Sonora Labs LLC ("Sonora Labs", "we", "us", or "our") built and operates the Willo App and this website. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it. It applies to the Willo App on iOS, our website at meetwillo.app, and any Sonora Labs service that links to this policy (together, the "Services").
By using the Services you confirm that you have read this policy. Where the law requires consent (for example, for certain cookies or marketing communications), we will ask for it separately.
1. Who we are and how to reach us
Sonora Labs LLC, the data controller
1500 E Newport Pike, Suite B Unit #184
Wilmington, Delaware 19804
United States
Privacy contact:
help@meetwillo.app
Subject line: "Privacy request"
We do not currently have a designated Data Protection Officer. For EU and UK residents, you can contact us using the address above and we will route your request to the appropriate team within one month.
2. Information we collect
We only collect information that helps us run the Willo App or meet a legal obligation. We group it into the categories below.
2.1 Account and profile data (provided by you)
- Your first name and email address
- Your baby's first name (or nickname), birth date, and gender if you enter it
- Mood journal entries, photos, and reflections you choose to save
- Preferences such as language, time zone, and notification settings
2.2 Usage and device data (collected automatically)
- Which screens you view, which buttons you tap, and how long a session lasts
- Crash reports, error logs, and diagnostics
- Device model, operating system version, language, time zone, and network type
- An advertising identifier (IDFA) if, and only if, you grant permission through Apple's App Tracking Transparency prompt
- A randomly generated internal user ID we use to keep your data together across sessions
2.3 Subscription and payment data
- Subscription status, plan type, renewal date, and trial eligibility, received from Apple through RevenueCat
- We never see or store your full credit card number. Payment is handled entirely by Apple.
2.4 Sensitive personal information
California's privacy law (CPRA) treats certain categories as sensitive. The Willo App collects the following sensitive personal information:
- Precise identifiers tied to a small child (your baby's name and birth date)
- Personal reflections in the mood journal, which may reveal mental or emotional state
We use this sensitive information only to deliver the features you chose to use (for example, showing the right phase, calculating age, or surfacing mood patterns). We do not use it to infer characteristics about you, and we do not share it for advertising.
2.5 Information about your baby
The Willo App is used by parents and caregivers. Information about your baby is collected from you, the account holder, not from your baby. We do not create accounts for children. We do not profile or advertise to children. We do not sell or share a baby's data.
3. How we use your information (purposes and legal bases)
For users in the EU, UK, or Switzerland, the table below sets out the legal basis under the General Data Protection Regulation (GDPR).
- To provide the Willo App (account creation, showing the right phase, saving entries). Legal basis: performance of a contract.
- To keep the Willo App secure (fraud prevention, abuse detection, debugging). Legal basis: our legitimate interests in running a safe product.
- To improve the Willo App (product analytics, usage insights). Legal basis: our legitimate interests in improving the product, or your consent where required.
- To process payments and manage subscriptions. Legal basis: performance of a contract and compliance with Apple's subscription rules.
- To send service emails (password resets, receipts, policy changes). Legal basis: performance of a contract.
- To send marketing emails and tips. Legal basis: your consent. You can withdraw at any time.
- To measure advertising performance (for example, whether an ad led to an install). Legal basis: your consent (App Tracking Transparency on iOS, cookie consent on the website).
- To meet legal obligations (tax, accounting, responding to lawful requests). Legal basis: compliance with a legal obligation.
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.
4. Who we share data with
We do not sell your personal information for money. We share it only with the service providers listed below, and only to the extent they need it to do their job for us. Each of them is bound by a data processing agreement.
- Apple, for App Store payments and App Tracking Transparency. See Apple's privacy policy.
- RevenueCat, for subscription and receipt management. See RevenueCat's privacy policy.
- Superwall, for in-app paywall testing and display. See Superwall's privacy policy.
- Google Firebase (a Google service), for backend storage, crash reporting, and performance monitoring. See Firebase privacy.
- Mixpanel, for product analytics. See Mixpanel's privacy policy.
- Meta Platforms (Facebook, Instagram), for advertising measurement via Meta Pixel and the Meta SDK on our website and in-app. This constitutes "sharing" for cross-context behavioral advertising under California law, and requires your opt-in on the website through our cookie banner. See Meta's privacy policy.
- TikTok for Business and other ad networks, for campaign measurement, only where you have consented. See each network's own privacy policy.
- Customer support tooling (email provider, helpdesk), to respond to you when you contact us.
- Legal or regulatory authorities, when we are required by law, a valid subpoena, or to protect rights and safety.
- A future acquirer, if Sonora Labs is ever involved in a merger, financing, or sale. You will be notified in advance and this policy will be honored.
We do not share your data with data brokers. We do not permit our service providers to use your information for their own independent purposes.
5. International data transfers
Sonora Labs LLC is based in the United States and most of our service providers operate in the United States. If you access the Services from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction whose laws differ from the United States, your information will be transferred to, stored in, and processed in the United States.
