Privacy Policy

This Privacy Policy (the “Policy”) details the critical aspects governing your personal data relationship with Digital Elpis FZ-LLC (“Peanut and Me”, “we”, “us”, or “our”), a company incorporated in Ras Al Khaimah under license no. 47027311, with registered address at FDCW1407 Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates. Peanut and Me is a parenting companion product owned and operated by Digital Elpis FZ-LLC.

We may occasionally make changes to the Policy by publishing the changes on our website and within the app. We hold the sincere belief that you should always know what data we collect from you, and the purposes for which such data is used. We also believe that you should have the ability to make informed decisions about what data you want to share with us. Therefore, we are fully transparent about how and why we collect, store, share, and use your personal data and the data you record about your child(ren) through the various capacities in which you interact with us.

Your personal data relationship with Peanut and Me is based on the capacity in which you interact with us and/or use our products and services (collectively, the “Services”), such as when you:

• Are a visitor to https://peanutandme.com or any of our websites that link to this Policy (collectively, the “Website”) or any pages thereof (in such instance you are referred to as a “Visitor”);
• Download and use our Mobile App on iOS or Android, or any other application that links to this Policy;
• Have an account with us to use our Services (in such instance you are referred to as a “Registered User”);
• Create or maintain a profile for your minor child(ren) inside the Services (in which case you are referred to as a “Parent User”); or
• Engage with us in other related ways, including any sales, marketing, support, or events.

This Policy is a part of and should be read in conjunction with our Terms & Conditions and will clarify the rights available to you vis-à-vis the personal data you share with us. We handle all personal data in accordance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (as amended and its implementing regulations, where applicable) (“UAE PDPL”). Where the EU/EEA GDPR (or UK GDPR), the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 of India, the California Consumer Privacy Act and other US state privacy laws, or other regional privacy laws apply to our processing (for example, if we offer goods or services to individuals in those jurisdictions or monitor their behaviour), we also process Personal Data in accordance with those laws for that processing activity. If a particular law does not apply to you or our processing, references to it do not create obligations beyond applicable law.

If you have any queries or concerns with this Policy, please contact our Grievance Officer as mentioned at the end. If you do not understand the contents of the Policy or do not agree with the Policy, you are strictly prohibited from visiting our Website or Mobile App and using our Services.

1. WHAT INFORMATION DO WE COLLECT?

   The information that we collect depends on the context of your interactions with us through our Website and Services, the choices you make, and the products and features you use. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

   1. INFORMATION THAT IS AUTOMATICALLY COLLECTED

      We automatically collect certain information when you visit, use, or navigate our Website or Mobile App or try to connect to our Services. This information does not always reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. We also collect information through cookies and similar technologies as described in Section 4.

      The information we collect includes:

      1. Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Website or Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, and information about your activity on the Website or Mobile App (such as date/time stamps, pages and screens viewed, features used, and other actions you take), and device event information (such as system activity, error reports sometimes called “crash dumps”, and hardware settings).
      2. Device Data: We collect device data such as information about your computer, phone, tablet, or other device you use to access our Website or Services. Depending on the device used, this device data may include your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider and/or mobile carrier, operating system, push notification token, and system configuration information.
      3. Location Data (coarse): We collect coarse location data, primarily the country and broad region inferred from your IP address or the country you select during onboarding. This is used to regionalise content such as vaccination schedules, recipes, allergen guidance, and crisis-helpline numbers. We do not request precise GPS location, and you can change your country at any time in Settings → Profile.

   2. PERSONAL INFORMATION THAT YOU DISCLOSE TO US

      We collect personal information that you voluntarily provide to us when you register for the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

      • Your name (or chosen display name), email address, country and broad region, sign-in provider (Apple/Google/email), and optional avatar;
      • Username, password, or other relevant unique identifier;
      • Your stated top concerns and parenting context captured during onboarding;
      • Community content you author, including community posts and replies (yours by default; anonymous if you choose), upvotes, bookmarks, and product reviews;
      • Recipe ratings, feedback, custom grocery list items, support requests, and any content you send via in-app support;
      • Payment instrument information if you purchase a paid feature in the future, processed by our payment provider (for example, RevenueCat and the relevant app store), in accordance with Section 1(C).

