Privacy Policy

1. Introduction & who we are

This Privacy Policy explains how PerfectDay Technologies Ltd (“Hubbly”, “we”, “us” or “our”) handles personal data when you use the Hubbly mobile app and visit our website at gethubbly.app.

Hubbly is a cosy command centre for your family’s day: routines and chores, a shared calendar, meal planning, lists, a trip planner, sticky notes, timers, weather, medication reminders and a star-based reward system. It is designed to run on a kitchen tablet and on family members’ phones.

PerfectDay Technologies Ltd is the data controller for the personal data described in this policy. We are a company registered in England & Wales (company number 16952922), with a registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

This policy covers both the Hubbly app and the Hubbly website. Where the app links out to a third party (for example an app store or a website you save to your wishlist), that third party’s own privacy policy applies.

2. What data we collect

Almost everything you put into Hubbly is content you and your family choose to enter. Hubbly keeps it on your device so the app works offline, and syncs it to your family’s private space in our cloud database so it stays consistent across your family’s devices. The categories below describe what the app handles.

Family and household content

• Family members: names, emoji, colours, and whether a member is a parent or a pet.
• Tasks, routines and rewards: task and routine definitions, daily completions, star balances, streaks, the reward shop, and star investments.
• Calendar: events (title, date, time, members, category, repeat rules, reminders, travel buffers), birthdays, and any calendars you import by file or live URL subscription.
• Meals: your weekly meal plan and meal templates (names, ingredients, methods).
• Lists: shopping lists, to-do lists and any custom lists and their items.
• Journeys: trip planning details such as destinations, dates, members, notes, budgets and packing checklists.
• Notes: sticky-note text, colours and author names.
• Pocket money: optional weekly allowance settings, balances and adjustment logs.
• Wishlist: wishes including titles, emoji, cost, star cost, occasion and any web links you add.

Sensitive (“special category”) data

• Medications ⚠️: for any family member you choose, medication names, doses, schedules, last-dose timestamps and a medication log. This is health data, a special category of personal data under data protection law.
• Moods ⚠️: an optional daily mood emoji for a child. Because it can reveal information about a person’s wellbeing, we treat this as sensitive too.

You are never required to use the medication or mood features. They exist only because some families find them useful.

Security and device data

• PIN: the 4-digit PIN that protects the Settings screen. It is stored within the app’s local data on the device. It is not encrypted separately beyond the protection your device’s operating system provides.
• Photos: images you add for the kitchen-display screensaver. These are resized and stored in the app’s private folder on the device.
• Approximate location: the weather location you choose (place name, latitude, longitude and country code). It is stored on the device so weather works offline and is sent only to our weather provider to fetch a forecast (see section 6).
• Device information: a randomly generated device identifier, the device’s role or label, and app settings such as sound and notification toggles and onboarding flags.
• Sync identifiers: to sync your family’s data across devices, an anonymous Firebase user ID, a family identifier, and a 6-digit family join code.

Connected calendars

Connecting an external calendar is optional and stays off until you set it up. It lets that calendar’s events appear, read-only, on your family calendar.

• Google Calendar: if you connect a Google account, Google asks you to grant Hubbly read-only access to your calendars. For the calendars you choose, Hubbly keeps each event’s title, date and time, end date, all-day flag and location, covering roughly one month back and one year ahead. Hubbly never changes, adds or deletes anything in your Google Calendar, and does not store event guests, descriptions or attachments.
• The connection credential: to keep a connected calendar up to date, Google issues a long-lived access credential (a “refresh token”). Hubbly stores this only on our server, inside our Firebase backend; it is never placed on a device, and no app or device can read it. The connected account’s email address is stored so the calendar can be labelled for you.
• Calendar links: you can also add a calendar by its iCal/ICS file or web link, which needs no sign-in.

Hubbly uses what it reads from a connected calendar only to show those events on your family calendar. We do not use it for advertising and we do not sell it. Hubbly’s use of information received from Google APIs follows the Google API Services User Data Policy, including its Limited Use requirements.

Diagnostics and analytics

• Crash and error data via Sentry: technical information about crashes and errors (for example error messages, a stack trace, app version, device model and operating system version) so we can find and fix bugs.
• Product analytics via PostHog: information about how Hubbly’s features are used (for example which screens are opened) so we can understand what to improve. PostHog is configured to avoid collecting personal information that identifies your family members, and is never used for advertising.

What we do not collect

• No email address or password to sign in to Hubbly; your Hubbly account is anonymous. (Connecting a Google Calendar is optional and is covered under “Connected calendars” above.)
• No advertising identifiers and no advertising profiles.
• No access to your microphone or your contacts.
• No background location and no precise, continuous location tracking.

