Become a Partner
Momly Logo

Privacy Policy

Last Updated: February 9, 2026

1. Introduction

Tippable OÜ (trading as "Momly", "we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Service").

Data Controller: The data controller responsible for your personal data is Tippable OÜ, located at Tartu mnt 83, Tallinn, 10115, Estonia.

2. Information We Collect

We collect different types of information depending on how you interact with our Service and whether you register as a Parent or Service Provider.

A. Identity & Profile Data

  • Account Information: When you register, we collect your first name, last name, email address, and optionally your phone number and profile picture (avatar).
  • Social Login Data: If you choose to sign up via Google or Facebook, we collect your unique Social ID (`googleId` or `facebookId`) and the basic profile information (email, name) permitted by those platforms.
  • Parental Status & Children: We collect your status as a parent (`hasChildren`) and any details you voluntarily provide about your children (e.g., names, ages) to facilitate service bookings. This data is linked to your `acceptedParentalConsentAt` timestamp.

B. Provider & Verification Data

  • Verification Status: If you use the Service as a Provider, we store your `verificationStatus` (e.g., Verified, Not Verified) and role.
    Note: Actual ID documents (Passports/Drivers Licenses) are processed securely by Stripe. We do not store raw ID images in our database.

C. Technical & Usage Data

  • Activity Logs: We collect data on your bookings, favorite places (`favorites`, `poiFavorites`), comments, and support tickets.
  • Security Data: To secure your account, we process Two-Factor Authentication codes (`twoFACode`) and audit logs (`auditLogs`) of critical actions.

3. How & Why We Use Your Data

Under GDPR, we must have a legal basis for processing your data. We use your information for the following:

PurposeLegal Basis
User Registration & Authentication (including Social Login)Performance of Contract
Processing Bookings & PaymentsPerformance of Contract
Sending Marketing Emails (based on `marketingConsent`)Consent (Revocable)
Platform Security (2FA, Ban checks)Legitimate Interest
Legal Compliance (storing `acceptedTermsAt` logs)Legal Obligation

4. Video Calls and Live Sessions

Our platform facilitates video consultations between Parents and Providers.

  • No Recording: We do not record or store video or audio from these sessions on our servers. The video stream is transmitted in real-time.
  • Security: Video calls are encrypted during transmission to ensure privacy.

5. Data Storage and Third Parties

Hosting Location: Our primary servers and databases are hosted in Europe (EU/EEA) via Heroku, ensuring that your data is stored in compliance with European standards.

We share data with specific third-party processors to run our business:

  • Stripe: For payment processing, identity verification, and payouts.
  • Google/Facebook: For authentication (only if you choose Social Login).
  • Email Services: To send transactional emails (e.g., booking confirmations).

We do not sell your personal data to advertisers or third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for.

  • Active Accounts: Retained while your account is active.
  • Consent Logs: Timestamps of when you accepted our terms (`acceptedTermsAt`, `acceptedPrivacyAt`) are retained permanently as legal proof of the contract.
  • Transaction Data: Retained for 7 years as required by Estonian tax laws.

7. Your Rights

Under the GDPR, you have the right to:

  • Access & Portability: Request a copy of the personal data we hold about you.
  • Correction: Update your profile data via your account settings.
  • Deletion: Request account deletion ("Right to be Forgotten"). Note that we may retain certain audit logs or transaction records where required by law.
  • Withdraw Consent: You may toggle off `marketingConsent` in your settings at any time.

To exercise these rights, please contact us at [email protected].

8. Children's Privacy (Special Note)

We are a family-focused platform, but our user accounts are strictly for adults (18+). We do not knowingly allow children under 18 to create their own accounts (`User` profiles). Any data regarding a minor is collected strictly from the Parent/Guardian. By providing this data, you represent that you have the legal authority to do so, confirmed by the `acceptedParentalConsentAt` timestamp on your account.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Tippable OÜ
Address: Tartu mnt 83, Tallinn, 10115, Estonia
Email: [email protected]