   3. PAYMENT DATA

      The core Services are currently provided free of charge. Where a paid feature is offered in the future, we may collect data necessary to process your payment, such as your payment instrument reference, transaction status, and subscription entitlement state. We do not store full card numbers or CVV ourselves unless expressly stated and lawfully permitted; payment processing is handled by our payment provider(s) and the relevant app store (Apple App Store or Google Play).

   4. APPLICATION DATA

      If you use our Mobile App, we also may collect the following information if you choose to provide us with access or permission, primarily to maintain the security and operation of the application, for troubleshooting, and for our internal analytics and reporting purposes:

      1. Mobile Data Access: We may request access or permission to certain features from your mobile device, including camera/photo library (only when you choose to set a profile or baby avatar), and notifications. If you wish to change our access or permissions, you may do so in your device’s settings.
      2. Mobile Device Data: We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, hardware model, internet service provider and/or mobile carrier, and IP address (or proxy server).
      3. Push Notifications: We may request to send you push notifications regarding your account, vaccination reminders, replies to your community posts, and product updates. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings or in Settings → Notifications inside the app.

   5. CHILD DATA (DATA YOU RECORD ABOUT YOUR CHILD)

      Peanut and Me is intended only for users aged 18 and above. We do not knowingly collect personal data directly from a child. Where Child Data is recorded in the Services, it is provided by the Parent User (the parent or legal guardian) and is processed to personalise the Services for that family.

      Child Data may include the child’s name (or nickname), date of birth, gender, feeding type (breast, formula, mixed, weaning), delivery type (vaginal, C-section), known allergies, foods introduced, allergy reactions and their severity, sleep/feed/diaper tracker logs, vaccination doses and brand/notes, and milestone records.

      The Parent User represents and warrants that they are the parent or legal guardian of the child whose data they record, or otherwise have lawful authority to record that data, and that they have all consents required under Applicable Law (including from a co-parent or other guardian where required).

      We process Child Data only for the purposes set out in Section 2 and we do not sell Child Data. We do not share Child Data with unrelated third parties for advertising purposes. Where AI Features (described in Section 2) are used, we share only the minimum context required (for example, the child’s age band, country, feeding type, and allergies) and never the child’s name or any directly identifying information.

2. HOW DO WE PROCESS OR USE YOUR INFORMATION?

   We process your personal information and Child Data for a variety of reasons, depending on how you interact with our Website, Mobile App, and/or Services, including:

   • To facilitate account creation, authentication, and account management – so you can create and sign in to your account, keep it in working order, and recover access when needed.
   • To deliver the Services to you– to personalise daily meal plans, recipes, meal swap suggestions, vaccination schedules, milestone checklists, the community feed, and reminders for your family’s context.
   • To operate AI Features within a narrow, defined scope – we send minimal, non-identifying context (age band, country, feeding type, allergies) to an AI provider to: (a) generate meal plans; (b) generate meal swap suggestions; and (c) answer the curated questions surfaced on a recipe detail screen. The AI Features do not write or enhance community posts, replies, or product reviews. We do not send the AI provider your name, your child’s name, your community content, your messages, or any identifying detail.
   • To run the community and product reviews – to display your posts, replies, upvotes, bookmarks, and product reviews to other users, and to operate moderation (including review of flagged content for safety, legality, and policy compliance).
   • To respond to user inquiries and offer support – to respond to your inquiries and solve any potential issues you might have with the Services.
   • To send administrative information to you – to send you details about our products and Services, changes to our terms and policies, and other similar information, including password resets, sign-up confirmations, vaccination reminders, and replies to your community posts.
   • To enable user-to-user communications– to allow other parents to read and reply to your community posts, and to allow you to interact with theirs.
   • To request feedback– to ask for your feedback on meals, recipes, features, and your overall experience.
   • To send you marketing and promotional communications – subject to your preferences and Applicable Law. You can opt out of marketing emails at any time.
   • To protect our Services– for fraud monitoring and prevention, abuse and safety investigation, and to keep our Services secure.
   • To identify usage trends– to understand how our Website, Mobile App, and Services are used so we can improve them.
   • To save or protect a vital interest– when necessary to save or protect an individual’s vital interest, such as to prevent harm. Where the mood check-in suggests a person is in crisis, we surface region-specific crisis-helpline information; this is a self-care signal and not a crisis-response service.
   • To process payments– for any future paid features, via our payment provider and the relevant app store.

