Skip to main content
Milk & Minutes
Milk & Minutes

Privacy Policy

Milk & Minutes by Cardin LLC

Effective Date:

1. Introduction

Welcome to Milk & Minutes. We know that your feeding data — and especially information about your child — is deeply personal. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what choices you have.

Please read this policy carefully. By using Milk & Minutes, you agree to the practices described here. If you do not agree, please do not use the app.

2. Who We Are

Milk & Minutes is developed and operated by Cardin LLC (“we,” “our,” or “us”). We are the data controller for the personal information described in this policy.

3. Information We Collect

3.1 Registered Account Information

When you create an account using Sign in with Apple or email and password, we collect:

  • Display name: The name you choose for your profile.
  • Email address: Collected when you sign in with email/password, or when Apple chooses to share it. If you use Apple's “Hide My Email” feature, we receive a relay address provided by Apple.
  • Apple ID token reference: A non-reversible identifier provided by Apple that allows us to recognize your account across sign-ins. We do not receive your Apple ID password.
  • Profile photo URL: If you choose to set a profile photo, we store a URL pointing to your uploaded image.

We do not collect your legal name unless you enter it as your display name.

3.2 Anonymous / Guest Accounts

You may use Milk & Minutes without creating an account. When you launch the app as a guest, Firebase Authentication assigns you an anonymous account with a random unique identifier. No name, email, or personal identifiers are collected at this stage.

Important:

Anonymous accounts are device-specific. If you uninstall the app, lose your device, or clear app data, your account and its data may not be recoverable — unless you have iCloud backup enabled (see Section 3.7) or you link your account before that happens. You can upgrade to a full account at any time by linking it to Sign in with Apple or an email and password. Account linking preserves all of your data seamlessly.

3.3 Child Profiles

You may create profiles for the children you are tracking. The following fields are available, and all are optional:

  • First name
  • Date of birth
  • Birth weight
  • Birth length
  • Biological sex

We recommend using a nickname if you prefer additional privacy. Child profile data is accessible only to you and any family members you explicitly invite with appropriate permissions.

3.4 Feeding Records

When you log a feeding session, we collect:

  • Timestamps (start time, end time, duration)
  • Feeding type (nursing, pumping, or bottle)
  • Volume fed (if applicable)
  • Side nursed (left, right, or both, if applicable)
  • Any text notes you choose to add

3.5 Push Notification Tokens

If you grant permission for push notifications, Firebase Cloud Messaging generates a device token that allows us to send you reminders and alerts. You can revoke notification permissions at any time through iOS Settings. Notification tokens are not used for advertising.

3.6 Technical and Usage Data

  • Crash reports: Firebase Crashlytics collects anonymized diagnostic information (device model, iOS version, stack trace) if the app crashes. This data is not linked to your name or email.
  • Performance data: Firebase Performance Monitoring collects anonymized metrics about app startup and network performance.
  • Last-seen timestamps: We record when your account last accessed the service for session management and inactive account handling.
  • Usage preferences: In-app settings you configure are stored to preserve your experience across sessions.

3.7 iCloud Backup (Anonymous / Guest Users Only)

For users signed in anonymously, Milk & Minutes uses Apple CloudKit / iCloud to back up your feeding records and child profiles to your personal iCloud account. This backup exists solely to protect your data if you reinstall the app, switch devices, or your anonymous Firebase session is otherwise lost.

  • This backup is stored in your personal iCloud account, not on our servers. Cardin LLC does not have access to your iCloud data.
  • The backup is governed by Apple's iCloud Terms and Conditions and Privacy Policy in addition to this policy.
  • iCloud backup is automatic when iCloud is enabled on your device and you are signed in to iCloud.
  • Once you link your anonymous account to a registered account, your data is fully preserved in Firestore and iCloud backup is no longer the primary recovery mechanism.
  • If iCloud is not enabled and you use an anonymous account, your data is at risk of permanent loss if the app is uninstalled or your device is lost.

