PRIVACY POLICY
Baby FM Application
Effective Date: April 7, 2026
Applicable in: European Union | United States | United Arab Emirates | Republic of Serbia
I. WHO WE ARE
Baby FM is an application designed for parents and caregivers to monitor their children’s pediatric health. It integrates therapy tracking, temperature monitoring, medication reminders, and health reports for pediatricians.
“Baby FM” is the exclusive property of BABY FM DOO, registered in the Republic of Serbia, Veljka Dugosevica 54, Belgrade. PIB: 112487122, MB: 21685119. Registered with the Business Registers Agency of the Republic of Serbia.
Baby FM DOO is the data controller and processor responsible for your personal data. Contact: info@babyfm.rs
II. DATA WE COLLECT
We collect the following categories of personal data:
Account Information
• Full name and email address
• Phone number
• Password (stored in encrypted form)
Child Health Data (Sensitive)
To provide health monitoring features, we collect and store data about the child, including:
• Body temperature measurements and trends
• Therapy schedules and medication reminders
• Special events (baths, feedings, doctor visits)
• Health reports for pediatricians
This is sensitive health data and is processed only with your explicit consent and for the purpose of providing the service.
Device and Usage Information
• Device type, model, and operating system
• IP address
• App usage patterns and interaction data
• Crash reports and performance data
Push Notifications
With your permission, we collect your device push notification token to send medication reminders, temperature alerts, and health notifications. You may disable this at any time in your device settings.
III. PURPOSE OF PROCESSING AND LEGAL BASIS
We process your data for the following purposes:
• Provide and maintain the application and its health monitoring features
• Send health alerts, therapy reminders, and push notifications
• Generate health reports for pediatricians (with your consent)
• Improve application features and user experience
• Provide customer support
• Comply with legal obligations
Legal bases (GDPR Art. 6 & 9): (1) Performance of contract; (2) Explicit consent for sensitive health data (Art. 9(2)(a)); (3) Legitimate interest; (4) Legal obligation.
IV. JURISDICTION-SPECIFIC RIGHTS AND OBLIGATIONS
European Union — GDPR
If you are located in the EU/EEA, the General Data Protection Regulation (GDPR) applies. You have the following rights:
• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / right to be forgotten (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
To exercise these rights, contact: info@babyfm.rs
Supervisory Authority: Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia, Bulevar Kralja Aleksandra 15, 11000 Belgrade. Email: office@poverenik.rs, Tel: +381 11 3408 900.
United States — CalOPPA / CCPA / COPPA
If you are located in the United States, the following additional provisions apply:
California Residents (CCPA):
• You have the right to know what personal information is collected, used, shared, or sold.
• You have the right to request deletion of your personal information.
• You have the right to opt out of the sale of personal information. We do not sell personal information.
• You have the right to non-discrimination for exercising your CCPA rights.
• To submit a verifiable consumer request, contact: info@babyfm.rs
COPPA (Children’s Online Privacy Protection Act):
Baby FM is intended for use by parents and caregivers, not directly by children. We do not knowingly collect personal information directly from children under the age of 13. If we become aware that a child under 13 has provided personal information without parental consent, we will delete such data immediately. Parents may contact us at info@babyfm.rs to review, delete, or refuse further collection of their child’s information.
CalOPPA:
In accordance with the California Online Privacy Protection Act, we will not distribute your personal information to outside parties without your consent. Users may visit our app anonymously where applicable. We will notify users of any changes to this Privacy Policy by updating this document and the effective date.
United Arab Emirates — PDPL (Federal Decree-Law No. 45/2021)
If you are located in the UAE, the Personal Data Protection Law (PDPL) applies. The following provisions apply:
• We process your personal data based on your consent or as required for the performance of a contract.
• You have the right to access, correct, and request deletion of your personal data.
• You have the right to withdraw consent at any time.
• We will not transfer your personal data outside the UAE without ensuring adequate protection measures are in place.
• Sensitive personal data (including health data) is processed only with your explicit consent.
For UAE-related data inquiries, contact: info@babyfm.rs
V. HOW INFORMATION IS SHARED
We do not sell your personal data. We may share data only in the following limited circumstances:
• With Your Consent: For example, when sharing a health report with a pediatrician.
• Service Providers: Cloud hosting and infrastructure providers bound by data processing agreements and confidentiality obligations.
• Legal Requirements: When required by applicable law, court order, or to protect user safety.
• Business Transfer: In the event of a merger or acquisition, users will be notified before data is transferred.
VI. DATA STORAGE AND RETENTION
Your data is stored on secure cloud servers located in the EU. We retain your personal data for as long as your account is active or as needed to provide the service. Upon account deletion, data is removed within 90 days, except where retention is required by applicable law.
VII. INFORMATION SECURITY
We implement industry-standard security measures including:
• SSL/TLS 1.2+ encryption for all data in transit
• Encrypted storage for sensitive health data
• Role-based access controls
• Regular security audits and vulnerability monitoring
• Employee training on data protection best practices
No method of transmission over the internet is 100% secure. If you have security concerns, contact: info@babyfm.rs
VIII. INTERNATIONAL DATA TRANSFERS
Baby FM operates primarily within the EU. Where data is transferred internationally (including to the US or UAE), we ensure appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Compliance with UAE PDPL transfer restrictions
IX. CHILDREN’S PRIVACY
Baby FM is designed to be used by parents and caregivers to monitor their children’s health. Accounts are created and managed by adults. We do not knowingly collect personal data directly from children under 13 (US) or under 18 (EU/UAE/Serbia). If you believe a minor has provided data without appropriate consent, contact us immediately at info@babyfm.rs and we will delete such data promptly.
X. ANALYTICS
We may use third-party analytics tools to understand how users interact with the application. These tools may collect anonymized usage data. You may opt out of analytics data collection through the application settings.
XI. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. Material changes will be communicated by:
• In-app notification
• Email notification
• Updated effective date at the top of this document
Continued use of the application after changes constitutes acceptance of the updated Policy.
XII. CONTACT AND DATA PROTECTION OFFICER
For any privacy-related questions or to exercise your rights:
• General inquiries: info@babyfm.rs
• App support: app@babyfm.rs
• Address: Baby FM DOO, Veljka Dugosevica 54, 11000 Belgrade, Serbia
• Website: www.babyfm.rs
We aim to respond to all privacy requests within 30 days.