Privacy policy

Last reviewed: 2026-04-28. This notice covers the Pregnancy- Safe Scanner mobile app and this website.

1. Who we are

The data controller under GDPR is:

Provider

drylabs GmbH
Straße der Jugend 18, 14974 Ludwigsfelde, Germany
Represented by Mithat Arda (Managing Director)
Local court Potsdam, HRB 247749
Full imprint.

Data Protection Officer

To be appointed — contact details in the imprint

Contact

privacy@pregnancylens.com

2. What we deliberately don't do

Before we list what we do, three things we deliberately don't:

• We don't sell health data. Not even anonymised.
• We don't show advertising in the app. Not in the future either.
• You don't need an account to use the app. Anonymous is the default.

3. What data we process — and why

The following table lists every data category, the legal basis, and the retention period:

Anonymous device hash (rotates every 30 days)

So we can prevent any single source from overloading the service (rate limiting). Legal basis: legitimate interest, Art. 6(1)(f) GDPR. Retention: 30 days.

Life stage (pregnancy / breastfeeding / trying to conceive)

So the app can show you the right verdict. Special category under Art. 9 GDPR. Legal basis: your explicit consent, Art. 9(2)(a) GDPR. Retention: until you withdraw consent or delete your account.

Trimester week bucket (not an exact due date)

So trimester-specific guidance is possible. We store the pregnancy week as a range, never the exact due date. Legal basis: your explicit consent. Retention: until withdrawal or account deletion.

Scan history (barcodes / OCR captures)

So we can show you "we updated our verdict since your last scan" notices. Legal basis: legitimate interest (app function), or consent for authenticated users. Anonymous use: 90 days as a hash. Authenticated use: until account deletion.

Email address (authenticated users only)

So you can sign in on additional devices and receive service messages. Legal basis: contract, Art. 6(1)(b) GDPR. Retention: until account deletion.

Crash reports (pseudonymised)

So we can fix crashes. Legal basis: legitimate interest. Provider: Sentry (EU region). Retention: 90 days.

Product analytics (pseudonymised, opt-in)

So we understand which features are used. Legal basis: your consent. Provider: PostHog on our own servers in Frankfurt. Retention: 90 days.

Subscription status (premium)

So premium features can be unlocked. Legal basis: contract. Provider: RevenueCat (planned for v1.1). Retention: until 30 days after cancellation.

4. Five separate consents

We split consent into five individual toggles you can independently turn on or off at any time:

1. Pregnancy lens — processes life stage + trimester
2. Breastfeeding lens — processes life stage
3. Marketing communications — newsletter, app updates
4. Anonymous product analytics — PostHog events
5. Brand-partnership data sharing — stays off until you explicitly enable it

There is no pre-checked toggle and no "Accept all" button bundling multiple categories.

5. EU residency in code, not as a setting

Our databases (Cloudflare D1), object storage (Cloudflare R2), caches (Cloudflare KV), and queues (Cloudflare Queues) are configured at the code level to run only in European data centres. Sentry runs in the EU region; PostHog runs on our own servers at Hetzner Frankfurt; Resend (transactional email) runs in the EU.

Three data processors in the US are unavoidable: PagerDuty (incident paging — no end-user data), GitHub (source-code hosting — no personal data), Apple App Store + Google Play (app distribution). For each, the EU Standard Contractual Clauses (SCCs) apply. Details in our transfer register.

6. Recipients of your data

Your data is shared only with the following recipients:

• Cloudflare — hosting, EU jurisdiction (processor)
• Sentry — error telemetry, EU region (processor, opt-in for analytics)
• PostHog — product analytics, our own server in Frankfurt (processor, opt-in)
• Resend — transactional email (e.g. service notifications, EU region)
• RevenueCat — subscription management, US with SCCs (planned for v1.1)
• Apple / Google — app store receipts, US with SCCs

We don't sell or rent your data. It is not shared with ad networks, data brokers, or insurance companies.

7. Your rights

Under GDPR you have the right at any time to:

• Access (Art. 15) — App → Settings → "Export my data". You receive a JSON file containing your vault, scan history, deletion records, and audit-log entries you were the actor of.
• Rectification (Art. 16) — correct life stage, trimester, or email in Settings.
• Erasure (Art. 17) — App → Settings → "Delete my account". We erase across all systems (D1, R2, RevenueCat, Sentry, PostHog, CMS) within 72 hours and record the operation in an immutable audit chain. You can track progress under Settings → "Deletion status".
• Restriction (Art. 18) — write to privacy@pregnancylens.com
• Data portability (Art. 20) — the "Export my data" download is machine-readable (JSON).
• Objection (Art. 21) — turn individual consents off at any time.
• Complaint to a supervisory authority (Art. 77) — see section 9.

8. Data minimisation

We collect the minimum necessary for the app to work. Concretely: no birth date (only trimester-week bucket), no location data, no device IDs beyond rate-limiting pseudonymisation, no contact list, no calendar.

9. Supervisory authority

You have the right to file a complaint with a data-protection supervisory authority at any time — typically at your place of residence or at our place of business. The supervisory authority competent for our establishment is listed in the imprint once the appointment process is complete.

10. Changes to this notice

We update this notice quarterly or on any material change to our data flows. Earlier versions are visible in our public version history. Material changes are announced in the app and by email (if you've provided one) at least 14 days in advance.