4. How We Use Your Information

We use the information we collect to:

  • Provide the service: Store, display, and sync your feeding records and child profiles across your devices and family members.
  • Manage accounts: Create and maintain your account, authenticate sign-in, and link anonymous accounts to registered accounts.
  • Enable family sharing: Share data with family members you invite and enforce role-based access.
  • Send push notifications: Deliver opt-in reminders and alerts.
  • Manage subscriptions: Process and verify your subscription status through RevenueCat and the Apple App Store.
  • Maintain reliability: Use anonymized crash and performance data to identify and fix bugs.
  • Enable on-device AI features: Power optional Apple Intelligence features as described in Section 8. No data is transmitted to any server for this purpose.
  • Meet legal obligations: Comply with applicable law including COPPA, CCPA, and GDPR where applicable.

We do not use your data for advertising, sell your data to third parties, or use your data to train machine learning models on our servers.

5. Third-Party Services and Data Processors

5.1 Firebase (Google LLC)

  • Purpose: Authentication, Firestore database, Cloud Functions, Cloud Messaging (push notifications), Crashlytics (crash reporting), and Performance Monitoring.
  • Data shared: Account identifiers, feeding records, child profiles, push notification tokens, and anonymized crash/performance diagnostics.
  • Privacy Policy: firebase.google.com/support/privacy

5.2 RevenueCat, Inc.

  • Purpose: Subscription and in-app purchase management. Verifies App Store purchase receipts and determines subscription entitlements.
  • Data shared: A pseudonymous user ID, App Store purchase receipts, and subscription status. RevenueCat does not receive your name, email, or child data.
  • Privacy Policy: revenuecat.com/privacy

5.3 Apple (App Store, CloudKit, Sign in with Apple)

  • App Store / Billing: Apple processes all in-app purchases. We receive only a transaction receipt, not your payment card details.
  • Sign in with Apple: Apple authenticates you and provides a token reference and, optionally, an email address.
  • CloudKit / iCloud: For anonymous users, CloudKit stores backup data in your personal iCloud account. Cardin LLC does not access this iCloud data directly.
  • Privacy Policy: apple.com/legal/privacy

5.4 Apple FoundationModels (Apple Intelligence)

This is an on-device framework. No data is transmitted to Apple or any server for AI processing. See Section 8 for full details.

6. Family Sharing

  • Invite mechanism: You share an invite code with the person you wish to invite; they enter it in the app to join your family group.
  • Roles: Owner (full access + family management), Admin (full access + member management), Caregiver (log activities + view data), Viewer (view-only).
  • Data access: All family members with appropriate roles can view child profiles and feeding records. Please only invite people you trust.
  • Removal: When a member is removed or leaves, their access to all shared family data is immediately revoked.
  • Responsibility: You are responsible for the individuals you invite and ensuring they are authorized to access your child's feeding data.

7. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Service providers: Firebase, RevenueCat, and Apple, as described in Section 5, solely to operate the service.
  • Family members: Data shared within a family group is visible to members according to their assigned role, as you have explicitly authorized.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of Cardin LLC, our users, or the public.
  • Business transfers: If Cardin LLC is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

8. AI Features

8.1 Apple Intelligence (On-Device, Optional — iOS 26+ Required)

Milk & Minutes optionally integrates with Apple Intelligence using the FoundationModels framework on iOS 26 and later. When you opt in:

  • Personalized, empathetic explanations of your feeding patterns are generated entirely on your device.
  • No feeding data, child information, or any other personal data is transmitted to Apple, Cardin LLC, or any third party for this purpose.
  • This feature is entirely optional. The app functions fully without it.
  • Apple Intelligence requires iOS 26+ and a compatible device with Apple Intelligence enabled.

8.2 AI Clipboard Export (User-Initiated)

The app includes an optional feature that generates a structured Markdown summary of your feeding data to your device clipboard, which you may paste into an external AI tool of your choosing.

Important:

Once you paste data into a third-party application, that data is governed by that application's privacy policy — not ours. Cardin LLC has no control over and is not responsible for how third-party AI tools handle data you choose to submit to them. We encourage you to review the privacy policy of any external service before sharing sensitive information about yourself or your child.

