Legal

Privacy Policy

Last updated 15 April 2026

Who we are

BabyDraft (“BabyDraft,” “we,” “us”) is operated by Akella inMotion, a sole-trader business registered in Ireland. We run the service at www.babydraft.app. This policy explains what we collect, why, and what your rights are under the EU General Data Protection Regulation (GDPR).

What BabyDraft does

BabyDraft is an entertainment product. You describe two parents (optionally uploading their photos), and our AI generates a fictional “future baby”: a name, personality traits, a predicted career, guaranteed quirks, and a shareable card. The output is entertainment, not genetics. It makes no medical or hereditary claims.

What we collect

  • Uploaded photos. Temporary. Stored in Supabase object storage for the duration of a single generation session. Deleted automatically within 24 hours by an hourly GDPR purge cron job.
  • Trait inputs. The answers you give in the parent quiz (personality questions, optional free-text notes up to 280 characters). These are sent to the Claude AI to produce the baby profile and stored alongside the generation row.
  • Anonymous session cookie. A random UUID stored in an httpOnly cookie (fb_session) so we can link a browser to its own generations. Not tied to any identity.
  • Hashed IP address. We hash the client IP with SHA-256 and a per-deploy salt before storing it. Used only for rate-limiting and abuse detection. We never store a raw IP.
  • Payment data. All payments are processed by Stripe. BabyDraft never sees your card number, CVC, or billing address. We store only a Stripe session id and payment intent id so we can reconcile purchases and handle refunds.
  • Email (optional). If you enter one for marketing consent, we store it with an explicit opt-in flag. You can remove it at any time by emailing us.

What we DON'T collect

  • Biometric data. Face-parsing happens server-side during generation; no facial templates or embeddings are persisted. Only the AI-generated portrait is kept.
  • Raw IP addresses. Hash only.
  • Browsing behaviour on other sites. No cross-site tracking.
  • Advertising identifiers.We don't sell data or plug into ad networks.

How long we keep things

  • Uploaded parent photos: ≤ 24 hours. Purged automatically.
  • Generated baby portraits and profiles: Kept as long as the generation row exists so shareable links keep working. You can request deletion at any time.
  • Session cookie: 1 year or until you clear your browser cookies.
  • Payment records: Retained for the period required by Irish tax law (typically 7 years).

Who we share data with

BabyDraft uses a small set of trusted sub-processors to operate the service:
  • Supabase. Postgres database, object storage, hosted in the EU (AWS eu-west-1).
  • Vercel. Application hosting and edge infrastructure.
  • Anthropic. The Claude API generates personalities, careers, and quirks from your trait inputs.
  • OpenAI. The gpt-image-1 model generates the baby portrait from parent photos (when photos are provided).
  • Replicate. Fallback image generation when OpenAI is unavailable.
  • Stripe. Payment processing and tax calculation.
We do not sell personal data to anyone.

Your GDPR rights

You have the right to access, correct, export, or delete the personal data BabyDraft holds about you, and the right to object to or restrict processing. For deletion specifically, you can run a self-service deletion below — it removes everything tied to this browser session within seconds. For more complex requests (export, rectification, multi-device deletion), email admin@babydraft.app and we'll respond within 30 days. You can also lodge a complaint with the Irish Data Protection Commission (dataprotection.ie).

Self-service. Removes data tied to this browser session within seconds. For requests across multiple devices, email us.

Changes to this policy

We'll update the “Last updated” date at the top whenever we change this policy. Material changes will be announced on the homepage.

Contact

Questions, requests, or complaints: admin@babydraft.app.