Legal

Privacy Policy

Last updated: May 17, 2026

Morning Quest ("we", "our", or "us") is a daily routine app for children, operated by Bellini ApS. This policy explains what data we collect, how we use it, and your rights — including those of parents and guardians under applicable children's privacy laws (COPPA in the United States and GDPR / GDPR-K in the European Economic Area).

1. Who this app is for

Morning Quest is designed for family use. A parent or guardian creates an account and sets up profiles for their children. Children use the app under parental supervision, and any adult-facing area (settings, account, subscription management) is protected by a parent gate to prevent accidental access by a child. We do not knowingly collect personal data directly from children under 13 without verifiable parental consent. Morning Quest participates in Google Play's Designed for Families program and follows its policies.

2. Data we collect

We collect the minimum necessary to run the service:

• Account identifier — typically an email address provided when the parent/guardian signs in via Sign in with Apple or Google Sign-In. Firebase Authentication issues a unique user ID we use internally; we do not store passwords.
• Child profiles — first name and age range entered by the parent. No government ID, photograph, or sensitive personal data is required.
• Quest and routine data — tasks, schedules, completion records, streaks, and the wake-up reminder time set by the parent. Stored in Firestore and synced across devices belonging to the same parent account.
• Subscription and billing records — when a parent starts a free trial or paid subscription, we record which plan (monthly or annual), trial and renewal dates, and entitlement status. Payment card details are never seen or stored by Morning Quest — they are handled entirely by Apple App Store or Google Play.
• Notification preferences — the wake-up reminder time and which weekdays it fires. These are stored locally on the device and (when signed in) synced to the parent's account.
• Usage analytics — events such as screen views and feature usage, sent to Firebase Analytics tied to an anonymous installation identifier rather than personal identity. We have disabled collection of the Android Advertising ID and Android ID for children's-policy compliance.
• Crash reports — when the app crashes, Firebase Crashlytics captures device model, OS version, app version, IP address (used to derive approximate country), and stack traces. Reports do not contain quest content, child names, or account credentials.

3. How we use your data

• To provide, operate, and improve the Morning Quest service.
• To sync data across devices belonging to the same family account.
• To grant, renew, and verify subscription access (trial, monthly, annual).
• To diagnose and fix technical issues.
• To understand which features are most useful (aggregate analytics only).

We do not sell, rent, or share personal data with third parties for advertising purposes. We do not show ads inside Morning Quest.

4. Third-party services

Morning Quest relies on the following processors, each governed by its own privacy policy and a Data Processing Agreement (where applicable) between us and the provider:

• Google Firebase (Google LLC) — Authentication, Firestore database, Analytics, and Crashlytics. See Google's Privacy Policy and the Firebase Data Processing Terms.
• Sign in with Apple (Apple Inc.) — Used to authenticate parents/guardians on iOS. Apple shares the user's name (if the user permits) and an email address (real or Apple's private relay) with us. See Apple's Privacy Policy.
• Google Sign-In (Google LLC) — Used to authenticate parents/guardians on Android. Google shares the user's email, basic profile (name, profile picture URL), and a unique Google account identifier with us. See Google's Privacy Policy.
• RevenueCat (RevenueCat, Inc.) — Manages subscription entitlements and verifies purchases. We send RevenueCat the Firebase user ID (for signed-in users) and the device's country, language, OS, and app version. RevenueCat receives subscription receipts from Apple and Google. See RevenueCat's Privacy Policy.
• Apple App Store (Apple Inc.) — Processes all in-app purchases on iOS. Apple receives the parent's Apple ID, payment method, and purchase history. Apple's handling of this data is governed by Apple's privacy policy linked above.
• Google Play (Google LLC) — Processes all in-app purchases on Android. Google receives the parent's Google account, payment method, and purchase history. Governed by Google's privacy policy linked above.

No other third parties have access to your personal data.

5. Data retention and location

Account and profile data is retained for as long as your account is active. Subscription and billing records are retained for the lifetime of the subscription plus any period required by tax and accounting law (typically 5–7 years for invoice metadata, with personal identifiers minimised where possible).

Personal data stored in Firestore is hosted in Google Cloud datacenters in the European Union (eur3, multi-region). Subscription data is stored by RevenueCat in the United States. Payment processing happens in the country of your App Store / Google Play account. Data may transit through other regions during normal cloud operations.

To delete your account and all associated personal data, email support@bellini.app from the address on the account. We will confirm the request and permanently remove all data within 30 days, except where retention is required by law.

6. Parental rights (COPPA & GDPR)

As the parent or guardian, you have the right to:

• Review the personal information we hold about your child.
• Request correction or deletion of that information.
• Withdraw consent at any time by deleting the account.
• Object to or restrict certain processing activities.

To exercise any of these rights, contact us at support@bellini.app.

7. Security

Data is transmitted over HTTPS and stored in Firebase with access controlled by security rules. Passwords are never stored in plain text. We apply reasonable technical and organisational measures to protect your data, though no system is perfectly secure.

8. Changes to this policy

We may update this policy as the app evolves. Significant changes will be communicated via an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions or requests regarding this policy can be sent to:
support@bellini.app