← Back to hum.
Privacy Policy
Last updated: June 2026
hum. is built on a simple principle: your family's data belongs to you. We collect only what we need to personalise your experience, we never sell it, and you can export or delete it at any time.
Who we are
hum. is developed and operated by Holly Read, a sole trader based in New Zealand. We are subject to the New Zealand Privacy Act 2020. If you have any questions about this policy, contact us at hello@withhum.app.
What we collect
We collect the following categories of information when you use hum.:
Account information
- Your email address and display name, used to create and manage your account.
Baby profile
- Your baby's first name, date of birth, and corrected age (if premature).
- Feeding approach (purées, baby-led weaning, or combination) and focus areas.
- Family allergy history and dietary restrictions you choose to record.
Food diary and allergen records
- Meals served each day, including recipe and portion notes.
- Reaction records you log after each meal (all clear / mild / significant).
- Allergen introduction progress across the top-9 allergens.
- Weekly check-in responses (meals per day, foods tried, stage progression).
Usage analytics
- Anonymised usage events (screens visited, features used) collected by PostHog. No personal identifiers are attached to these events.
Error reports
- Crash and error reports collected by Sentry, including device type, OS version, and anonymised stack traces. These help us fix bugs quickly.
How we use your information
- To personalise your daily meal plan, recipe suggestions, and allergen schedule.
- To track your baby's journey and milestone progression across sessions and devices.
- To send transactional emails (password reset, account verification) via your auth provider.
- To improve hum. — aggregated, anonymised analytics help us understand which features are useful.
- To respond to support requests and data access enquiries.
We do not use your information for advertising, and we never sell it to third parties.
Data storage and security
Your data is stored in Supabase (hosted on AWS in the Asia-Pacific region). All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Row-level security policies ensure that each account can only access its own records.
We retain your data until you delete your account, or until we close the service (in which case we will notify you with at least 30 days' notice and offer an export).
Third-party services
hum. uses the following sub-processors to operate the service:
None of these providers are permitted to use your data for their own marketing purposes.
Children's data
hum. is designed for use by parents and guardians. All information about babies is entered by and belongs to the account holder (the parent or guardian). We do not knowingly collect personal information directly from children. If you believe we have inadvertently collected data about a child without parental consent, please contact us immediately.
Your rights
Under the New Zealand Privacy Act 2020, you have the right to:
- Access your data — export your full food diary, allergen records, and profile from Settings → Privacy & data → Export food diary.
- Correct your data — update your profile and baby details at any time from within the app.
- Delete your data — request permanent account and data deletion from Settings → Privacy & data → Delete account & data. Deletion is completed within 48 hours.
- Contact us — if you have a privacy concern that isn't resolved within the app, email hello@withhum.app.
Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email or with a notice in the app at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.