Legal
Privacy Policy
Last updated: June 1, 2026
Marlow ("we", "our", or "us") is a daily routine app for children, operated by Bellini ApS. This policy explains what data we collect, how we use it, and your rights — including those of parents and guardians under applicable children's privacy laws (COPPA in the United States and GDPR, including its provisions protecting children's data, in the European Economic Area).
1. Who this app is for
Marlow is designed for family use. A parent or guardian creates an account and sets up profiles for their children. Children use the app under parental supervision, and any adult-facing area (settings, account, subscription management) is protected by a parent gate to prevent accidental access by a child. We do not knowingly collect personal data directly from children under 13 without verifiable parental consent. We obtain that consent through the design of the app itself: account creation, child-profile setup, and all data entry happen behind the parent gate and are performed by the parent or guardian — not the child. Because every piece of information about a child is entered by the adult behind that gate, any child information we hold is provided with the parent's direct knowledge and consent. Marlow participates in Google Play's Designed for Families program and follows its policies.
2. Data we collect
We collect the minimum necessary to run the service:
- Account identifier — typically an email address provided when the parent/guardian signs in via Sign in with Apple or Google Sign-In. Firebase Authentication issues a unique user ID we use internally; we do not store passwords.
- Child profiles — age range and, optionally, a first name, entered by the parent behind the parent gate. Providing the child's name is never required; when given, it is used only to personalise the in-app greeting. It is never used for marketing and never shared with third parties. No government ID, photograph, or sensitive personal data is required.
- Routine data — tasks, schedules, completion records, streaks, and the wake-up reminder time set by the parent. Stored locally on the device and, when signed in, synced to Firestore across devices belonging to the same parent account.
- Subscription and billing records — when a parent starts a free trial or paid subscription, we record which plan (monthly or annual), trial and renewal dates, and entitlement status. Payment card details are never seen or stored by Marlow — they are handled entirely by Apple App Store or Google Play.
- Notification preferences — the wake-up reminder time and which weekdays it fires. These are stored locally on the device and (when signed in) synced to the parent's account.
- Usage analytics — events such as screen views and feature usage, sent to Firebase Analytics tied to an anonymous installation identifier rather than personal identity. We have disabled collection of the Android Advertising ID and Android ID. Firebase Analytics is configured to comply with Google Play's Designed for Families program — no advertising identifiers are collected and there is no ad-based tracking of children.
- Crash reports — when the app crashes, Firebase Crashlytics captures device model, OS version, app version, IP address (used to derive approximate country), and stack traces. Reports do not contain routine content, child names, or account credentials.
3. How we use your data
- To provide, operate, and improve the Marlow service.
- To sync data across devices belonging to the same family account.
- To grant, renew, and verify subscription access (trial, monthly, annual).
- To diagnose and fix technical issues.
- To understand which features are most useful (aggregate analytics only).
We do not sell, rent, or share personal data with third parties for advertising purposes. We do not show ads inside Marlow.
Legal basis for processing (EU/EEA). Under GDPR, we rely on these lawful bases:
- Performance of a contract — to provide the service the parent signed up for: account, routine, sync, and subscription data.
- Consent — for analytics and crash reporting.
- Legitimate interests and legal obligation — to keep billing records for as long as tax and accounting law requires.
4. Third-party services
Marlow relies on the following processors, each governed by its own privacy policy and a Data Processing Agreement (where applicable) between us and the provider:
- Google Firebase (Google LLC) — Authentication, Firestore database, Analytics, and Crashlytics. See Google's Privacy Policy and the Firebase Data Processing Terms.
- Sign in with Apple (Apple Inc.) — Used to authenticate parents/guardians on iOS. Apple shares the user's name (if the user permits) and an email address (real or Apple's private relay) with us. See Apple's Privacy Policy.
- Google Sign-In (Google LLC) — Used to authenticate parents/guardians on Android. Google shares the user's email, basic profile (name, profile picture URL), and a unique Google account identifier with us. See Google's Privacy Policy.
- RevenueCat (RevenueCat, Inc.) — Manages subscription entitlements and verifies purchases. We send RevenueCat the Firebase user ID (for signed-in users) and the device's country, language, OS, and app version. RevenueCat receives subscription receipts from Apple and Google. See RevenueCat's Privacy Policy.
- Apple App Store (Apple Inc.) — Processes all in-app purchases on iOS. Apple receives the parent's Apple ID, payment method, and purchase history. Apple's handling of this data is governed by Apple's privacy policy linked above.
- Google Play (Google LLC) — Processes all in-app purchases on Android. Google receives the parent's Google account, payment method, and purchase history. Governed by Google's privacy policy linked above.
No other third parties have access to your personal data.
5. Data retention and location
Account and profile data is retained for as long as your account is active. Subscription and billing records are retained for the lifetime of the subscription plus any period required by tax and accounting law (typically 5–7 years for invoice metadata, with personal identifiers minimised where possible).
Personal data stored in Firestore is hosted in Google Cloud datacenters in the European Union (eur3, multi-region). Subscription data is stored by RevenueCat in the United States. Payment processing happens in the country of your App Store / Google Play account. Data may transit through other regions during normal cloud operations.
To delete your account and all associated personal data, email support@bellini.app from the address on the account. We will confirm the request and permanently remove all data within 30 days, except where retention is required by law.
6. Parental rights (COPPA & GDPR)
As the parent or guardian, you have the right to:
- Review the personal information we hold about your child.
- Request correction or deletion of that information.
- Withdraw consent at any time by deleting the account.
- Object to or restrict certain processing activities.
To exercise any of these rights, contact us at support@bellini.app.
7. Security
Data is transmitted over HTTPS and stored in Firebase with access controlled by security rules. Passwords are never stored in plain text. We apply reasonable technical and organisational measures to protect your data, though no system is perfectly secure.
8. Changes to this policy
We may update this policy as the app evolves. Significant changes will be communicated via an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.
9. Contact
Questions or requests regarding this policy can be sent to:
support@bellini.app