Legal document

Privacy Policy

How we collect, use, and protect your information when you visit Baby Steps Daily or use the paid subscription.

Last updated: May 26, 2026 Effective: May 26, 2026 Version 3.0
Public offer Payment info Refund Delivery info Privacy Terms of service Cookie policy Disclaimer

This Privacy Policy describes how Baby Steps Daily (the “Seller”, “we”, “us”) collects, uses, and protects information about visitors of the website at https://blog.babystepsdaily.com and subscribers of the paid Baby Steps Daily digital subscription.

We process personal data in accordance with applicable data-protection legislation, including the laws of Ukraine and, where applicable, the GDPR. If you have questions after reading this Policy, please contact us.

1. Data controller

The data controller is FOP Boiko Alina Volodymyrivna (ФОП Бойко Аліна Володимирівна).

  • Full name: {{FOP_FULL_NAME}} (TODO: real full name)
  • Tax ID (РНОКПП): {{FOP_TAX_ID}} (TODO: real tax ID)
  • Legal address: {{LEGAL_ADDRESS}} (TODO: real legal address)
  • Privacy contact email: {{SUPPORT_EMAIL}} (TODO: real privacy email)

2. Categories of personal data we collect

2.1. Visitor data

  • Technical data: device type, browser, approximate location (country/region), referrer, pages visited.
  • Analytics events and aggregated usage data.
  • Newsletter email address (if you subscribe).
  • Contact form data (name, email, message).

2.2. Account / subscriber data

  • Email address used to subscribe.
  • Name, if provided.
  • Parent / account-holder profile data.
  • Subscription status, plan, billing period, trial state.
  • Email engagement data (deliveries, opens, bounces, complaints), where tracked.
  • Support requests and related correspondence.

2.3. Child profile data

For the paid Service, the parent or legal guardian may provide a child profile in order to personalize the daily content. This data is provided by the parent or legal guardian, not by the child, and may include:

  • child’s name (or nickname);
  • date of birth;
  • age;
  • sex (if provided and only when this affects content personalization);
  • optional focus areas (sleep, motor skills, speech, etc.).

The Service does not collect any personal data directly from children. All child-related data is voluntarily provided by the parent or legal guardian, who confirms during sign-up that they have the legal authority to provide such data. The data is used exclusively to personalize the daily child-development recommendations for that subscription.

2.4. Payment data

  • Payment provider transaction ID.
  • Order ID and order line items.
  • Payment status (initiated, success, failure, refund).
  • Payment method type (Visa, Mastercard, etc.) and the masked card number (for example “4149 ** ** 1234”).
  • Billing history (amounts, dates, currency – UAH).

We do not store the full payment card number, the CVV/CVC code, or the full card expiry date. Card data is handled by the payment provider (see Section 5).

3. Purposes and legal basis of processing

  • Service provision (performance of the contract): to deliver daily content, manage the subscription, process payments, send transactional emails.
  • Customer support (legitimate interest / performance of the contract): to respond to questions and complaints.
  • Billing and accounting (legal obligation): to comply with tax and accounting rules.
  • Analytics and improvement (legitimate interest): to understand which content is useful and to improve the Service.
  • Marketing communications (consent): to send the newsletter, if you opted in.
  • Fraud prevention (legitimate interest / legal obligation): to detect abuse and prevent chargeback fraud.

4. Cookies and similar technologies

We use a small set of cookies and similar technologies for site functionality and aggregate analytics, as described in our Cookie Policy. We do not use cookies for behavioural advertising and we do not sell cookie data.

5. Payment processors

Payments are processed by:

  • LiqPay (operated by JSC CB “PrivatBank”, Ukraine).
  • WayForPay (operated by Wayforpay LLC, Ukraine).

The website does not store full payment card details. When you make a payment, you are redirected to the payment provider’s secure page and your card data is processed by that provider in accordance with PCI DSS standards. Each provider acts as an independent controller of the card data it collects and is bound by its own privacy notice.

6. Other third parties

  • Email delivery (Amazon SES) — to send transactional and content emails.
  • Web analytics (Google Analytics 4) — for anonymized usage statistics.
  • Hosting infrastructure — to operate the website and store the database.

These processors act under contractual obligations and process personal data only on our documented instructions.

7. Data retention

  • Subscriber account and child profile data: retained while the subscription is active and for up to 24 months after cancellation, unless a longer retention period is required by law (for example, for accounting records).
  • Payment / billing records: retained for the period required by tax and accounting legislation (typically 3 years).
  • Support correspondence: retained for up to 24 months.
  • Newsletter subscriber data: retained until unsubscribed.
  • Analytics data: aggregated; not used to identify individuals.

8. Your rights

You have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your account and your subscription data;
  • request deletion of any child profile data you provided as a parent or legal guardian;
  • object to certain processing or withdraw consent at any time;
  • receive your data in a portable format (where applicable);
  • lodge a complaint with the competent data-protection authority.

To exercise these rights, write to {{SUPPORT_EMAIL}}. We respond to verified requests within 30 days.

Deleting child profile data

Parents can delete child data at any time

If you provided a child profile, you can request its deletion at any time by writing to {{SUPPORT_EMAIL}}. We will delete the profile and stop personalized content delivery within 30 days, unless we are required to retain certain records for accounting or legal reasons.

9. Security

We implement reasonable technical and organizational measures to protect the personal data we process, including SSL/TLS encryption in transit, access controls, and regular backups. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

10. Children

The Baby Steps Daily service is intended for adult parents and legal guardians of children up to school age. The Service does not knowingly collect personal data directly from children. Any data about a child is provided by the parent or legal guardian for the purpose of personalizing recommendations for that family’s use. If you believe a child has provided us data directly, please contact us so we can remove it.

11. International transfers

Some of our service providers (for example, analytics or email delivery) may process data outside Ukraine and the EEA. Where this is the case, we rely on appropriate safeguards required by applicable law.

12. Changes to this policy

We may update this Privacy Policy from time to time. Significant changes will be reflected in the “Last updated” date at the top of this page. Continued use of the website or the Service after changes are posted indicates acceptance.

13. Contact us