← Back to home

Privacy Policy

Last updated: May 2026

At a glance

A short summary for parents and caregivers in a hurry. The full policy is below.

We are Novie, a parenting support app built in Sydney. Looking after your information, and information about your children, is part of what we do.

  • What we collect: information you give us when you set up your account and your household, information you log about your child, the messages you send to our AI chat, and a small amount of technical information from your device.
  • Why we collect it: to provide the personalised guidance the app exists for, to keep your account secure, and to improve the Service.
  • Who we share with: a small list of carefully chosen service providers, including Amazon Web Services, which powers our infrastructure and the AI chat. We do not sell your information.
  • Children’s information: we do not collect information directly from children. The information about your child is provided by you. We treat that information as sensitive and apply higher protections.
  • Location and microphone: the app uses your approximate location for time zone and weather features, and the microphone if you choose to use voice input in the chat. Both are explained in section 2.
  • Your rights: you can see, correct, delete, or export your information at any time. You can clear your AI chat history.
  • Where to ask questions: privacy@novie.life.

1. About this policy

This Privacy Policy explains how Novie Holdings Pty Ltd (ABN 79 688 622 906, ACN 688 622 906) (Novie, we, us, or our), the operator of the Novie app and the novie.life website (the Service), collects, uses, discloses, and protects personal information.

1.1 Who we are

Novie is a privately held Australian company based in Sydney. We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles. When we offer the Service to people in the European Economic Area, the United Kingdom, or other regions with their own privacy laws, those laws also apply to our handling of personal information about people in those regions.

1.2 Who this policy applies to

  • Adults who use the Service as account holders or invited caregivers.
  • Children whose information is recorded in the Service by an authorised caregiver.
  • Visitors to novie.life.
  • People who contact us at any of our published email addresses.

1.3 How to contact us about privacy

  • Privacy contact: privacy@novie.life
  • Postal address: Novie Holdings Pty Ltd, PO Box 154, Erskineville NSW 2043, Australia

2. Information we collect

2.1 Information you give us when you set up your account

  • Your name.
  • Your email address.
  • A password, which we never store in plain text (see section 6 on security).
  • Your role in the household, for example parent, partner, grandparent, nanny, or babysitter.
  • The household and children you create or are invited to access.
  • Your time zone.
  • Authentication information. Sign-in is handled by an authentication service running on Amazon Web Services. If you sign in with Google, or with Apple once that option is available, that provider passes us your authentication details. If you sign in with email and password, we store your email and a secured hash of your password.

2.2 Information about your child or children

You provide information about each child you add to your household. That information may include:

  • Name or a nickname.
  • Date of birth and, where the child was born premature, due date and prematurity status.
  • Sex.
  • Birth weight and length.
  • Bedtime routine duration.
  • Known allergens, recent allergen introductions, and reactions.
  • Tracking entries you log under categories such as sleep, feeding, nappy, activity, solids, growth, and health.
  • Developmental milestones, including any photos you choose to upload.
  • Calendar entries you create, which may include appointments, locations, and notes.
  • Chat conversations and questionnaire responses related to that child.

We treat this information as sensitive personal information under the Australian Privacy Act, as special category data under the GDPR where it relates to health, and as the most highly protected category of information under the US Children’s Online Privacy Protection Act and the forthcoming Australian Children’s Online Privacy Code.

2.3 Information about your household and other caregivers

If you invite another caregiver to your household, we collect their email address and the role they will hold. If they accept the invitation, we collect their account information as described in section 2.1. We rely on you to confirm that they consent to receive the invitation and to be added.

2.4 Information from your interactions with the Service

  • Messages you send to the AI chat feature, and the responses generated. You can type these messages or, if you choose, dictate them using your device microphone. Voice input is converted to text on your device or through your device’s operating system. We process the resulting text, not an audio recording.
  • The questionnaires you complete and the toolkits you use.
  • Schedules and plans generated for your child.
  • Trends and analytics derived from your tracking entries (see section 4 on automated processing).