3. How we collect it

We collect data in four ways:

• Directly from you. Everything your family types into Hubbly: members, tasks, events, meals, lists, journeys, notes, medications, moods, the PIN and so on.
• Automatically. Crash and error diagnostics (Sentry) and product analytics (PostHog) are generated as you use the app, along with basic device and app-version information needed to make sense of them.
• From your device, with your permission. Your operating system will ask you to allow access before Hubbly can use your approximate location (for weather), your photo library (to pick screensaver photos) or send notifications (event and medication reminders). You can grant or refuse each of these, and change your mind later in your device settings.
• From a service you connect, with your permission. If you connect an external calendar such as Google Calendar, you authorise Hubbly to read it, and Hubbly then receives the events from the calendars you pick. You can disconnect a calendar at any time (see section 9).

4. Lawful basis for processing

Under the UK GDPR and the EU GDPR, we must have a lawful basis for each thing we do with personal data. We rely on the following.

• Performance of a contract (Article 6(1)(b)): to provide Hubbly itself, storing your family’s content, running sync between your devices, and giving you the features you signed up for.
• Legitimate interests (Article 6(1)(f)): to keep Hubbly secure, to diagnose crashes (Sentry) and to understand feature usage so we can improve the app (PostHog). We have weighed these interests against your rights: the data involved is limited and is not used to build advertising profiles or to make decisions about individuals, and you can object at any time (see section 10).
• Consent (Article 6(1)(a)): for the device permissions you grant (approximate location, photo-library access and notifications) and for connecting an external calendar such as Google Calendar. You can withdraw consent at any time by changing the relevant device setting, or by removing a connected calendar.
• Legal obligation (Article 6(1)(c)): where we must process data to comply with the law, for example responding to a valid legal request or meeting our own legal duties.

Special category data (health and moods)

Medication data is health data, and moods are sensitive, so they need an additional condition under Article 9 of the UK/EU GDPR. Our basis is your explicit consent (Article 9(2)(a)): you choose whether to use these features, and you enter the information yourself, for your own family’s use, on your own device. If you do not want us to process this data, simply do not use the medication and mood features, and you can delete that data within the app at any time.

5. How we use your data

We use the data described above to:

• Run Hubbly and sync it: store your family’s content and mirror it securely to your family’s private space so it stays consistent across your devices.
• Send reminders: generate event and medication reminders as local notifications on your device.
• Improve and fix the app: use Sentry to detect and resolve crashes and errors, and PostHog to understand which features are used so we can make Hubbly better.
• Provide support: respond to questions and help you when you contact us.
• Keep Hubbly secure: protect against unauthorised access, abuse and technical problems.
• Meet legal obligations: comply with applicable law and respond to valid legal requests.

We do not use your data for advertising, we do not sell it, and we do not profile your family members.

6. Who we share it with

We do not sell your personal data and we never share it with advertisers. We do use a small number of carefully chosen service providers (“processors”) that handle data on our behalf, strictly to provide the service.

Each provider acts under a contract that requires them to protect the data and to use it only for the purposes we specify. We may also disclose data where we are legally required to, or to protect the rights, safety or property of Hubbly, our users or others.

7. Children’s data

Hubbly is designed to be used by whole families, including children, but it has no child accounts. A parent or guardian, who must be 18 or over, sets up Hubbly, creates the family and controls all of its content and settings. Children do not log in, do not create accounts, and do not provide data directly to us. The “kid view”, star widgets and routines are surfaces a parent sets up; they are not authenticated accounts.

• United States (COPPA): because Hubbly does not knowingly collect personal information directly from children online and is set up and controlled by a parent or guardian, the parent controls what information about a child is entered. We do not show children advertising or use children’s data for marketing.
• European Union (GDPR, Article 8): the account holder is an adult who provides any consent required, including the explicit consent for special category data such as a child’s medication or mood entries.
• United Kingdom, Age Appropriate Design Code (“Children’s Code”): we have designed Hubbly with children’s best interests in mind: there is no profiling of children, no behavioural advertising and no marketing to children, and a family’s data is kept private to that family, used only to run Hubbly for them. PostHog analytics are configured to avoid collecting personal information that would identify a child.

Sensitive information about a child may be present in Hubbly: names, photos, medications and moods. Parents and guardians are responsible for deciding what to enter and can review, edit or delete any of it at any time within the app. If you believe a child’s data has been provided to us without proper parental control, contact us at contact@gethubbly.app and we will help.

8. International data transfers

Your family’s data is hosted in Google Cloud infrastructure used by Firebase, with Firestore configured in a European region. Some of our providers (for example Sentry and PostHog) may process limited data in the United States or other countries.

Where data is transferred outside the UK or the European Economic Area, we make sure it is protected by an appropriate safeguard recognised under UK and EU data protection law, such as:

• an adequacy decision for the destination country;
• the UK and EU Standard Contractual Clauses; and/or
• the UK Extension to the EU–US Data Privacy Framework, where the provider is certified.

9. Data retention

We keep personal data only for as long as we need it.

