Updated: June 2025 · Version 2.0
This Privacy Notice for Dad Health ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at https://dadhealth.co.uk or any website of ours that links to this Privacy Notice
- Download and use our mobile application (Dad Health), or any other application of ours that links to this Privacy Notice
- Use Dad Health. Dad Health is a wellness tool and not a clinical mental health service
- Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at jamie@dadhealth.co.uk.
Summary of key points
This summary provides key points from our Privacy Notice. Use the table of contents below to find specific sections.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information including account details, mood and wellbeing data, journal entries, location data for activity search, and community posts. See Section 1 for full details.
Do we process sensitive personal information? Yes. We process special category health data including mood logs, mental wellbeing check-in responses, journal entries and CBT pulse responses under Article 9 UK GDPR with your explicit consent. See Section 1 and Section 3 for full details.
Do we use AI to process your data? Yes. When you use the Dad Days activity search or meal plan generator, your query and approximate location are sent to Anthropic's API to generate results. No personally identifiable information beyond your search query and approximate location area is shared. See Section 4 for full details.
Do we share personal information? We share data with service providers necessary to operate the app. We do not sell your data. See Section 4 for a full list of processors.
How do we keep your information safe? We use Supabase with Row Level Security, encrypted connections and appropriate technical measures. See Section 7.
What are your rights? You have rights to access, rectify, erase, port and restrict processing of your data. See Section 9.
Table of contents
- What information do we collect?
- How do we process your information?
- What legal bases do we rely on?
- When and with whom do we share your personal information?
- Do we use cookies and other tracking technologies?
- How long do we keep your information?
- How do we keep your information safe?
- Do we collect information from minors?
- What are your privacy rights?
- Controls for Do-Not-Track features
- Do United States residents have specific privacy rights?
- Do other regions have specific privacy rights?
- Do we make updates to this notice?
- How can you contact us?
- How can you review, update, or delete your data?
1. What information do we collect?
In Short: We collect personal information you provide, health and wellbeing data you generate through using the app, and technical data about your device and usage.
Personal information you disclose to us
We collect personal information that you voluntarily provide when you register, use the Services or contact us. This may include:
- Names and usernames
- Email addresses
- Passwords and authentication data
- Contact preferences
- Payment information (handled by Stripe — we do not store card details)
Special category health and wellbeing data
When you use Dad Health's mental health and wellbeing features, we collect and process the following special category personal data with your explicit consent:
- Daily mood check-in responses (mood index 0–4)
- 3-question CBT mental pulse responses (sleep quality, stress level, connection to children)
- Journal entries (free text, mood tag, date)
- Bond check-in data (quality time logged, presence rating, conversation rating)
- Sleep logs (hours, quality rating, date)
- Dad Health Score components (calculated from the above data points)
- Custody pattern (daily / most days / 50–50 / weekends / varies)
- Remote bonding activity logs on non-contact days
This data is processed under Article 9(2)(a) UK GDPR — explicit consent. You may withdraw consent at any time by deleting your account or contacting jamie@dadhealth.co.uk. Withdrawal does not affect the lawfulness of processing before withdrawal.
This data is used solely to provide you with your Dad Health Score, personalised insights and app functionality. It is never used for advertising, sold to third parties or shared beyond the processors listed in Section 4.
Fitness and body metrics data
- Body weight (kg), waist measurement, blood pressure readings, step count
- Workout sessions (name, duration, exercises completed, estimated calories)
- Meal plan preferences and dietary requirements
- TDEE calculator inputs (age, weight, height, activity level, gender)
Location data
When you use the Dad Days activity search feature, we request access to your device location or postcode to find nearby activities. We process location data as follows:
- Raw GPS coordinates are converted to an approximate area on our server and never stored in identifiable form
- Only the postcode district (e.g. SK9, not SK9 5EY) may be retained for analytics purposes
- Location data is sent to Anthropic's API to generate activity results and to Google Maps Platform for mapping functionality
- You may decline location permission and enter a postcode manually instead
Community and social data
When you use the community feed and Dad Circles features:
- Post content, tags and timestamps are stored in our database
- Anonymous posts: if you choose to post anonymously, your post will appear without your name to other users. However, a user identifier is retained by Dad Health for moderation, safety and legal compliance purposes and will never be exposed publicly
- Circle membership (which Dad Circles you have joined)
- Respect (likes) and comment interactions
Milestone and parenting data
Information about moments and milestones you log relating to your children is stored solely to provide you with the milestone tracking feature. This data:
- Is processed under your consent as the parent or guardian
- Is not used for any purpose other than providing the milestone feature to you
- Is not shared with or accessible to other users unless you explicitly mark a milestone as shared with a co-parent
Wearable device data (Phase 3)
In a future version of the app, with your explicit permission, we may sync with Apple HealthKit (iOS) or Google Health Connect (Android) to receive steps, sleep data, heart rate and workout information. This will be covered by a separate consent flow when the feature launches.
