pumping schedule

Privacy policy

Last updated: June 11, 2026

This policy covers both the Pumping Schedule website (pumpingschedule.com) and the Pumping Schedule mobile app for iOS and Android.

Part 1 — Website (pumpingschedule.com)

What we collect

Your email address — if you create an account. No name, no location, no health information through our website forms.

For analytics, we use Plausible (privacy-friendly, no cookies, no personal data, fully GDPR compliant) and Google Analytics (GA4), which may use cookies per Google's privacy policy.

What happens with your email

You get notified when the Pumping Schedule app launches and receive occasional product updates. No selling, no renting, no sharing with third parties. Your address is stored in our Supabase-hosted database (SOC 2 Type II compliant), protected by row-level security policies.

Part 2 — Mobile app

Account & authentication

When you create an account you provide an email address and password (or sign in through Apple or Google). Authentication is handled by Supabase Auth. We store your email, a hashed password (if applicable), and your authentication provider. We never see or store your third-party provider password.

Pumping & feeding data you enter

The app lets you log pumping sessions, feeding times, milk volumes, and related notes. This data is stored in your private account on our Supabase-hosted database, protected by row-level security so that only you can access it. We do not share, sell, or use this data for advertising purposes.

Health data classification: Pumping and feeding logs may be considered health-related information under certain regulations. We treat all session data with the same care as protected health information, even where not legally required to do so.

Notifications

If you enable push notifications, we receive a device token from Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM). This token is used solely to send you pumping reminders and schedule alerts you configure. You can disable notifications at any time in your device settings.

Subscription & payment

Paid subscriptions are processed through the Apple App Store or Google Play Store. We use RevenueCat to manage subscription status across platforms. RevenueCat receives your anonymous app user ID and purchase receipts from Apple/Google — it does not receive your name, email, or payment card details. Your credit card information is handled entirely by Apple or Google and is never sent to our servers.

Analytics & crash reporting

The app uses Sentry for crash reporting and PostHog for product analytics. Both receive anonymized usage data (screen views, feature usage, crash logs). No pumping session data, milk volumes, or personal health details are sent to analytics providers.

Device permissions

The app may request the following device permissions:

  • Notifications — to send pumping reminders and schedule alerts.
  • Background refresh — to keep your schedule timers accurate when the app is not in the foreground.

The app does not access your camera, microphone, contacts, location, photo library, or Apple Health / Google Fit data.

Local storage

Some data (preferences, cached schedules) is stored locally on your device using secure storage. This data stays on your device and is not transmitted to our servers unless you explicitly sync it to your account.

Part 3 — Shared policies

Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data — including pumping logs, email, and subscription records — is permanently removed from our systems within 30 days.

Third-party services

We use the following third-party services that may process data on our behalf:

  • Supabase — database hosting and authentication (SOC 2 Type II)
  • RevenueCat — in-app subscription management
  • Stripe — website payment processing (PCI DSS Level 1)
  • Sentry — error and crash reporting
  • PostHog — product analytics
  • Plausible — website analytics (no cookies, GDPR compliant)
  • Google Analytics — website analytics
  • Resend — transactional email delivery

None of these providers are authorized to use your data for their own purposes.

Children's privacy

Our services are intended for adults (parents and caregivers). We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

Data security

All data transmitted between your device and our servers is encrypted using TLS. Data at rest is encrypted on our database servers. Authentication tokens are stored securely on your device. We conduct regular security reviews of our infrastructure.

Your rights

You have the right to:

  • Access all personal data we hold about you
  • Export your pumping and feeding data
  • Correct inaccurate information
  • Delete your account and all associated data
  • Opt out of non-essential communications

How to reach us

Want your data deleted, exported, or have any privacy questions? Email contact@pumpingschedule.com and we'll respond within 7 business days.

Changes to this policy

This policy may update as the product evolves. Material changes get a new date at the top of this page. For significant changes, we will also notify app users via in-app notification or email.