• Your family content: kept on your device and synced to your family’s private Firestore space for as long as you use Hubbly. When your family is deleted, the synced copy is deleted.
• Connected calendars: a calendar you connect stays connected, and its events refresh, until you remove it. Removing a connected calendar in Settings stops the sync and deletes that calendar’s events from Hubbly. You can also withdraw Hubbly’s access from your Google Account’s security settings at any time.
• On uninstall: removing the app deletes the Hubbly data stored locally on that device. Your other devices and the synced copy are separate; delete the family to remove the synced copy.
• Backups: synced data may persist briefly in routine system backups before being overwritten or expiring in the ordinary course.
• Diagnostics and analytics: crash data (Sentry) and usage data (PostHog) are kept only as long as needed to investigate issues and understand trends, after which they are deleted or aggregated, in line with each provider’s standard retention windows.

10. Your rights

Under the UK GDPR and EU GDPR you have the right to:

• be informed about how your data is used (this policy);
• access the personal data we hold about you;
• rectification: correct inaccurate or incomplete data;
• erasure: ask us to delete your data (“the right to be forgotten”);
• restrict processing in certain circumstances;
• data portability: receive your data in a portable format (Hubbly’s built-in backup/export feature already lets you export your whole family dataset as a file);
• object to processing based on legitimate interests, including our analytics;
• withdraw consent at any time, for example by turning off a device permission; and
• not be subject to a decision based solely on automated processing. Hubbly does not make any such decisions: there is no automated profiling or automated decision-making about individuals.

California residents

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the right to:

• know what personal information we collect and how it is used and shared;
• delete personal information we hold about you;
• correct inaccurate personal information;
• opt out of the “sale” or “sharing” of personal information; and
• not be discriminated against for exercising your rights.

We do not sell personal information and do not share it for cross-context behavioural advertising, as those terms are defined under California law. We do not offer financial incentives in exchange for personal information, so there is no related discrimination.

11. How to exercise your rights

To make a request, email us at contact@gethubbly.app. Please tell us:

• which right you want to exercise;
• enough detail to identify the data or family in question; and
• an address we can reply to.

We may ask you for information to verify your identity, so that we do not disclose data to the wrong person; this is for your protection. We will respond within one month of a valid request under the UK/EU GDPR (extendable by two further months for complex requests, and we will tell you if so), and within 45 days for a request under California law. Exercising your rights is free of charge, except where a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline it and explain why.

12. Cookies & tracking

The Hubbly website at gethubbly.app uses no non-essential cookies and no analytics or tracking of any kind. Only strictly necessary technology that the website host needs to serve the site may be used.

In-app analytics are a separate matter: the Hubbly app uses Sentry and PostHog as described in this policy. These operate inside the app and are not website cookies. For full details, see our Cookie Policy.

13. Security measures

We take reasonable and appropriate steps to protect personal data:

• In transit: all communication with Firebase and our other providers uses HTTPS/TLS encryption.
• At rest: data synced to Firestore and Cloud Storage is encrypted at rest (AES-256) by Google.
• On your device: local Hubbly data sits inside your operating system’s app sandbox, protected by your device’s own security; Settings are further protected by a 4-digit PIN gate.
• Access control: sync uses anonymous authentication, and Firestore security rules ensure that only members of a family can read or write that family’s data. Family join codes are write-once and cannot be repointed. Calendar-connection credentials, such as Google refresh tokens, are held only in our backend, in records that no app or device can read.

To be transparent: Hubbly does not currently use client-side end-to-end encryption. Synced data is encrypted in transit and at rest as described above, but it is not encrypted with a key only your family holds. No method of storage or transmission is ever 100% secure.

14. Data breach procedure

We have procedures to deal with a suspected personal data breach. If a breach occurs, we will assess the likely risk to people’s rights and freedoms. Where a breach is likely to result in a risk to individuals, we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of it. Where a breach is likely to result in a high risk to affected individuals, we will inform those individuals without undue delay and explain what has happened and what they can do.

15. Changes to this policy

We may update this Privacy Policy from time to time, for example if our features, providers or legal obligations change. When we do, we will revise the “last updated” date at the top of this page, and for significant changes we will give you a clearer notice, such as a message in the app. Please check back occasionally.

16. Contact us

If you have questions about this policy or about how Hubbly handles your data, contact us:

• Company: PerfectDay Technologies Ltd
• Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
• Company number: 16952922
• Email: contact@gethubbly.app

We have not appointed a statutory Data Protection Officer, as our processing does not meet the threshold that legally requires one. The contact above handles all privacy questions and data rights requests.

If you are in the UK and are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/. If you are in the EU, you may complain to your local data protection supervisory authority. We would, however, appreciate the chance to address your concerns first.

17. Effective date

This Privacy Policy is effective from 22 May 2026.

Questions about this document? Email contact@gethubbly.app. This page was last updated on 22 May 2026.