3. LEGAL BASES TO PROCESS YOUR INFORMATION

   We may rely on the following legal bases to process your personal information:

   • Consent– we may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
   • Performance of a Contract– we may process your personal information when it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
   • Legitimate Interests– we may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, to:
     • send users information about special offers and product updates;
     • analyse how our Services are used so we can improve them to engage and retain users;
     • support our marketing activities;
     • diagnose problems and prevent fraudulent activities;
     • understand how our users use our products and Services so we can improve user experience.
   • Legal Obligations– we may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
   • Vital Interests– we may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

4. COOKIES AND TRACKING TECHNOLOGIES THAT WE USE

   We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information on the Website. The Mobile App uses equivalent local-storage and analytics SDKs.

   Cookies are text files which are sent from our server and downloaded to your device when you visit our Website. They allow us to recognise your device when you return. You can disable them through your browser should you so wish.

   Web beacons (also known as Clear GIFs, Web Bugs or Pixel Tags) are tiny picture files embedded on the Website that track your behaviour and navigation. They are similar to cookies in what they do, but they do not get downloaded onto your device. We use web beacons to manage cookies, record visits, and learn marketing metrics.

   Usually, browsers have a default setting to accept cookies until you change your browser settings. You can choose to reject and remove cookies from our Website by changing your browser settings. If you reject or remove our cookies, it could affect how our Website works.

   Use of Cookies

   When you use our Website, we use cookies and similar technologies to provide you with a better, faster, and safer user experience. The cookies and similar technologies used in connection with our Services have different functions:

   • they may be technically necessary for the provision of our Services (for example, keeping you signed in);
   • they help us optimise our Services technically (for example, monitoring error messages and loading times);
   • they help us improve your user experience (for example, saving font size and form data entered);
   • they help us recognise you when you sign in to your account on our Website to personalise your experience with our Services;
   • they help us understand and keep track of your preferences;
   • they help us analyse the performance of our Services.

   You are also free to disable the use of cookies and similar technologies if this is supported by your device. You can manage your cookie settings in your browser or device settings.

5. INFORMATION WE GET FROM OTHERS

   We may receive data about you from other sources, such as identity providers (Apple and Google) when you sign in using their services, analytics and crash-reporting providers, and payment and entitlement providers (RevenueCat and the relevant app store) where you make a purchase. We use this data to operate, secure, and improve the Services in accordance with this Policy.

6. RETENTION OF DATA

   We will store any personal data we collect from you as long as it is necessary, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements), in order to facilitate your use of the Services and for ancillary legitimate and essential business purposes — including improving our Services, attending to technical issues, and dealing with disputes.

   Your personal data will primarily be stored in electronic form. We may engage third parties to collect, store, and process your personal data, but only in full compliance with applicable laws. We may need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our legal obligations, resolve disputes, and enforce our agreements.

   If you are a Registered User, please be advised that after you terminate your usage of a Service, we may, unless legally prohibited, delete all data provided or collected by you from our servers, including Child Data you recorded.

   When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. SHARING YOUR INFORMATION

   In the ordinary course of business, we may engage other companies and people to assist us in providing certain components of our Services in compliance with the provisions of this Policy. To do so, we may need to share your data with them. Categories of recipients include:

   • cloud hosting and database providers that store the data underlying the Services;
   • authentication providers (Apple, Google, Supabase Auth) used for sign-in;
   • AI model providers used strictly to power AI Features within the scope described in Section 2;
   • analytics and crash-reporting providers used to monitor and improve performance and reliability;
   • push notification gateways used to deliver notifications to your device;
   • payment and entitlement providers (RevenueCat and the relevant app store) used for any future paid features;
   • email and customer support providers used to correspond with you.