2.5 Location information

The app uses your approximate location to set your household time zone correctly and to provide weather-related features. We do not use precise location for tracking or advertising, and we do not build a location history. You can decline location access in your device settings, in which case you can set your time zone manually.

2.6 Technical and usage information

  • Device type, operating system, and app version.
  • IP address, used at sign-in for security and for approximate region detection.
  • App usage events, collected through Segment, our analytics provider, to understand which features are used and to improve the Service.
  • Push notification tokens, where you have enabled push notifications.
  • Cookies and similar technologies on novie.life. We use a small number of strictly necessary cookies to make the website work. We do not use advertising or cross-site tracking cookies.

2.7 Payment and subscription information

If you subscribe to Premium, your payment is collected and processed by Apple under your Apple ID. We do not see, store, or process your payment card details. Subscription status is managed through RevenueCat, our subscription infrastructure provider, which receives a non-identifying purchase token and your subscription state so that the app knows whether your subscription is active. We receive subscription start date, current period, and renewal status.

2.8 Information from third parties

  • Authentication identity from Google, or from Apple once that sign-in option is available.
  • Subscription status from Apple and RevenueCat, as described in section 2.7.
  • We do not buy data from advertising or data-broker companies.

2.9 Information we do not collect

  • Precise GPS location or location history. The app uses approximate location only, for time zone and weather, as described in section 2.5.
  • Contact lists.
  • Audio recordings. Voice input in the chat is converted to text, as described in section 2.4.
  • Camera or photo-library access, except where you choose to upload a photo to a milestone.
  • Biometric information.
  • Government identifiers.
  • Financial account numbers.

3. How we use information

3.1 To provide the Service

To create your account, set up your household, deliver content modules, generate personalised guidance and schedules, run the AI chat, deliver tracking and trends, and make the Service work the way you expect. Our lawful basis is performance of our contract with you and, for information about children, the consent you give as a parent or authorised caregiver, including explicit consent for health information.

3.2 To keep the Service secure

To verify your identity, prevent unauthorised access, detect abuse, and respond to security incidents. Our lawful basis is our legitimate interest in the security of the Service, balanced against your rights.

3.3 To improve the Service

To analyse usage in aggregate, fix bugs, improve content, and develop new features. We do not use individual chat content to train AI models. Our lawful basis is our legitimate interest in operating and improving the Service.

3.4 To communicate with you

To send transactional emails such as welcome messages, account changes, security notifications, billing receipts, and important Service updates, and, with your consent, optional product and educational emails. Every marketing email includes an unsubscribe link.

3.5 To meet legal obligations

To comply with applicable law, respond to lawful requests from authorities, defend legal claims, enforce our Terms, and discharge any safeguarding responsibilities.

3.6 What we do not do

  • We do not sell, rent, or trade your personal information.
  • We do not share your personal information with advertisers or data-broker companies.
  • We do not use your information for behavioural advertising.
  • We do not use your child’s information, your chat content, or any of the information you log to train any AI model, our own or anyone else’s.

4. Automated decision-making and profiling

The Service uses some automated processing to provide trends, schedules, milestone comparisons, and AI-generated chat responses. None of this processing produces a legal effect or similarly significant effect on you or your child.

The AI chat feature uses an AI model accessed through Amazon Web Services. AI responses can be inaccurate. Do not rely on them for safety-critical decisions. You can clear your chat history at any time. If we ever introduce automated processing that does have a legal or significant effect, we will update this policy and request your consent.

5. Sharing your information

We share your information only with the service providers listed below. Each is a contracted provider bound by a written data-processing agreement. We update this list when our providers change.