Payment data
Payment processing is handled entirely by Stripe. We collect only the minimum data necessary to initiate a payment. Card numbers and security codes are never processed or stored by us. See Stripe's privacy policy at https://stripe.com/privacy.
Push notifications
We may request permission to send push notifications via OneSignal. You may withdraw this permission at any time in your device settings.
2. How do we process your information?
In Short: We process your information to provide the Services, calculate your Dad Health Score, generate AI-powered activity suggestions, process payments and keep you safe.
We process your personal information for the following purposes:
- To create and manage your account
- To calculate and display your Dad Health Score and pillar breakdowns
- To provide personalised wellbeing insights based on your mood, sleep and activity data
- To generate AI-powered Dad Days activity suggestions based on your location and preferences
- To generate personalised meal plans and TDEE calculations
- To process subscription payments via Stripe
- To send push notifications and service-related emails via OneSignal and Resend
- To track anonymous usage analytics to improve the Services via PostHog
- To moderate community content and enforce our terms of service
- To respond to your support requests
- To comply with our legal obligations
- To protect the vital interests of users where there is a risk to safety
Automated processing — Dad Health Score
The Dad Health Score is calculated automatically from your mood logs, sleep logs and Bond check-in data using a weighted formula (Mind 35% + Body 35% + Bond 30%). This automated calculation:
- Does not produce legal or similarly significant effects
- Is purely informational and intended to help you understand your overall wellbeing
- Can be understood by reviewing the Score breakdown on the Progress screen
- Is based entirely on data you have voluntarily provided
You have the right to request information about how your score is calculated by contacting jamie@dadhealth.co.uk.
3. What legal bases do we rely on?
In Short: We process your personal information on the basis of consent, contract performance, legitimate interests and legal obligations depending on the type of data and purpose.
Under UK GDPR we rely on the following legal bases:
Explicit Consent (Article 6(1)(a) and Article 9(2)(a)): We rely on your explicit consent to process special category health and wellbeing data including mood logs, journal entries, CBT pulse responses, sleep logs and Bond check-in data. You may withdraw consent at any time by deleting your account or contacting us. Withdrawal does not affect prior processing.
Contract Performance (Article 6(1)(b)): We process your account data, payment information and subscription status to fulfil our contractual obligations — providing you with the Dad Health Services you have signed up for.
Legitimate Interests (Article 6(1)(f)): We process usage analytics data, fraud prevention data and technical logs on the basis of our legitimate interest in operating and improving a secure, functioning service. We have assessed that these interests are not overridden by your rights and freedoms.
Legal Obligations (Article 6(1)(c)): We may process your information where necessary to comply with legal obligations such as responding to lawful requests from regulatory bodies or law enforcement.
Vital Interests (Article 6(1)(d)): We may process your information where necessary to protect the vital interests of you or another person, including where there is a risk to life or safety.
4. When and with whom do we share your personal information?
In Short: We share data with service providers necessary to operate the app. We do not sell your personal information. We do not share special category health data with any party except processors listed below who process it solely on our behalf.