   Additionally, we may also need to share your data in the following situations:

   • Business Transfers– we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
   • Other Users– when you share personal information (for example, by posting in the community, writing a product review, replying to another post, or otherwise interacting with public areas of the Services), such personal information may be viewed by all users of the community and may be retained within the community in perpetuity. Anonymous posts hide your display name and avatar from other users but remain linked to your account internally.

   We have not disclosed, sold, or shared any personal information to third parties for advertising or cross-context behavioural advertising purposes, and we will not sell or share personal information or Child Data in the future belonging to website visitors, Registered Users, Parent Users, or their children.

8. THIRD PARTY LINKS

   We may display links to third-party websites or applications on our Website or Mobile App for informational purposes or providing you with relevant content. We will not be responsible for such third-party websites or applications if you choose to access them. If you provide any data to such website or application, please ensure you read their policies given that you will no longer be bound by this Policy in doing so.

   We may receive data whenever you visit a third-party link through our Website or Mobile App, which includes the date and time of your visit, the web address or URL, and technical information about the IP address, browser and operating system you use and, if you are logged in, your Peanut and Me display name.

9. SECURITY OF YOUR INFORMATION

   We have implemented appropriate and reasonable industry-standard technical and organisational security measures designed to protect the security of any personal information we process by using a variety of security technologies and procedures to help protect your data from unauthorised access, use, loss, destruction, or disclosure. Sensitive data is encrypted in transit using industry-standard cryptographic techniques. Your password is your first line of defence once you set up an account; we recommend that you set a strong password which you never share with anyone, and where available, that you use multi-factor authentication on your sign-in provider.

   However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment. We shall not be responsible for any breach of security or the disclosure of personal data for reasons outside our control, such as hacking, social engineering, cyber terrorism, espionage by third parties, or any events by way of force majeure such as sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, or acts of government.

   If you use AI Features, the minimum context required to generate the feature output (such as a child’s age band, country, feeding type, and allergies) may be processed by our authorised AI provider to deliver that feature. While we apply contractual, organisational, and technical safeguards, automated systems may generate inaccurate or inappropriate outputs. AI outputs should not be treated as medical, nutritional, psychological, legal, or other professional advice and should not be used in emergencies.

10. HEALTH-RELATED DATA

    Peanut and Me is not a healthcare provider, clinic, or medical facility and does not practise medicine, nutrition counselling, or psychology. The Services provide technology and content tools only (including meal planning, baby trackers, vaccination schedule, milestone checklists, community, wellness articles, mood check-in, and AI Features as described in our Terms & Conditions).

    Data you record relating to your or your child’s feeding, sleep, diapers, allergy reactions, vaccinations, milestones, and mood is sensitive in nature and is treated with corresponding care. We do not sell this data and do not share it with unrelated third parties for advertising purposes. Where we engage service providers (for example, hosting, AI model providers, analytics), we do so under contractual obligations restricting use of the data to the performance of the Services.

    Where AI Features are used, we send the minimum context required to generate the feature output. We do not send the AI provider your name, your child’s name, your community posts, your messages, or any identifying detail. AI Features are operational tools only. They do not create a provider-patient relationship with the Platform, do not replace professional judgment, and do not transfer professional compliance obligations to the Platform.

    Subject to Applicable Law, we may retain AI interaction logs, prompts, and limited processing metadata for security monitoring, abuse prevention, debugging, auditability, and model quality evaluation. Retention periods may differ by data category, legal requirements, and risk controls.

11. CHILDREN’S PRIVACY AND PARENTAL RIGHTS

    The Services are intended for users aged 18 and above and are not directed at children. We do not knowingly collect personal data directly from a child. Where Child Data is recorded in the Services, it is provided by a Parent User who has represented and warranted that they are the parent or legal guardian of the child (or otherwise have lawful authority and required consents to record that data).

    We collect only the categories of Child Data reasonably necessary to operate the Services, provide personalisation, and comply with Applicable Law. We do not knowingly sell Child Data and do not share Child Data with unrelated third parties for advertising purposes.

    Parents and legal guardians may contact us to request access, correction, export, or deletion of their child’s personal data, subject to verification, legal retention requirements, safeguarding duties, and lawful instructions from competent authorities.