5.1 Our service providers

  • Amazon Web Services (AWS): cloud infrastructure including authentication, database, application hosting, file storage, push messaging, secrets management, and AI model processing.
  • Apple Inc.: the App Store, in-app purchase, Apple Sign-In, and push notification delivery.
  • Google LLC: Google Sign-In authentication.
  • RevenueCat, Inc.: subscription management.
  • Twilio SendGrid: transactional email from the app.
  • Brevo (Sendinblue SAS): email from the novie.life website, including waitlist.
  • OpenWeather Ltd: weather information, receiving your approximate location.

5.2 Other parties we may share with

  • Law enforcement and regulators, where we are legally required to disclose information, or where we believe disclosure is necessary to protect the safety of a child or another person. We respond only to lawful requests.
  • Professional advisers, including lawyers, accountants, and auditors, under confidentiality.
  • A successor in interest, in the event of a merger, acquisition, or sale of assets, with notice to you and a continuation of equivalent privacy commitments.

5.3 We do not sell your information

We do not sell or share your personal information for cross-context behavioural advertising as defined under the California Consumer Privacy Act, and we do not engage in any practice that would constitute sharing under that law.

6. Security

We protect your information using a combination of technical and organisational measures, including:

  • Encryption in transit using industry-standard TLS.
  • Encryption at rest for the production database.
  • Least-privilege access controls for staff and contractors.
  • Secrets management for credentials and keys.
  • Password storage as a secured hash, never in plain text.
  • Audit logging of access to sensitive data.
  • Vulnerability monitoring and a written incident response plan.
  • Privacy and security training for staff who handle personal information.

No method of transmission or storage is perfectly secure. We cannot guarantee absolute security, but we work continuously to reduce risk.

7. International transfers

The Service is operated from Australia. Some of our service providers are located in the United States and other countries.

For users in the European Economic Area or the United Kingdom, transfers to providers rely on adequacy decisions where they exist, including the EU-US Data Privacy Framework, and otherwise on Standard Contractual Clauses with additional measures where appropriate. AWS provides EU and UK regional options where required. You can request details of the transfer mechanism that applies to a specific transfer at privacy@novie.life.

For users in Australia, our cross-border disclosures comply with Australian Privacy Principle 8. We take reasonable steps to ensure overseas recipients handle your information consistently with the Australian Privacy Principles.

8. Children’s information

This section is in addition to the rest of the policy. It explains how we treat information about children, and how we approach the Children’s Online Privacy Protection Act in the United States, Article 8 of the GDPR in the European Union, the UK Age Appropriate Design Code, and the forthcoming Children’s Online Privacy Code in Australia.

8.1 Novie is for adults

The Service is intended for use by parents and caregivers aged 18 or over. We do not knowingly allow children under 13 to create an account.

8.2 Information about children is provided by you

Information about your child is provided by you, the parent or authorised caregiver. By providing that information, you confirm that you are the parent or have legal authority to consent on behalf of the child, that where parental responsibility is shared you have the consent of any other person who shares it, and that you consent to the processing described in this policy on behalf of the child.

8.3 Verifiable parental consent

Where verifiable parental consent is required, we combine the App Store account as one signal of adult status with explicit in-app consent screens that require you to acknowledge that you are providing consent on behalf of the child.

8.4 The right to delete a child’s information

A parent or authorised caregiver, or a child of sufficient maturity, can ask us to delete all information about a child. We will delete that information from production systems within 30 days, with up to a further 30-day window for residual deletion from backups.

8.5 Best interests of the child

We design the Service with the best interests of the child as a primary consideration. This includes high-privacy default settings, data minimisation in the information sent to the AI provider, no behavioural advertising or profiling, and no techniques designed to nudge you into lowering privacy protections.

8.6 Sharing among caregivers

When you invite a caregiver to your household, that caregiver gains the access level you grant. Removing a caregiver removes their future access. Records of past actions remain in the household history.

