-to-know basis.
- Secure authentication — passwords are hashed using industry-standard algorithms; OAuth tokens are handled securely.
- Regular security reviews — we periodically review and update our security practices.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Cookies and Tracking Technologies
10.1 What Are Cookies
Cookies are small text files placed on your device when you visit our website. We also use similar technologies such as pixels, local storage, and tracking scripts.
10.2 Types of Cookies We Use
| Cookie Type | Purpose | Examples | Duration |
|---|---|---|---|
| Strictly necessary | Essential for the website to function (authentication, security, session management) | Session cookies, CSRF tokens | Session or up to 1 year |
| Analytics | Help us understand how visitors use the website | Google Analytics (_ga, _gid) | Up to 2 years |
| Advertising | Used to deliver relevant ads and measure campaign effectiveness | Meta Pixel (_fbp, _fbc), Google Ads (IDE, _gcl_*) | Up to 2 years |
| Functional | Remember your preferences (language, display settings) | Language preference cookies | Up to 1 year |
10.3 Your Cookie Choices
When you first visit our website, a cookie consent banner allows you to:
- Accept all cookies
- Reject non-essential cookies (only strictly necessary cookies will be set)
- Customize your preferences by category
You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the website footer.
You may also control cookies through your browser settings, though this may affect the functionality of the Service.
10.4 Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. There is no industry standard for DNT compliance. We currently do not respond to DNT signals but honor cookie consent preferences set through our consent banner.
11. Marketing Communications
We may send you marketing emails about ParentMate features, tips, and offers only with your explicit consent (opt-in at registration or later).
You can unsubscribe at any time by:
- Clicking the "Unsubscribe" link in any marketing email;
- Adjusting your email preferences in your account settings; or
- Contacting us at privacy@parentmate.com.
Transactional emails (account confirmations, password resets, payment receipts, material service changes) are sent without separate consent, as they are necessary for the performance of our contract with you.
12. Children's Privacy
ParentMate is intended for use by adults (18+) only. We do not knowingly collect personal data from children as users of the Service.
We recognize that parents may share information about their children in conversations. This data is:
- Treated as part of the parent's conversation data.
- Protected under all security measures described in this Privacy Policy.
- Not used to create individual profiles of children.
- Not used for marketing or advertising purposes.
- Not shared with third parties for their independent use.
If we become aware that a person under 18 has created an account, we will take steps to delete the account and associated data promptly. If you believe a child has registered for ParentMate, please contact us at privacy@parentmate.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
- Material changes will be communicated via email and/or a prominent notice on the website at least 30 days before taking effect.
- Minor changes (e.g., formatting, clarifications that do not affect your rights) may be made without prior notice.
The "Last updated" date at the top of this policy indicates when it was most recently revised. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
Email: privacy@parentmate.com
For complaints regarding data protection, you may also contact:
Prezes Urzędu Ochrony Danych Osobowych (PUODO)
ul. Stawki 2, 00-193 Warsaw, Poland
https://uodo.gov.pl
For UK residents: Information Commissioner's Office (ICO)
https://ico.org.uk