Growly has a free tier that includes child profile, development zones, activity calendar, and weekly briefing. To unlock AI chat, weekend ideas, custom goals, and shared access — start a 14-day free trial, no card required. After that, plans start from AED 59/mo.

What age groups does Growly support?

Growly supports children from approximately 3 to 18 years. It automatically adapts its advice, activities, and development tracking to your child's age — from toddler milestones and routines to school-age challenges and teenage development.

Is my child's data safe with Growly?

Yes. Growly uses field-level encryption for personal data, your child's name is never sent to AI. We comply with UAE PDPL, GDPR, and the UAE Child Digital Safety Law. You can request data deletion at any time.

What scientific frameworks does Growly use?

Growly draws on established child development research — from cognitive stages (Piaget, Vygotsky) and psychosocial development (Erikson) to attachment theory (Bowlby), temperament models, and social learning. The right framework is applied automatically depending on the question.

Can both parents and caregivers use Growly?

Yes. Growly supports shared access with different roles — parents get full access to profile, chat, activity recommendations, schedule, and settings, while caregivers see the shared calendar and activity notifications. Invite family members by email directly from the app.

What data about my child does Growly use?

We build a rich data model that includes 15+ parameters: your child's profile (age, temperament, interests), family context (cultural background, location, values), current activities, facts extracted from your conversations, and your feedback on recommendations.

How is Growly different from ChatGPT or other AI assistants?

Unlike general AI assistants, Growly builds a persistent profile of your child and remembers context across conversations. It combines child development science with your family's specific situation — so every answer is personalized, not generic.

Privacy Policy

Effective: February 13, 2026 · Last Updated: April 11, 2026 · Version 1.3

1. Who We Are

Growly (“we”, “us”, “our”) is a family app for parents of children aged 4–18 that covers four needs in one place: helping make daily decisions, choosing the right activities for each child, organizing the family schedule with managed access for parents, caregivers and drivers — and building a long-term development track. Our service is available at app.wegrowly.com and through our mobile application.

Contact: Sergei Andriyashkin — claim@wegrowly.com

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, protect, and share personal data when you use Growly. It applies to all users of our service, including parents and guardians.

Because Growly processes data about children, we hold ourselves to the highest standards of data protection, consistent with:

UAE Personal Data Protection Law (Federal Decree-Law No. 45/2021)
UAE Child Digital Safety Law (Federal Decree-Law No. 26/2025)
EU General Data Protection Regulation (GDPR)
US Children's Online Privacy Protection Act (COPPA) best practices

3. Data We Collect

3.1 Parent Account Data

Data	Purpose	Required
Email address	Account login, notifications	Yes
Name	Display in app	Yes
Password	Account security (stored as hash)	Yes
Language preference	Interface language	Yes
Theme preference	Display settings	No
Role (e.g., mother, father)	Context for AI guidance	No
Religion	Context for culturally appropriate AI guidance	No
Country & city of residence	Context for AI guidance	No
Profile photo	Display your avatar in the app	No

3.2 Child Data (Provided by Parent)

Data	Purpose	Required
Child's name	Display in parent's interface only	Yes
Date of birth	Calculate age for age-appropriate recommendations	Yes
Gender	Tailor developmental guidance	Yes
Temperament	Personalize recommendations	Yes
Interests	Context for guidance	Yes
Challenges	Context for guidance	Yes
Parent's concerns	Prioritize recommendations	Yes
Religion	Culturally appropriate AI guidance	No
Cultural background (country)	Culturally appropriate AI guidance	No
Activities & schedule	Help AI understand child's routine	No
Education details	Help AI understand child's routine	No
Profile photo	Display child's avatar in the app	No

3.3 Data Generated Through Use

Data	Purpose	Retention
AI developmental profile	Personalized insights for parent	Until account or child deletion
Chat messages	Conversation history	Until account or child deletion
Extracted facts	Accumulated knowledge about child's development	Until account or child deletion
Uploaded documents	One-time analysis; not stored permanently	Processed in memory; files stored until deleted by parent
Activity & education records	Track child's routine and progress	Until deleted by parent

3.4 Child Interface Data — Entered by Child

If a parent grants their child access to the Growly child interface, the child may enter the following data within that interface:

Data	Purpose	Required
Nickname / display name	Shown in child interface	No
Avatar (emoji)	Personalise child interface	No
WhatsApp number	Future messaging features (optional)	No
Personal goals	Shown in child's activity view	No
Activity streak (current, best, last date)	Engagement and motivation tracking	No
Push notification preference	Deliver notifications to child interface	No

This data is entered voluntarily by the child and is used only within the child interface. Children cannot create accounts independently — access is only possible after explicit parental setup.

3.5 Shared Access Data

If a parent invites another caregiver or grants shared access to a child's profile, the following invitation data is collected:

Data	Purpose	Required
Invitee display name	Identify the invited person	No
Invitee email address	Send invitation (if invited by email)	No
Role (parent / caregiver / kid)	Set access permissions	Yes

3.6 Data Collected Automatically

Data	Purpose	Retention
IP address	Security, consent records	With consent records (5 years)
User agent (browser/OS string)	Stored with consent records	With consent records (5 years)
Device label (e.g. 'Chrome Desktop')	Identify device in push subscription	Until push subscription deleted
Usage analytics	Improve the product (pseudonymised)	Anonymised

3.7 Data We Do NOT Collect

Children cannot register or create accounts independently. In the child interface, children may enter limited data only after a parent explicitly grants access (see Section 3.4).
We do not collect precise geolocation.
We do not collect or store payment card details. Payments are processed by our payment provider (Stripe), which handles card data directly. We store only a customer reference ID and subscription status.
We do not collect biometric data.
We do not use cookies for advertising purposes. We use an analytics cookie (PostHog) for product improvement only — it does not track you across other websites.

