Privacy Policy

BabyCam · me.yunda.babycam

Who this policy is for

BabyCam ("we", "us", "our") helps parents and caregivers supervise a room using live video and audio between devices they own or control. This Privacy Policy describes what information we process when you use our mobile applications for iOS and Android and when you interact with our online services—including account registration, social sign-in, in-app purchases, WebRTC signaling, optional LAN discovery, and support requests.

BabyCam is designed so that your camera feed does not pass through our servers as streaming media. Our backend provides signaling, authentication, entitlement checks, and related metadata only. We do not watch, listen to, record, or analyse your video or audio content on our infrastructure.

By installing or using BabyCam, you confirm that you use the product responsibly and only monitor people and places where you have a lawful basis to do so (for example, your own home with appropriate consent from anyone who has a reasonable expectation of privacy). If you do not agree with this Policy, please uninstall the app and stop using our services.

This Policy supplements—not replaces—the Apple App Store and Google Play data disclosures and any consent screens shown inside the app.

1. Who is responsible for processing?

Depending on your region, the data controller for BabyCam may be Yunda or an affiliated entity identified in store listings and invoices. For privacy requests you can always reach us at soporte@yunda.me.

This Policy applies to the BabyCam consumer apps, our REST/WebSocket APIs used for accounts and signaling, and our hosted privacy/terms pages. It does not apply to third-party websites, payment processors' dashboards, or operating-system features that operate outside our control (for example iCloud or Google account recovery).

2. Categories of personal data

We aim to collect the minimum data needed to run the service securely:

Account and identity: email address, display name, OAuth identifiers from Apple or Google sign-in, hashed passwords if you use email login, and internal user IDs.

Devices and sessions: device model, OS version, app version, push notification tokens where enabled, IP address observed at the edge of our API, connection timestamps, and cryptographically random device or installation identifiers.

Signaling and rooms: ephemeral codes or tokens that identify a viewing session, ICE candidates, SDP payloads, and approval flags needed to pair cameras with monitors.

Billing: subscription identifiers, transaction receipts, product SKU, renewal state, and refund flags as transmitted by Apple or Google; we never receive your full card number.

Support: text you send to soporte@yunda.me, crash logs you choose to attach, and diagnostic snippets we request with your consent.

We do not ask you to upload continuous recordings of your baby monitor stream to our cloud as a core feature.

3. Video, audio & WebRTC media path

Real-time video and audio use WebRTC when possible, meaning media flows directly between peers or through encrypted relays (TURN) when networks require it. Our servers coordinate setup but are not a destination for your ongoing camera feed.

You choose where to point the camera, who may approve viewers, and whether to use LAN-only or cloud-assisted modes. You must comply with workplace, tenancy, childcare, and surveillance laws that apply to you.

If you enable optional features that analyse frames or audio on-device (such as cry or motion hints), processing stays on the handset unless a feature explicitly states otherwise.

4. Signaling, rooms & ephemeral metadata

To connect two phones we exchange JSON messages containing SDP offers/answers, ICE candidates, heartbeat pings, and viewer-approval states. Room identifiers may be stored in Redis or similar caches with automatic TTL so participants can rediscover each other.

Those records contain technical metadata—not thumbnails or transcripts of your video. When the session ends or TTL expires, entries are deleted according to our retention schedule.

If you enable passwords or approval prompts, we persist only what is necessary to enforce those controls.

5. Purchases, receipts & entitlements

Digital goods are sold by Apple or Google. We receive tokens and subscription states needed to unlock BabyCam Pro features. We may store hashed receipts to prevent duplicate grants or fraud.

Chargebacks, refunds, billing disputes, and price changes are governed by the store you used. Keep your store receipts if you need proof of purchase.

6. Diagnostics, analytics & product telemetry

We may collect crash stacks, performance timings, or coarse usage signals to keep the service reliable. Where platforms require permission prompts or App Tracking Transparency, we follow those rules.

We may send transactional emails or in-app banners about security incidents, mandatory policy updates, or subscription status. Promotional messages—if we send any—will include opt-out instructions where required.

We do not sell your personal information and we do not use your camera footage for advertising profiling.

7. Local networks, LAN mode & mDNS

When both devices share the same Wi-Fi, BabyCam can advertise or browse services via multicast DNS / Bonjour-style discovery. Data exchanged stays on the LAN except when you explicitly choose cloud signaling.

Operating-system permission dialogs control microphone, camera, local network, and nearby-device access. Denying permission may limit features but does not upload your media to us.

8. Purposes & lawful bases (including GDPR)

We process personal data to:

• deliver sessions, accounts, and subscriptions (contract necessity); • secure accounts, prevent abuse, and monitor infrastructure health (legitimate interests balanced against your rights); • comply with tax, fraud, or law-enforcement requests (legal obligation); • send optional marketing only when we have consent or another permitted basis.

