Wobbla is a parent app. Children do not sign in, do not input text, do not take photos, and do not interact directly with the service. The only person with an account is you — the parent or legal guardian. This policy explains, plainly, what we store, what we don't, who we share with, and how you stay in control.
"Wobbla" refers to the Wobbla iOS app and the wobbla.app website, operated by the team behind wobbla.app. You can reach us at [email protected] for any privacy question or request. We respond within thirty (30) days, and usually much faster.
| What we collect | What we don't |
|---|---|
| Your email address (from Apple or Google sign-in) | Your child's photos — they stay on your device |
| Your child's first name, age, interests, and any allergies you enter | Your child's voice or any audio |
| The activities you marked as done, when, and how you rated them | Your contacts, calendar, location history, or browsing history |
| Your subscription status (via Apple and RevenueCat) | Anything advertising networks could use to target your child |
| Anonymous app usage events (e.g. "user opened weekly report") | Precise GPS coordinates — we never store them |
| Crash diagnostics, if you've consented (via Sentry) | Sensitive categories like health, religion, race, or biometrics |
Wobbla is designed for parents and legal guardians of children under thirteen (13). The Children's Online Privacy Protection Act ("COPPA") is the U.S. law that governs how online services treat children's data. We follow it strictly:
If you believe your child's information has been collected in error or without your consent, email [email protected] and we will delete it immediately.
When you sign in with Apple or Google, we receive a unique account identifier and, with your consent, your email address and display name. We store these on Supabase, our database provider, under your Wobbla account. We do not receive or store your Apple or Google password.
You enter the following about each child: a first name (you can use a nickname), date of birth (used only to compute an age, then discarded as a precise date for personalization), interests you pick from a list, allergies you pick from a list, and an optional free-text note you control entirely. None of this is required to use the app — the more you tell Wobbla, the better the suggestions, but you choose.
When you mark an activity as done, we record the activity itself, the timestamp, the optional star rating you give, and (optionally) a photo. Photos are stored only on your device — they are never uploaded to our servers, never sent to any third party, and never used to train any model.
If you subscribe, Apple processes the payment. We never see your credit card or Apple ID password. Apple sends a receipt to RevenueCat (our subscription-management provider) which informs Wobbla whether your subscription is active, what plan you're on, and when it expires.
Wobbla records a small set of anonymous events to understand how the app is used in aggregate — for example, when an activity is generated, rated, or when a weekly report is opened. These events are tied to your user ID inside our database but are never shared externally and do not include child data beyond an internal child identifier.
If you have not opted out, Wobbla may send crash reports to Sentry to help us fix bugs. Crash reports do not include child names, photos, or activity content. You can disable diagnostics from Settings → Privacy & data at any time.
If you turn on the optional "use my location" toggle, Wobbla will read your approximate location once and combine it with current weather to suggest something appropriate (e.g. a sunny-day outdoor idea). The coordinates are used in-memory for that one suggestion and are not stored, not logged, and not shared with anyone except the weather API used to fetch the local forecast.
Most activities you see in Wobbla come from a curated, hand-vetted library that ships inside the app. When the library doesn't have a good match for your situation, Wobbla asks an AI service (Anthropic's Claude, accessed via Amazon Web Services Bedrock) to suggest one. To produce a good suggestion, we send the AI:
We never send: your email, your child's photo, your child's date of birth, your precise coordinates, your subscription status, or any other personal information beyond the items above. Anthropic and AWS do not train their models on Wobbla traffic per their respective enterprise privacy commitments.
Every AI-generated activity is automatically checked by a safety filter before it reaches your screen. Suggestions involving fire, knives, chemicals, climbing, declared allergens, or activities inappropriate for the child's age are blocked.
Wobbla shares the minimum data necessary with a small set of vendors ("processors") who help operate the service. Every vendor is bound by a written agreement requiring confidentiality and security. We do not sell or rent your data to anyone, ever.
| Vendor | What they do for us |
|---|---|
| Supabase | Database hosting, authentication, file storage, edge functions |
| Anthropic (via AWS Bedrock) | Generates activity suggestions when the local library has no match |
| Amazon Web Services | Hosts the Bedrock AI gateway and creates activity-similarity embeddings |
| RevenueCat | Manages subscription status and Apple receipts |
| Apple | Sign in with Apple, App Store purchases, push notifications |
| Sign in with Google (only if you choose that option) | |
| Sentry | Crash and error diagnostics (you can opt out) |
| Cloudflare | Hosts this website and DNS for wobbla.app |
Wobbla lets you invite a co-parent to share a child's profile. When you send an invite, we generate a private link and hand it to your device's share sheet — you decide whom to send it to (iMessage, Mail, AirDrop, etc.). Wobbla itself does not deliver the email. The invited person must have or create their own Wobbla account before they can accept; the invite expires after seven days if unused. Either party can revoke the connection from the app at any time.
Wobbla can send you (the parent) a gentle weekly reminder if you turn notifications on. We never push notifications to a child's screen, never include marketing inside a notification, and never push more often than the cadence you set. You can disable notifications from iOS Settings or from inside Wobbla.
Wherever you live, Wobbla gives you the following controls. Many U.S. states (California, Colorado, Connecticut, Virginia, and others) and jurisdictions outside the U.S. (EU, UK, Canada) give you legal rights in this area; we make them work for everyone, not only those residents.
We keep your data while your account is active. When you delete your account, every database row tied to your user ID is permanently removed within 30 days. Encrypted, off-site database backups roll over within ninety (90) days, after which no copy remains. Server logs that do not contain personal data may be kept for up to a year for security purposes.
All traffic between the app and our servers is encrypted in transit using TLS. Database storage is encrypted at rest. Authentication uses Apple's and Google's OAuth flows — your password never touches our systems. Access to production data is limited to a small number of people, requires two-factor authentication, and is logged.
No system is perfectly secure. If you believe you have found a vulnerability, please email [email protected] with the subject line "Security" and we will work with you to address it.
Wobbla is operated from the United States, and our service providers operate facilities in the United States and other countries. If you access Wobbla from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions. We rely on Standard Contractual Clauses where required.
If we make material changes to this policy, we will update the "Effective date" above and, where appropriate, notify you in-app or by email before the changes take effect. We will not retroactively reduce the protections you have under the version of this policy that applied when you signed up.
Privacy questions, deletion requests, or anything that doesn't fit the categories above: [email protected].