When we transfer personal data out of the EEA, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) with each of our service providers, together with additional safeguards such as encryption in transit and at rest.
You can request a copy of the transfer mechanism we use for a specific vendor by emailing help@meetwillo.app.
6. How long we keep your data
We keep personal data only as long as we need it for the purpose it was collected, unless a longer retention is required by law.
- Account and profile data: for as long as your account is active, then up to 30 days after deletion to allow for backup cycles.
- Mood journal entries and photos: deleted with your account, or sooner if you delete them individually.
- Usage and analytics data: up to 24 months in an identifiable form, then aggregated or deleted.
- Crash and diagnostic logs: up to 90 days.
- Subscription and payment records: up to 7 years to meet tax and accounting obligations.
- Support correspondence: up to 3 years after the last contact.
- Marketing consent records: for as long as you are subscribed, plus 2 years after you unsubscribe, to evidence consent.
7. Security
We use industry-accepted safeguards to protect your information, including TLS encryption in transit, encryption at rest on our hosting providers, access controls, logging, and least-privilege permissions for Sonora Labs staff. No system is perfectly secure; if we ever become aware of a breach affecting your personal data, we will notify you and the relevant authority as required by law.
8. Your rights and how to exercise them
Depending on where you live, you may have some or all of the rights below. We do not discriminate against you for exercising any right.
8.1 Rights for everyone
- Access a copy of the personal data we hold about you
- Correct inaccurate or outdated information
- Delete your account and associated data
- Download an export of your data in a portable format
- Opt out of marketing emails by using the unsubscribe link in any email
8.2 Additional rights for EU, UK, and Swiss residents (GDPR)
- Restrict our processing of your data in certain circumstances
- Object to processing based on legitimate interests, including for direct marketing
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
- Lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu. In the UK, the authority is the Information Commissioner's Office (ICO).
8.3 Additional rights for California residents (CCPA / CPRA)
- Know the specific pieces of personal information we have collected, used, disclosed, and shared in the past 12 months
- Delete personal information we have collected from you
- Correct inaccurate personal information
- Opt out of the "sale" or "sharing" of personal information. We do not sell your data. We may "share" limited advertising data with Meta (cookies and mobile identifiers) for cross-context behavioral advertising. You can opt out by clicking Do Not Sell or Share My Personal Information in our Cookie Policy, or by turning on Global Privacy Control (GPC) in your browser, which we honor.
- Limit the use of your sensitive personal information. We only use sensitive personal information for the purposes listed in section 2.4.
- Non-discrimination for exercising any of these rights
You may designate an authorized agent to submit a request on your behalf. We will ask for written proof of authorization and verify your identity before acting on the request.
8.4 Additional rights for residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other U.S. states with comprehensive privacy laws
You have the same access, deletion, correction, portability, and opt-out rights described above. You also have the right to appeal a denial of your request. Appeals can be sent to help@meetwillo.app with the subject line "Privacy appeal."
8.5 How to submit a request
The fastest way to delete your account and associated data is inside the Willo App. Open Settings → Account → Delete account. Deletion is permanent and cannot be undone.
You can also email help@meetwillo.app. We will respond within 30 days (EU/UK) or 45 days (California and similar U.S. laws), and we will verify your identity before acting. Verification typically means confirming the email address on your Willo account.
9. Children's privacy
The Willo App is designed for parents and caregivers, not for children. We do not knowingly collect personal information directly from anyone under 13. Information about your baby is provided by you, the parent or caregiver, as part of using the Services. We do not profile children for advertising, we do not sell a child's data, and we do not allow a child to create their own Willo account.
If you believe a child has submitted information to us without the involvement of a parent or guardian, please contact us and we will delete it.
10. Apple App Tracking Transparency (ATT)
On iOS, the Willo App asks for your permission through Apple's App Tracking Transparency prompt before using the advertising identifier (IDFA) or tracking you across other companies' apps and websites. If you choose "Ask App Not to Track," we will not use the IDFA and will not share attribution data with Meta or other ad networks for tracking purposes. You can change your choice at any time in Settings → Privacy & Security → Tracking on your iPhone.
11. Cookies and tracking technologies (website)
Our website uses cookies and similar technologies. You can review the full list and manage your preferences in our Cookie Policy. If you are in the EU or UK, non-essential cookies are off by default until you accept them through our banner. We honor Global Privacy Control (GPC) signals.
12. Do Not Track
Because there is no common industry standard for how to respond to Do Not Track browser signals, we do not currently respond to them. We do honor Global Privacy Control (GPC) signals as a valid opt-out of "sale" or "sharing" under California law.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change, we will update the "Last updated" date at the top and, if the change is significant, notify you by email or in the Willo App before the change takes effect.
14. Contact us
If you have any question about this policy or about how we handle your data, write to help@meetwillo.app with the subject line "Privacy request" and we will respond within 30 days.