9. Children's Privacy (COPPA)

Milk & Minutes is designed for use by parents and caregivers (adults). The app is not directed at children and children are not permitted to create accounts or use the service directly. We do not knowingly collect personal information directly from children under 13.

Child profile data entered by adults is treated as personal information belonging to the adult guardian's account. If you believe a child under 13 has independently created an account, contact us at support@milkandminutes.com and we will delete the account and associated data promptly.

10. Data Retention

  • Registered accounts: Data is retained until you delete your account. Upon deletion, data is removed from Firestore within 30 days, subject to legal retention obligations.
  • Anonymous accounts: Retained as long as the anonymous UID exists in Firebase. We encourage anonymous users to link their accounts to maintain control over their data.
  • iCloud backup data: Stored in your personal iCloud account. To delete it, delete the app and clear its associated iCloud data through iOS Settings.
  • Crash and performance data: Subject to Firebase/Google's own retention policies (anonymized).
  • Push notification tokens: Deleted within 30 days of account deletion or token deregistration.
  • Subscription data: RevenueCat retains purchase receipt data per their policy and applicable financial record-keeping requirements.

11. Your Rights and Choices

11.1 General Rights (All Users)

  • Access: View your account information and all data you have entered within the app at any time.
  • Correction: Update your display name, profile photo, child profiles, and feeding records directly in the app.
  • Deletion: Delete individual records, child profiles, or your entire account within the app.
  • Notification opt-out: Disable push notifications at any time through iOS Settings.
  • Data portability: Use the AI Clipboard Export to generate a portable summary of your feeding data.

To exercise any right not available directly in the app, contact support@milkandminutes.com.

11.2 California Residents (CCPA / CPRA)

California residents have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we shared it.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Limit Sensitive Personal Information: We use sensitive personal information (such as a child's date of birth and biological sex) only to provide the service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

Categories of personal information collected: Identifiers (account ID, email, Apple ID token reference); personal records (child profiles, feeding records); commercial information (subscription and purchase history); internet/electronic activity (usage preferences, last-seen timestamps); inferences (feeding pattern insights). We do not collect financial data directly (Apple handles billing) or biometric identifiers.

Submit CCPA requests to support@milkandminutes.com. We will respond within 45 days (extendable by 45 days if necessary).

11.3 EU and UK Residents (GDPR / UK GDPR)

Our lawful bases for processing:

  • Contract performance: Processing necessary to provide the service you have requested.
  • Legitimate interests: Crash reporting, performance monitoring, and account security.
  • Consent: Push notifications (explicitly opt-in).
  • Legal obligation: Compliance with applicable law.

Your rights under GDPR / UK GDPR:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data, subject to legal retention obligations.
  • Right to restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent (e.g., for push notifications) at any time without affecting prior lawful processing.
  • Right to lodge a complaint: With your local data protection authority (EU supervisory authority or, for UK residents, the ICO at ico.org.uk).

Contact support@milkandminutes.com to exercise GDPR rights. We respond within 30 days.

Firebase (Google) and RevenueCat maintain appropriate safeguards for international data transfers including Standard Contractual Clauses.

12. Security

We take reasonable technical and organizational measures to protect your personal information, including:

  • All data in transit is encrypted using TLS/HTTPS.
  • Firestore data is encrypted at rest by Google.
  • Authentication is handled by Firebase Authentication. We never store raw passwords.
  • Access to production data is limited to authorized personnel on a need-to-know basis.

No method of electronic transmission or storage is 100% secure. If you become aware of a security concern, contact support@milkandminutes.com promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at milkandminutes.com, display a notice within the app, and/or notify you by email if applicable. Your continued use of Milk & Minutes after the effective date constitutes acceptance of the changes.

14. Contact Us

Cardin LLC

Email: support@milkandminutes.com

Website: milkandminutes.com

We aim to respond to all inquiries within 5 business days.