Privacy Policy
Effective May 18, 2026
Momento is built on a simple belief: the things you write for your children are yours, and theirs. This policy explains what we collect, how we protect it, and what rights you have over your data.
What we collect
When you create an account and use Momento, we collect:
- Account information — your email address, display name, and password (stored as a salted hash; we never see it in plain text).
- Child profiles — your child's name, date of birth, gender preference, vault unlock age, and optional profile photo.
- Journal entries — the text, voice memos, and photos you write or attach to entries. These are the core of the product and are treated with extra care.
- Reminder settings — your notification frequency, day, and time preferences.
- Device tokens — an Expo push token associated with your device, used solely to deliver writing reminders you've opted into.
- Usage metadata — timestamps, streak counts, and similar lightweight signals used to power in-app features.
We do not collect advertising identifiers, sell your data to third parties, or use your entries to train AI models.
How it's stored
All data is stored in a Supabase-hosted Postgres database, with row-level security policies that enforce access at the database layer. This means even a bug in our application code cannot accidentally expose one user's data to another. Photos and voice memos are stored in Supabase Storage with expiring signed URLs.
Data is encrypted at rest and in transit. We rely on Supabase's infrastructure, which runs on AWS and is SOC 2 Type II certified.
Co-parent access
If you invite a co-parent, they gain read access to the shared child's journal entries, prompts, and streak information. Co-parents cannot delete entries, change vault settings, or remove other co-parents. You can revoke co-parent access at any time from the child profile screen. Private entries (entries you mark as private) are never visible to co-parents.
Push notifications
Writing reminders are delivered via Expo's push notification service. Your device token is stored only long enough to send notifications you've requested. You can disable reminders at any time in Settings, and your device token will not be used for any other purpose.
Payments
In-app purchases and subscription management are handled by RevenueCat. We do not store credit card numbers or payment details. RevenueCat's privacy policy governs the handling of payment data.
Data retention
Your data is retained for as long as your account is active. If you delete your account, your entries, child profiles, and personal information are permanently deleted within 30 days. Backups may retain deleted data for up to an additional 90 days before they cycle out.
Vault entries with a future unlock date are preserved for the full duration until that date, even if the writing parent's account is otherwise inactive — so your letters are never lost.
Your rights
You have the right to:
- Access a copy of all data we hold about you.
- Correct inaccurate information in your profile.
- Delete your account and all associated data.
- Export your journal entries in plain text format.
- Withdraw consent for push notifications at any time.
To exercise any of these rights, email us at privacy@momentoapp.com. We'll respond within 30 days.
Children's privacy
Momento is designed for parents, not children. We do not knowingly collect personal information directly from anyone under 13. The child profiles in the app represent the subject of your writing, not an account holder. If you believe a child has created an account directly, contact us and we will delete it promptly.
Changes to this policy
If we make material changes, we'll notify you by email and update the effective date above. Continued use of the app after notice constitutes acceptance of the revised policy.
Contact
Questions or concerns? Reach us at privacy@momentoapp.com.