    We may suspend or terminate access to a child profile if required consents or authorisations are withdrawn, expire, or cannot be verified, or if we reasonably believe the Child Data was provided without lawful authority.

    We may retain limited Child Data records where necessary for legal compliance, incident investigation, fraud prevention, dispute handling, safeguarding, or defence of legal claims.

12. YOUR PRIVACY RIGHTS

    Your privacy rights under various laws are described below. Failure to mention any such right is unintentional and shall not be considered a breach:

    • Right to be Informed– you have a right to be informed about:
      • whether we collect and use your personal information and your child’s Child Data;
      • the categories of personal information that we collect;
      • the purposes for which the collected personal information is used;
      • the manner in which any of your personal data is collected or used;
      • whether we sell or share personal information to third parties;
      • the categories of personal information that we sold, shared, or disclosed for a business purpose;
      • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
      • the business or commercial purpose for collecting, selling, or sharing personal information;
      • the specific pieces of personal information we collected about you.
    • Right of Access– you have a right to access the personal data you have provided by requesting us to provide you with the same. Inside the app you can use Settings → Export logs to download a copy of your data.
    • Right of Rectification– you have a right to request us to amend or update your personal data if it is inaccurate or incomplete.
    • Right to Erasure– you have a right to request us to delete your personal data. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law (such as compliance with a legal obligation, or processing required to protect against illegal activities).
    • Right to Restrict– you have a right to request us to temporarily or permanently stop processing all or some of your personal data.
    • Right to Object– you have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to us processing your personal data for the purposes of direct marketing.
    • Right to Data Portability– you have a right to request us to provide you with a copy of your personal data in electronic format and you can transmit that personal data to another third-party’s product/service.
    • Right not to be subject to Automated Decision-Making – you have a right not to be subject to a decision based solely on automated decision-making, including profiling. AI Features in the Services do not make legal or similarly significant decisions about you.
    • Right to Non-Discrimination for the exercise of Privacy Rights – we will not discriminate against you if you exercise your privacy rights.

    You can make any such request for exercising your rights by contacting us through our Grievance Officer, whose details are provided at the end. We will consider and act upon any request in accordance with Applicable Law.

    Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the Applicable Law, you have the right to withdraw your consent at any time by contacting the Grievance Officer. Withdrawal will not affect the lawfulness of the processing before its withdrawal nor, when Applicable Law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

    Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails that we send, by adjusting Settings → Notifications inside the app, or by contacting the Grievance Officer. You will then be removed from the marketing lists. However, we may still communicate with you for service-related messages that are necessary for the administration and use of your account.

    Rectification or Account termination: If you would at any time like to review or change the information in your account or terminate your account, you can:

    • sign in to your account and update your profile and each baby profile, or use Settings → Profile → Delete account; or
    • contact us using the contact information provided.

    Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

    Verification Process: Upon receiving your request, we will need to verify your identity to determine that you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. Depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We will only use personal information provided in your request to verify your identity or authority to make the request and will delete any additional verification information as soon as verification is complete.

13. CONTROLS FOR DO-NOT-TRACK FEATURES

    Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Policy.

14. COMPELLED DISCLOSURE

    In addition to the purposes set out in the Policy, we may disclose any data we collected or processed from you if it is required:

    • under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena;
    • to protect our safety, your safety, or the safety of others, or in the legitimate interest of any party in the context of national security, law enforcement, litigation, criminal investigation, or to prevent death or imminent bodily harm;
    • to investigate fraud, credit risk, or violation of our Acceptable Use Policy;
    • in connection with legal proceedings brought against Digital Elpis FZ-LLC, its officers, employees, affiliates, customers, or vendors;
    • to establish, exercise, protect, defend, and enforce our legal rights;
    • when we do a business deal or negotiate a business deal, or our assets are merged or acquired by another business entity, or during restructuring of business or re-organisation, we may have to share information provided by you with the other business entities.

15. ACCESS, CORRECTION AND DELETION

    Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact the Grievance Officer.

16. UPDATES TO PRIVACY POLICY

    We may update this Policy from time to time. The updated version will be indicated by an updated “Last updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.

17. GRIEVANCE OFFICER

    NAME	Prateek Yadav
    EMAIL	admin@digitalelpis.com