Privacy Policy

Last Updated: April 23, 2026

This Privacy Policy explains how Westerby Labs LLC d/b/a Tottli ("Tottli," "we," "our," or "us") collects, uses, shares, and protects personal data when you use the Tottli website, iPhone app, Apple Watch features, widgets, and related services (collectively, the "Services").

Controller and contact

Westerby Labs LLC d/b/a Tottli

Privacy and legal notices: legal@tottli.com

Product support: support@tottli.com

202 N CEDAR AVE STE 1 OWATONNA MN 55060 USA

1. Scope

This Privacy Policy applies globally to the Services and to personal data we process about caregivers, website visitors, waitlist subscribers, and customer-support contacts. By using the Services, you also agree to our Terms of Service.

2. Personal Data We Collect

Information you provide directly

  • Account details such as your email address, display name, and authentication-related details.
  • Child profile information and caregiving records you choose to add, such as names, dates, timestamps, notes, and activity details.
  • Household and caregiver-sharing details, including invited email addresses, team roles, and invitation status.
  • Product feedback you choose to send in the app, including the category, feature area, sentiment, message, and whether you are open to follow-up.
  • Support, legal, or privacy correspondence you send to us.
  • Website waitlist or launch-notification information, currently your email address.

Information we collect automatically

  • Device, app, and service metadata such as app version, operating system, and technical diagnostics.
  • Authentication and session metadata needed to keep accounts secure and synced across Tottli services.
  • Local app state stored on your device for offline use and later synchronization.
  • Optional analytics events and optional iPhone session replay data when you grant in-app consent.
  • Minimal authenticated product lifecycle events, such as onboarding and premium paywall checkpoints, used to operate and improve the Services.
  • Website request metadata, including timestamp and IP-derived request details used to protect the waitlist form against abuse.

Current providers used to process data

  • Supabase for authentication, database storage, realtime sync, edge functions, and website waitlist storage.
  • RevenueCat for subscription and purchase-state orchestration.
  • Apple for App Store billing, subscription management, restore flows, and Family Sharing eligibility.
  • PostHog for optional analytics, optional iPhone session replay, and limited server-side product lifecycle metrics.
  • Sentry for consent-gated error monitoring and diagnostics.

A current service-provider list is available on our Subprocessors page.

3. How We Use Personal Data

  • Provide account access, onboarding, logging, syncing, reminders, caregiver sharing, premium access, and related product features.
  • Maintain service security, prevent fraud and abuse, and protect accounts and infrastructure.
  • Process purchases, restore entitlements, and help you manage Apple-billed subscriptions.
  • Respond to support, privacy, legal, and account requests.
  • Review user-submitted product feedback and decide what to fix or improve.
  • Send waitlist or launch-update communications when you ask us to do so.
  • Operate, improve, troubleshoot, and monitor the Services.
  • Comply with legal obligations and enforce our terms and policies.

4. Lawful Bases

Where applicable under local law, we rely on one or more of the following lawful bases:

  • Contract: to provide the Services you request, including account access, syncing, caregiver sharing, and premium features.
  • Legitimate interests: to secure the Services, prevent abuse, troubleshoot issues, improve reliability, and respond to routine support needs.
  • Consent: for optional analytics, optional iPhone session replay, and waitlist or launch-notification emails where consent is required.
  • Legal obligation: to comply with laws, regulations, lawful requests, and recordkeeping obligations.

5. Analytics And iPhone Session Replay

Analytics and iPhone session replay are optional. Tottli starts with analytics disabled and asks for consent before enabling them. Declining consent, or later turning it off, does not block core app use or premium access.

  • On the current iOS release, one in-app analytics choice controls both analytics and iPhone session replay.
  • PostHog session replay shows most interface text so we can understand app issues.
  • Sensitive fields are selectively masked, including child and caregiver names, dates of birth, emails, passwords, invite codes, and explicit feedback text.
  • Images and other screen content may still be visible in replay captures.
  • Replay network telemetry is disabled.
  • Sentry user context and manual diagnostics honor the same analytics-consent gate.
  • When optional analytics is off, Tottli may still send limited account-linked server-side lifecycle events, such as onboarding progress and premium paywall display or dismissal, to understand whether core product flows are working.
  • These server-side events are allowlisted, property-sanitized, and do not include typed text, child names, notes, emails, session replay, or client-side analytics SDK capture.
  • In-app feedback is explicit user-submitted content stored in Supabase, separate from optional analytics and session replay.

6. Website Updates Emails

If you join the Tottli updates list on our website, we currently collect your email address and request metadata such as source-IP information and submission timestamp through our Supabase-backed updates flow.

  • Purpose: to send product updates and related availability notices for Tottli.
  • Current provider: Supabase stores the updates-list entry and related request metadata.
  • Retention: we keep updates-list data until you unsubscribe, ask us to delete it, the updates-email purpose is complete, or the data is otherwise no longer needed for that purpose.
  • Unsubscribe: contact legal@tottli.com or support@tottli.com. If future Tottli emails include an unsubscribe link, you may use that link as well.

7. How We Share Personal Data

We do not sell personal data or share it for cross-context behavioral advertising.

We may disclose personal data in these limited circumstances:

  • To the service providers identified above so they can perform services on our behalf.
  • To caregivers, family members, or household collaborators you authorize inside the app.
  • To Apple for App Store billing, renewals, restore flows, refunds, and Family Sharing eligibility where applicable.
  • To advisors, auditors, law enforcement, regulators, or courts when legally required or reasonably necessary to protect rights, safety, or security.
  • As part of a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality and transition protections.

8. International Transfers

Tottli and our service providers may process personal data in countries other than the one where you live, including the United States. Where required by law, we use contractual commitments or other appropriate safeguards designed to protect transferred personal data.

9. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention can vary by data type:

  • Account and profile data: generally while your account remains active. If you delete your account, we begin removing this data from active systems promptly.
  • Child, household, and activity data: generally while your account or shared household relationship remains active, then removed from active systems when deletion is processed.
  • Support and legal emails: retained for as long as needed to respond, keep a record of the request, and comply with legal or operational obligations.
  • In-app product feedback: retained for as long as needed to understand product quality, prioritize improvements, and follow up when you allow it.
  • Waitlist and launch-notification emails: retained until you unsubscribe, request deletion, or the launch-notification purpose is complete.
  • Analytics, replay, and lifecycle metrics: retained in PostHog according to our current configuration and internal review needs, and not kept longer than necessary for those purposes.
  • Backups and logs: may remain for a limited time on rolling disaster-recovery, audit, and security-retention schedules before being overwritten or deleted.

Account deletion does not necessarily mean every copy disappears instantly from every backup or log. We initiate deletion promptly in active systems, then allow residual copies to age out under normal backup, security, and recovery processes.

10. Your Privacy Rights And Choices

Depending on where you live, and subject to local law, you may have the right to:

  • Request access to personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion of personal data.
  • Request a copy of certain personal data in a portable format.
  • Object to or request restriction of certain processing.
  • Withdraw consent for consent-based processing at any time.
  • Complain to a regulator or supervisory authority where applicable.

Use the in-app settings where available, or contact legal@tottli.com for privacy or rights requests. For product support, contact support@tottli.com.

11. Children And Child-Related Data

Tottli is intended for adult caregivers. We do not knowingly create direct consumer accounts for children. Information about children is provided by adult caregivers for caregiving and household coordination.

12. Security

We use administrative, technical, and organizational measures designed to protect personal data. No security measure is perfect, and we cannot guarantee absolute security.

13. Changes To This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the revised policy with an updated "Last Updated" date and take any additional steps required by law.