Privacy Policy

Effective date: March 2026  ·  Commixing Research and Development pvt. ltd.

1. What Cooing Does

Cooing is a free audio baby monitor app. It uses WebRTC to stream audio peer-to-peer between two devices on the same home Wi-Fi network. Audio never passes through, is recorded by, or stored on any server operated by us or any third party.

2. Information We Collect

We collect the minimum necessary to operate the service:

• Account information: Email address and encrypted password, or your Google account identifier if you sign in with Google.
• Optional phone number: Provided voluntarily during sign-up for OTP verification. Stored hashed.
• Device tokens: FCM/APNs push notification tokens to deliver safety alerts to your device.
• In-app purchase records: Tier (Free/Plus/Pro) and platform receipt token. No payment card data is ever stored by us.
• Anonymous analytics events: Session start/end, reconnect counts, crash reports. No audio data. No PII in event logs.

3. What We Do Not Collect

• Audio — never recorded, never routed through our servers.
• Location data.
• Photos or camera data.
• Any data about your baby or children.
• Advertising IDs or behavioural data (in MVP; see §7 for future ad plans).

4. How We Use Your Information

• Authenticate your account and maintain your session.
• Deliver push notifications about your monitoring session (threshold alerts, battery, heartbeat).
• Verify in-app purchases and restore them on reinstall.
• Improve the app using aggregate, anonymised analytics.
• Respond to support requests.

5. Data Sharing

We do not sell your data. We share limited data only with:

• Railway (infrastructure): SOC 2 Type II certified hosting for our API and database.
• Firebase (Google): Push notification delivery (FCM/APNs) and crash reporting. No audio data is shared.
• Resend / Twilio: Email and SMS OTP delivery for account verification.
• Apple / Google: In-app purchase verification via their respective billing APIs.

6. Data Retention

Account data is retained until you delete your account. Analytics events are retained for up to 12 months in aggregate form. Deleting your account permanently removes all associated data from our systems within 30 days.

7. Advertising

The Free tier displays non-personalised banner ads via Google AdMob. In the current version, no advertising ID, device tracking, or personal data is used for ad targeting. No App Tracking Transparency (ATT) prompt is shown on iOS. Personalised ads, if introduced in future, will require your explicit consent.

8. Your Rights (GDPR / applicable law)

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data (via Settings → Delete Account).
• Object to processing or request restriction.
• Lodge a complaint with your local data protection authority.

9. Children

Cooing is designed for use by adults (18+) and is not directed at children. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, please contact us immediately.

10. Security

Passwords are stored using bcrypt. Auth tokens are short-lived and rotated. Our infrastructure is hosted on Railway (SOC 2 Type II certified). We use HTTPS for all API communication. Despite our best efforts, no system is 100% secure — please use a strong, unique password.

11. Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated via in-app notification. Continued use of the app after changes constitutes acceptance.

12. Contact

Questions about this policy? Contact us at hello@commix.in.