8.7 What we will not do with children’s information

  • We will not sell or share children’s information for any commercial purpose unrelated to operating the Service.
  • We will not use children’s information to train AI models.
  • We will not use children’s information for advertising.
  • We will not disclose children’s information except as described in section 5 or with parental consent.

9. Retention

We keep information for as long as we need it for the purposes described in this policy, or as required by law. Our default retention periods are:

  • Active account information: while your account is active.
  • Tracking entries: 24 months from the entry date, with shorter retention available on request.
  • Chat conversation history: 90 days from the last message in the conversation, unless you explicitly save the conversation.
  • Photos uploaded to milestones: until you delete the photo, or your account is deleted.
  • Account deletion: full deletion from production systems within 30 days, with backup deletion within a further 30 days.
  • Financial records: 7 years, as required by Australian tax law.
  • Audit logs: 12 months.

10. Your rights

10.1 Rights you have

Subject to the law that applies to you, you have the right to ask us what personal information we hold about you and obtain a copy, correct inaccurate information, ask us to delete your information, restrict or object to certain processing, receive your information in a machine-readable format and ask us to transmit it to another service, withdraw any consent you have given, and complain to a privacy regulator.

10.2 How to exercise your rights

Email us at privacy@novie.life. We will respond within 30 days for Australian users, within one month for users in the EU and the UK (extendable for complex requests), and within 45 days for California users (extendable by a further 45 days). We may need to verify your identity before processing your request. We will not charge you for exercising your privacy rights, and we will not treat you differently for doing so.

10.3 If you live in the United States

If you live in California or another US state with a comprehensive privacy law, you also have the right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties we have shared it with, to opt out of the sale or sharing of your personal information (we do not sell or share your information for cross-context behavioural advertising), to limit the use and disclosure of your sensitive personal information, and not to be discriminated against for exercising your rights.

10.4 If you live in the EEA or the UK

You also have the right to lodge a complaint with the supervisory authority in your country. A list of EU supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner’s Office at ico.org.uk.

10.5 If you live in Australia

You can complain to the Office of the Australian Information Commissioner at oaic.gov.au.

10.6 Authorised representatives

You can authorise a representative to make a request on your behalf. We will ask for proof of authorisation.

11. Direct marketing and your choices

11.1 Marketing emails

We send marketing emails only with your consent. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@novie.life.

11.2 Push notifications

If you enable push notifications in the app, we send notifications related to your child’s stage, the Service, and, with your separate opt-in, educational content. You can disable push notifications in your device settings or in the app at any time.

11.3 Advertising and tracking

We do not use your information for advertising and we do not sell it. We use Segment to understand how the app is used so that we can improve it.

11.4 Cookies on novie.life

We use a small number of strictly necessary cookies to operate the website. We do not use cookies for advertising or cross-site tracking.

12. Notifying you of a data breach

We follow a written incident response plan. If a data breach is likely to result in serious harm to you or your child, we will notify you and the relevant regulator within the timelines required by law. In Australia this means notifying the Office of the Australian Information Commissioner within 30 days of becoming aware of an eligible breach. In the EU and the UK it means notifying the lead supervisory authority within 72 hours. In the United States, where a breach affects identifiable health information, it means notifying affected individuals and the Federal Trade Commission as required by the FTC Health Breach Notification Rule.

13. Changes to this policy

We may update this policy from time to time. When we make changes we update the date below. For material changes we notify you in advance through the Service or by email and, where required by law, we ask you to acknowledge the new policy before continuing to use the Service.

14. How to contact us

  • Privacy: privacy@novie.life
  • General: hello@novie.life
  • Postal: Novie Holdings Pty Ltd, PO Box 154, Erskineville NSW 2043, Australia

If you would prefer to contact a regulator directly: the Office of the Australian Information Commissioner at oaic.gov.au, the Information Commissioner’s Office in the UK at ico.org.uk, a list of EU supervisory authorities at edpb.europa.eu, or the California Attorney General at oag.ca.gov/privacy.