← Back to MumAlly
MumAlly

Privacy Policy

Effective date: 17 February 2026

1. Who we are

MumAlly is operated by Uju Okonkwo, based in Oxford, UK. If you have any questions about this policy or your data, contact us at hello@mumally.com.

2. What data we collect

  • Account data: name, email address, profile photo, postcode
  • Child data: child's name (optional), date of birth (used to filter age-appropriate content)
  • Usage data: events attended, items posted, messages sent
  • Device data: browser type, IP address (for security purposes)
  • Cookies: session cookies for authentication (see our Cookie Policy)

3. How we use your data

  • To personalise your experience (age-filtered events, local community matching)
  • To show social proof (your name and avatar are visible to other community members when you RSVP to events)
  • To send you emails (welcome email, weekly digest — you can unsubscribe at any time)
  • To facilitate messaging between community members

We NEVER sell your data to third parties. We NEVER use your data for advertising.

4. Legal basis (UK GDPR)

  • Consent: you choose to sign up and share information
  • Legitimate interest: improving the service and preventing abuse
  • Contract: providing the service you signed up for

5. Data sharing

We use the following third-party services to operate MumAlly:

  • Supabase — database hosting (EU-based)
  • Resend — email delivery
  • Vercel — website hosting
  • Google — if you use Google sign-in

We do not share your data with advertisers or data brokers.

6. Children's data

  • We collect children's date of birth to filter age-appropriate content
  • We do NOT collect children's photos or personal information
  • Children do not have accounts on MumAlly
  • Parents control all data about their children

7. Your rights (UK GDPR)

You have the right to:

  • Access: request a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: delete your account and all associated data
  • Portability: receive your data in a machine-readable format
  • Object: object to processing based on legitimate interest

To exercise any of these rights, contact hello@mumally.com.

8. Data retention

  • Account data is kept while your account is active
  • Deleted accounts: all data is removed within 30 days
  • Messages are deleted when both parties delete them

9. Security

  • All data is encrypted in transit (HTTPS) and at rest
  • Row-level security is enforced on all database tables
  • We conduct regular security reviews

10. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email.

11. Contact

For any questions about this policy, contact us at hello@mumally.com.