Legal

Privacy Policy

Last updated: June 1, 2026

Marlow ("we", "our", or "us") is a daily routine app for children, operated by Bellini ApS. This policy explains what data we collect, how we use it, and your rights — including those of parents and guardians under applicable children's privacy laws (COPPA in the United States and GDPR, including its provisions protecting children's data, in the European Economic Area).

1. Who this app is for

Marlow is designed for family use. A parent or guardian creates an account and sets up profiles for their children. Children use the app under parental supervision, and any adult-facing area (settings, account, subscription management) is protected by a parent gate to prevent accidental access by a child. We do not knowingly collect personal data directly from children under 13 without verifiable parental consent. We obtain that consent through the design of the app itself: account creation, child-profile setup, and all data entry happen behind the parent gate and are performed by the parent or guardian — not the child. Because every piece of information about a child is entered by the adult behind that gate, any child information we hold is provided with the parent's direct knowledge and consent. Marlow participates in Google Play's Designed for Families program and follows its policies.

2. Data we collect

We collect the minimum necessary to run the service:

3. How we use your data

We do not sell, rent, or share personal data with third parties for advertising purposes. We do not show ads inside Marlow.

Legal basis for processing (EU/EEA). Under GDPR, we rely on these lawful bases:

4. Third-party services

Marlow relies on the following processors, each governed by its own privacy policy and a Data Processing Agreement (where applicable) between us and the provider:

No other third parties have access to your personal data.

5. Data retention and location

Account and profile data is retained for as long as your account is active. Subscription and billing records are retained for the lifetime of the subscription plus any period required by tax and accounting law (typically 5–7 years for invoice metadata, with personal identifiers minimised where possible).

Personal data stored in Firestore is hosted in Google Cloud datacenters in the European Union (eur3, multi-region). Subscription data is stored by RevenueCat in the United States. Payment processing happens in the country of your App Store / Google Play account. Data may transit through other regions during normal cloud operations.

To delete your account and all associated personal data, email support@bellini.app from the address on the account. We will confirm the request and permanently remove all data within 30 days, except where retention is required by law.

6. Parental rights (COPPA & GDPR)

As the parent or guardian, you have the right to:

To exercise any of these rights, contact us at support@bellini.app.

7. Security

Data is transmitted over HTTPS and stored in Firebase with access controlled by security rules. Passwords are never stored in plain text. We apply reasonable technical and organisational measures to protect your data, though no system is perfectly secure.

8. Changes to this policy

We may update this policy as the app evolves. Significant changes will be communicated via an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions or requests regarding this policy can be sent to:
support@bellini.app