Privacy Policy

Effective date: April 26, 2026 · Last updated: April 26, 2026

This Privacy Policy explains how villie ("villie," "we," "us") collects, uses, shares, and protects information when you use our mobile application (the "Service"). villie is operated by villie, a sole proprietorship located at 2800 SW 27th Terrace, Miami, FL 33133. You can reach our privacy contact at felitrujillo95@hotmail.com.

Plain-English summary. We collect what you give us (account info, pregnancy stage, baby DOB, messages you post in support rooms) plus the minimum needed to operate the app (device push tokens, crash logs scrubbed of personal data, location only when you grant permission). We use it to run the Service and connect you with people, content, and resources. We do not sell your personal information. We do not share your data for third-party advertising. SMS opt-in is per category and you can opt out at any time.

1. Who we are

villie is a maternal-health mobile application for expecting and postpartum families. The Service is operated from the United States. We are not a HIPAA-covered entity, business associate, or healthcare provider; the Service does not provide medical advice, diagnosis, or treatment. See our Terms of Service.

2. Information we collect

Information you provide directly

Account information: email address, password (stored as a salted hash by our authentication provider), full name, optional phone number, preferred language (English or Spanish).
Profile information: pregnancy stage (trying-to-conceive, first/second/third trimester, or postpartum), due date, ZIP code, insurance provider name, search-radius preference, and notification preferences.
Baby profile information: baby's first name, date of birth, gender (optional), feeding method, preemie status, and adjusted-age offset where applicable.
Health-adjacent information: daily mood and energy check-in scores (1–5 scale), free-text journaling responses to daily prompts, observed milestones, and content you post in private support rooms.
Marketplace activity: milk-donor listings, milk-purchase transactions, gear listings, gear-thread messages, gear reports, and disputes you initiate.
Reviews and ratings you leave for specialists or milk donors, which may be visible to other users.
Saved items: favorited specialists, saved donors, saved gear listings, claimed perks.
Photos: profile avatar and gear-listing photos you upload (stored in our content-delivery system).
Communications: direct messages between you and specialists, milk donors/recipients, and gear buyers/sellers; community-room messages.

Information we collect automatically

Device information: push-notification tokens for delivery to your device, OneSignal device identifier, operating system, app version.
Usage and analytics: non-identifying event logs ("user opened screen X," "user submitted check-in") that help us improve the app. Compliance-relevant events (gear CPSC recall checks, milk legal acknowledgments) are persisted with your user identifier as part of the audit trail required by U.S. consumer-product safety law.
Crash and performance data: error reports via Sentry. We strip email and username from crash payloads and tag only by your user identifier.
Location: only when you grant location permission to the app. We use coarse location to compute distance to nearby specialists, milk donors, gear listings, and events. We do not store continuous location history.

Information we receive from third parties

Specialist verification: we query the U.S. National Provider Identifier Registry to verify specialist credentials.
Product safety: we query the U.S. Consumer Product Safety Commission's SaferProducts.gov database to check gear listings against active recalls.
Booking partners: when you book through Calendly, we receive appointment confirmations.
Payment partners: when payments become available in the Service, our payment processor (Stripe) may share confirmation status. Card numbers and bank details never reach our servers.

3. How we use your information

To operate and provide the Service, including matching, search, and content personalization.
To deliver SMS messages, push notifications, and in-app messages you have opted into (see SMS Communications below).
To power AI assistance: Villie (our in-app companion), content moderation, daily check-in replies, weekly room digests, and milestone explainers. AI inputs and outputs are processed by Anthropic; see Service Providers.
To detect and respond to safety concerns. Our AI scans support-room messages for crisis indicators (suicidal ideation, postpartum depression red flags, abuse). When detected, we route the user to crisis resources (988, Crisis Text Line, Postpartum Support International) and notify trained room moderators.
To enforce U.S. Consumer Product Safety Commission recalls on gear listings (CPSIA §19) and to remove or block recalled items from sale.
To prevent fraud, abuse, and violations of our Terms of Service.
To comply with legal obligations, respond to lawful requests, and enforce our rights.
To communicate operational notices (security alerts, terms changes, account status). Operational notices are not subject to opt-out.

4. SMS communications

villie sends SMS messages only to phone numbers users provide and only after the user opts in to a specific category. SMS is delivered through Twilio.

Opt-in: opt-in is per category, accessed in the app under Me → Notification Preferences. Categories include appointment reminders (specialists), support-room digests (groups), milk-match notifications (milk hub), AI replies (ai), articles (articles), events (events), and promotions (promotions, off by default).
Opt-out: reply STOP to any SMS to opt out of all messaging from us. You can also disable individual categories in Notification Preferences. Opt-out is honored within one message cycle.
HELP: reply HELP to any SMS to receive contact information for support.
Message frequency: varies by user activity. Most users receive fewer than 10 messages per week.
Carrier rates: message and data rates from your wireless carrier may apply. villie does not charge for SMS.
No sale or sharing: we do not sell your phone number. We do not share it with third parties for their marketing purposes. SMS opt-in data and consent records are not shared with third parties or affiliates for any purpose, including marketing.
Quiet hours: if you enable quiet hours in Notification Preferences, we suppress non-emergency SMS during your specified window.
Crisis exception: if our AI detects a safety crisis in a support-room message, we may notify room moderators by SMS regardless of category preferences. We do not bypass quiet hours or opt-outs for any other reason.