4.1 Service providers and data processors
We share your personal information with the following third party processors who process data solely on our behalf under written data processing agreements:
| Processor | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Supabase | Database, authentication and file storage | Account data, all app data, health and wellbeing data | supabase.com/privacy |
| Stripe | Payment processing and subscription management | Payment details, email, subscription status | stripe.com/privacy |
| Anthropic | AI-powered Dad Days activity search and meal plan generation | Search query, approximate location area, dietary preferences | anthropic.com/privacy |
| Vercel | Web application hosting and deployment | Technical logs, IP addresses | vercel.com/legal/privacy-policy |
| OneSignal | Push notification delivery | Device token, notification preferences | onesignal.com/privacy |
| PostHog | Usage analytics and product improvement | Anonymised usage events, session data | posthog.com/privacy |
| Resend | Transactional email delivery | Email address, email content | resend.com/privacy |
| Google Maps Platform | Location mapping and activity search | Approximate location area | policies.google.com/privacy |
| Awin / Rakuten (Phase 2) | Affiliate activity recommendations | Anonymised click data, budget preference | awin.com/privacy / rakutenadvertising.com/privacy |
4.2 Anonymous community posts
While posts you choose to submit anonymously are displayed without your name to other users, a user identifier is retained by Dad Health for moderation, safety and legal compliance purposes. This identifier is never exposed publicly and is only accessed in cases of serious terms of service violations or legal requirements.
4.3 Co-parenting calendar
If you choose to use the co-parenting shared calendar feature, shared events and milestones you mark as shared will be visible to the connected co-parent account. You control which milestones are shared. No data is shared with a co-parent account without your explicit action.
4.4 Business transfers
We may share or transfer your information in connection with any merger, sale of company assets, financing or acquisition of all or part of our business. We will notify you of any such transfer that materially affects your personal information.
4.5 Legal requirements
We may disclose your information where required by law, to protect our rights, or where we believe disclosure is necessary to prevent harm.
5. Do we use cookies and other tracking technologies?
In Short: We use cookies and similar technologies for security, preferences and analytics. We will request your consent before placing non-essential cookies.
We use cookies and similar tracking technologies to maintain the security of our Services, save your preferences and conduct analytics. Specifically:
- Essential cookies: required for the app to function (authentication tokens, session management)
- Analytics cookies: PostHog uses cookies to track anonymised usage events. You will be asked for consent before these are placed.
A cookie consent banner is displayed on first visit to dadhealth.co.uk. You may withdraw consent for non-essential cookies at any time through the cookie settings on our website.
For full details of the cookies we use, please see our Cookie Notice.
6. How long do we keep your information?
In Short: We keep your information for as long as necessary to provide the Services and comply with legal obligations.
| Data type | Retention period | Reason |
|---|---|---|
| Account and profile data | Duration of account + 6 months | Service provision and fraud prevention |
| Mood logs, journal entries and health data | Duration of account + 6 months | Service provision only |
| Payment records | 7 years from transaction | UK tax and accounting legal requirement |
| Community posts | Duration of account or until deleted by user | Service provision |
| Anonymous post identifiers | 7 years | Legal compliance and moderation audit trail |
| Analytics data (PostHog) | 12 months rolling | Product improvement |
| Backup archives | Up to 30 days after deletion | Technical recovery only |
7. How do we keep your information safe?
In Short: We use industry-standard technical and organisational measures to protect your data.
We implement the following security measures:
- All data is stored in Supabase with Row Level Security (RLS) enabled — users can only access their own data
- All connections use HTTPS / TLS encryption in transit
- Authentication is handled by Supabase Auth with support for OAuth providers
- Anthropic API key and all sensitive credentials are stored server-side only and never exposed to the client
- Anonymous post user identifiers are stored server-side only and never returned in API responses
- Access to production systems is restricted to authorised personnel only
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware and will notify affected users without undue delay where required.
Despite our safeguards, no electronic transmission or storage technology can be guaranteed to be 100% secure. If you become aware of any security concern, please contact jamie@dadhealth.co.uk immediately.
8. Do we collect information from minors?
In Short: Dad Health is for adults aged 18 and over. We do not knowingly collect personal data from children.
Dad Health is designed for use by adults aged 18 and over. We do not knowingly collect, solicit or market to children under the age of 18.