Where GDPR applies you may withdraw consent at any time when processing is consent-based, without affecting earlier processing that was lawful.

9. Retention & deletion

Retention periods depend on the dataset: ephemeral signaling may last minutes to hours; account records persist until you delete the account; invoices may be kept longer for accounting.

You can request deletion via the app or email. We will anonymise or erase records unless a statute requires retention (for example tax archives). Backups may lag briefly before wipes propagate.

Room codes and similar shortcuts expire automatically—do not rely on them as long-term secrets.

10. Vendors, hosting & sub-processors

We rely on cloud providers for compute, databases, object storage, Redis, email delivery, certificate authorities, and observability. Payment verification flows through Apple and Google.

We vet vendors with data-processing agreements, least-privilege access, and encryption expectations. A current summary of categories is available on request.

If we onboard a materially different sub-processor for existing personal data, we will update this Policy or provide notice as required.

11. International transfers

Your information may be processed in the European Economic Area, the United States, Latin America, or Asia depending on where servers and personnel are located. When transferring data from the EEA, Switzerland, or the UK we rely on adequacy decisions, Standard Contractual Clauses, or equivalent safeguards.

You may request a copy of the relevant safeguards by emailing soporte@yunda.me.

12. Security measures

We implement TLS for client-server traffic, hardened configurations, role-based access, secrets management, logging, and vendor SLAs. Mobile apps should be kept updated; use OS screen locks and disable unwanted viewers promptly.

No security program is perfect—please report suspected vulnerabilities responsibly to soporte@yunda.me.

13. Your privacy rights

Depending on jurisdiction you may request access, correction, deletion, restriction, portability, or objection. Parents or guardians may exercise rights on behalf of household members where applicable.

We may need to verify identity before fulfilling sensitive requests. If we refuse, we will explain why and tell you how to appeal.

Some controls (notifications, ad tracking, subscriptions) live entirely inside iOS or Android settings—we will guide you if needed.

14. Children & teen safety

BabyCam is meant for adult caregivers. We do not knowingly market to children to collect their personal data for profiling.

If you believe we received information about a child without proper authority, contact us—we will delete it when obligations allow.

15. Cookies & similar technologies on the web

Visiting baby.yunda.me may set cookies required for load balancing, bot protection, or analytics on that site. Mobile analytics follow Apple/Google policies.

You can control cookies through browser settings; this Policy focuses on the mobile apps.

16. Automated decisions & profiling

We do not make legally significant solely automated decisions about you (such as credit denial) based on app usage. On-device alerts are recommendations only and should never replace human supervision.

17. U.S. state privacy rights (summary)

Residents of certain U.S. states may have additional rights such as knowing categories of data collected, requesting deletion, opting out of sale or sharing for cross-context behavioural advertising, and appealing denials.

BabyCam does not sell personal information for money. Some transfers to analytics or advertising partners could constitute sharing under CPRA definitions; review platform privacy controls.

Submit requests via soporte@yunda.me; we will verify and respond within statutory timelines.

18. Brazil (LGPD) & other regions

If you are in Brazil, you enjoy LGPD rights including confirmation of processing, access, correction, anonymisation, portability, deletion, information about sharing, and revocation of consent.

We apply similar handling for other countries with comprehensive privacy laws when feasible—contact us with your jurisdiction so we can route the request properly.

19. Breach notification

If we discover a breach that risks your rights, we will notify regulators and affected users as required by law, typically via email or prominent in-app notice, and describe remedial steps.

20. Marketing preferences & surveys

Optional newsletters or beta invitations will include unsubscribe links. Survey responses are used in aggregate unless you provide identifiable details voluntarily.

21. Research & aggregate insights

We may derive anonymous statistics (for example median session length) to plan capacity. Those datasets cannot reasonably identify you.

22. Third-party SDK disclosures

Our apps may bundle SDKs required by Apple, Google, WebRTC, authentication, or crash reporting. Each SDK vendor processes data under its own policy—review Install-time disclosures on iOS 17+ / Android data safety forms.

23. Conflict between translations

If this Policy is translated, the English version governs for contracts unless local law requires another language to prevail.

24. Regulatory cooperation

We cooperate with lawful requests from data-protection authorities and law enforcement when properly scoped. We may challenge overbroad demands.

25. Contact, updates & document control

Privacy enquiries & data-right requests: soporte@yunda.me.

We update this Policy when features or laws change. The “Last updated” footer tracks revisions. Material changes may require renewed acknowledgement inside the app or additional notice.

Continued use after the effective date constitutes acceptance where permitted.

Last updated: May 2026