5. Service providers we share information with

We share the minimum necessary information with vendors that help us operate the Service. Each is bound by contract to handle data only on our instructions and to maintain appropriate safeguards.

Provider	Purpose	Data category
Supabase	Database, authentication, file storage	All account, profile, marketplace, and content data
Anthropic	AI processing (Claude models)	Message content, profile context for AI features. Not used to train Anthropic models.
Twilio	SMS delivery	Phone number, message body
OneSignal	Push-notification delivery	Device push token, OneSignal device ID, segmentation tags (pregnancy stage, language, notification preferences)
Sentry	Crash and error reporting	User identifier (no email or username), stack trace, device metadata
Stripe (when active)	Payments, marketplace payouts	Email, name, last four of payment method. Card data never reaches our servers.
Calendly	Specialist booking integration	Email, appointment metadata
Shippo	Shipping labels for milk shipments	Sender and recipient address, package metadata
Google Maps	Map rendering, place lookup	Coarse location (when permission granted)
Apple Maps	Driving directions when you tap "Open in Maps"	Destination address only, opened in native app

6. Data sharing within the Service

Other users: profile name, avatar, pregnancy stage, and reviews you leave are visible to other users in the contexts where you've chosen to participate (specialist directory, milk marketplace, gear marketplace, support rooms).
Anonymous mode: support rooms support anonymous mode. When enabled, your messages display under a generated alias rather than your name. Your real identity is never visible to other users in anonymous-mode rooms; we retain the underlying linkage only to enforce community standards and respond to safety concerns.
Specialists, donors, sellers: when you initiate a booking, milk transaction, or gear thread, we share your name, contact preferences, and any address or order details required to complete the interaction.

7. Selling and "sharing" personal information

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act. We do not engage in targeted advertising.

8. Data retention

Account data: retained while your account is active. If you delete your account, your profile and content are soft-deleted for 30 days (during which the deletion can be reversed by contacting us), then permanently removed.
Compliance-mandated records: certain records are retained as required by U.S. law and cannot be deleted on request. These include milk-marketplace transaction records, gear-listing CPSC recall enforcement events, and analytics events tied to consumer-product-safety audit obligations. We anonymize or de-identify these records on account deletion where the legal requirement permits.
SMS records: Twilio retains SMS delivery logs for up to 90 days under their default retention. We retain consent and opt-out records for as long as your account is active plus seven years, as required by U.S. messaging compliance.
Backups: automated backups may persist for up to 35 days after deletion before they are overwritten.

9. Your rights

Subject to applicable law, you have the following rights:

Access: request a copy of the personal information we hold about you.
Correction: update inaccurate information through the app or by contacting us.
Deletion: delete your account through the app (when this feature ships) or by contacting us. Compliance-retained records will be anonymized rather than removed where law requires retention.
Opt-out of marketing: disable promotional SMS, push, and email through Notification Preferences or by replying STOP to any promotional SMS. Operational and safety messages are not subject to opt-out.
Portability: receive your information in a machine-readable format on request.
Non-discrimination: we will not deny service, charge a different price, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, email felitrujillo95@hotmail.com. We may need to verify your identity before fulfilling your request. We respond within 30 days (45 days where law permits an extension).

10. Children's privacy

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided personal information to us, contact felitrujillo95@hotmail.com and we will delete the account.

The Service collects information about babies and children that our adult users provide about their own families (date of birth, feeding method, milestones). This information is treated as the parent's information for purposes of this Policy and the parent controls access, correction, and deletion. The Service does not allow children to create accounts.

11. Health-adjacent information

The Service collects information that relates to pregnancy, postpartum health, infant feeding, mental wellbeing, and family planning. This information is sensitive. We treat it under HIPAA-aligned controls even though we are not a HIPAA-covered entity:

Row-level security on every database table, enforced at the database layer rather than the application layer.
Encryption in transit (TLS 1.2 or higher) and at rest.
Minimum-necessary access by our personnel.
No sale, sharing, or use for advertising purposes.

If a U.S. state where you reside provides a private right of action over reproductive-health data (such as a "shield law"), we honor those protections regardless of where villie is operated.

12. Security

We use commercially reasonable safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you and applicable authorities within the timelines required by law.

13. International users

The Service is operated from the United States. If you access the Service from outside the United States, you consent to transfer of your information to the United States, where data-protection law may differ from your jurisdiction.

14. Changes to this policy

We may update this Privacy Policy. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated through the app or by email. Your continued use of the Service after a change indicates acceptance of the updated Policy.

15. Contact

Privacy questions, rights requests, and incident reports: felitrujillo95@hotmail.com

Mailing address: 2800 SW 27th Terrace, Miami, FL 33133