Some features of the app, including the milestone tracker, Bond check-in and Present Dad Mode, allow parents to log information about their interactions with their children. This information:
- Is submitted by the parent user and processed under that parent's consent
- Does not involve direct data collection from children
- Is not used for any purpose other than providing the relevant feature to the parent
- Is not shared with or accessible to other users unless explicitly shared by the parent via the co-parenting feature
If we learn that a user is under the age of 18, we will deactivate their account and delete their data. Please contact jamie@dadhealth.co.uk if you believe a minor has registered.
9. What are your privacy rights?
In Short: Under UK GDPR you have significant rights over your personal data. We will respond to all valid requests within one month.
Under UK GDPR you have the following rights:
- Right of access — to receive a copy of the personal data we hold about you
- Right to rectification — to have inaccurate data corrected
- Right to erasure ('right to be forgotten') — to have your data deleted, subject to legal retention requirements
- Right to restrict processing — to limit how we use your data
- Right to data portability — to receive your data in a structured, commonly used format
- Right to object — to object to processing based on legitimate interests
- Rights related to automated decision-making — to request human review of automated decisions that significantly affect you
To exercise any of these rights, please contact us at jamie@dadhealth.co.uk or submit a Data Subject Access Request at https://dadhealth.co.uk/privacy-request.
If you are located in the UK and believe we are unlawfully processing your personal information, you have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
Withdrawing consent
Where we rely on your consent to process special category health and wellbeing data, you may withdraw that consent at any time by deleting your account or contacting jamie@dadhealth.co.uk. Withdrawal does not affect the lawfulness of processing before withdrawal. Following withdrawal, your health and wellbeing data will be deleted within 30 days.
Opting out of marketing
You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email we send or by contacting us. We may still send service-related messages necessary for account operation.
10. Controls for Do-Not-Track features
Most web browsers include a Do-Not-Track ("DNT") feature. No uniform technology standard for implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals. If a standard is adopted in the future, we will update this notice accordingly.
11. Do United States residents have specific privacy rights?
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific privacy rights under applicable state law.
Categories of personal information collected
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Email address, username, IP address | YES |
| B. California Customer Records | Name, contact information | YES |
| C. Protected classification characteristics | Age, gender | YES |
| D. Commercial information | Purchase history, subscription status | YES |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or network activity | App usage data, analytics | YES |
| G. Geolocation data | Approximate location for Dad Days search | YES — approximate area only, not precise |
| H. Audio, electronic or visual information | Profile photos (if uploaded) | YES — if provided |
| I. Professional or employment information | Not collected | NO |
| J. Education information | Not collected | NO |
| K. Inferences from personal information | Dad Health Score calculated from mood, sleep and Bond data | YES — see Section 2 |
| L. Sensitive personal information | Mood logs, journal entries, health check-in data, precise location | YES — see Section 1 |
Appeals: If we decline to take action on your privacy request, you may appeal by emailing jamie@dadhealth.co.uk. We will respond in writing within 60 days. If your appeal is denied, you may submit a complaint to your state attorney general.
12. Do other regions have specific privacy rights?
Australia and New Zealand
We collect and process your personal information under the obligations set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. If you believe we are unlawfully processing your personal information, you may contact the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.
Republic of South Africa
You have the right to request access to or correction of your personal information at any time. Complaints may be submitted to the Information Regulator (South Africa) at enquiries@inforegulator.org.za.
13. Do we make updates to this notice?
We may update this Privacy Notice from time to time to reflect changes in our Services, legal requirements or data processing activities. The updated version will show a revised date at the top. We will notify you of material changes either by posting a notice within the app or by email.
14. How can you contact us?
If you have questions or comments about this notice, or wish to exercise your privacy rights, please contact our Data Protection Officer:
- Email: jamie@dadhealth.co.uk
We aim to respond to all privacy enquiries within 30 days.
15. How can you review, update, or delete your data?
Based on applicable laws, you may have the right to request access to, correction of, or deletion of your personal information. To make such a request:
- Log in to your account and use the account settings to update your profile
- Submit a Data Subject Access Request at https://dadhealth.co.uk/privacy-request
- Email jamie@dadhealth.co.uk with your request
We will respond to verified requests within one month in accordance with UK GDPR. In complex cases we may extend this by a further two months, in which case we will notify you.