4. How We Use Your Data

4.1 Providing the Service

Generating personalized developmental profiles for your child
Answering your parenting questions with AI-powered guidance
Analyzing documents you upload to extract developmental insights
Remembering context across conversations to improve guidance over time

4.2 AI Processing — How It Works

Our AI assistant uses your child's developmental context to provide relevant, personalized recommendations.

What the AI receives:

Child's age (calculated from date of birth — the date itself is not sent)
Gender
Temperament category
Interests
Challenges and concerns
Religion and cultural background (if provided)
Country and city of residence (if provided)
Parent's role and religion (if provided)
Activities and education schedule (if provided)
Developmental summary from the AI profile
Context facts from previous conversations
Your chat messages

What the AI does NOT receive:

Your child's name or nickname
Date of birth (only the calculated age)
Your name or email
Photos or avatars
Child's WhatsApp number

We minimize identifiable information before it reaches the AI. The AI sees “an 11-year-old active boy interested in football” — never your child's name or identity. Cultural and location context is used only to provide locally relevant guidance.

4.3 What We NEVER Do

We never sell your data or your child's data to anyone.
We never use child data for advertising or marketing purposes.
We never create profiles of children for commercial purposes.
We never share identifiable child data with third parties for their own use.

5. How We Share Data

5.1 Third-Party Service Providers

We use a limited number of service providers to operate Growly. Each processes data only on our behalf and under contractual obligations to protect it.

AI Processing Provider (United States)

Processes child context for chat responses, profile generation, and document analysis. Child's name, nickname, date of birth, WhatsApp number, parent name, and parent email are never shared. API data is not used to train the provider's models.

Database & Authentication Provider

Hosts our database and handles user authentication. All data encrypted at rest. SOC 2 Type II compliant.

Hosting Provider (United States)

Application hosting and content delivery. No persistent data storage. SOC 2 Type II compliant.

Email Provider (United States)

Transactional emails (account verification, password reset, notifications). We share only your email address and notification content. Child data and chat content are never shared.

Analytics Provider (European Union)

Anonymous usage analytics to improve the product. We share only pseudonymized usage events (page views, feature usage). Child data, chat content, and personal details are never shared.

Payment Provider (United States)

Subscription billing and payment processing. We share only your email address and a customer reference ID. Child data, chat content, and developmental profiles are never shared. PCI DSS Level 1 compliant. Payment card data never touches our servers.

Push Notification Infrastructure

To deliver push notifications to your device, a device-specific subscription endpoint and encryption keys are transmitted to your browser's push service (e.g. Google FCM for Chrome, Apple APNs for Safari). No personal data or child data is included in push payloads.

5.2 Cross-Border Data Transfers

Your data is processed in multiple geographic regions depending on the service provider:

United States — AI processing (OpenAI), application hosting (Vercel), email (Resend), payments (Stripe)
European Union — analytics (PostHog, EU servers)
India (Mumbai) — database and authentication (Supabase, ap-south-1 region)

We ensure appropriate safeguards are in place for all cross-border transfers, including contractual protections, Data Processing Agreements and Standard Contractual Clauses where applicable, encryption in transit (TLS 1.2+) and at rest (AES-256), and field-level encryption for sensitive child data. We also apply data minimization — your child's name and date of birth are never transmitted to our AI processing provider.

Acknowledgement of Risks

You acknowledge that transfers to the United States and India occur to jurisdictions that have not been formally recognized as providing an adequate level of data protection under the ADGM Data Protection Regulations 2021, the UAE Personal Data Protection Law (Federal Decree-Law No. 45/2021), or the EU General Data Protection Regulation. While we implement the contractual and technical safeguards described above, these transfers may expose your data to legal frameworks that differ from those in your home jurisdiction, including potential access by foreign government authorities under local law. Transfers to the European Union (for analytics data) are made to a jurisdiction recognized as providing an adequate level of protection.

By using Growly and providing your explicit consent during onboarding, you acknowledge that you have been informed of these transfers and the associated risks, and you agree to these transfers as described in this policy. You may withdraw your consent at any time by deleting your account, although this will terminate your access to the Service.

6. How We Protect Your Data

Encryption

In transit: All data encrypted using industry-standard transport encryption.
At rest: All stored data encrypted using AES-256 encryption.
Field-level: Sensitive child information (name, date of birth) encrypted with separate keys.
Key management: Encryption keys stored separately using a dedicated secrets management system.

Access Control

Data isolation: Strict access rules ensure parents can only access their own data.
Authentication: Secure, short-lived session tokens with automatic rotation.
API security: All endpoints handling child data require authenticated sessions.
Personnel: Database access strictly limited and protected by multi-factor authentication.

Application Security

Protection against injection attacks through parameterized queries.
Protection against cross-site scripting through output encoding.
Protection against cross-site request forgery through secure cookie configuration.
Rate limiting on authentication and API endpoints.

7. Your Rights

Right to Access — view all data we hold about you and your child in the app.
Right to Correction — update your child's information at any time.
Right to Deletion — request deletion of your child's data or account by contacting us at claim@wegrowly.com. This permanently removes all PII, chat history, extracted facts, and the AI profile. Children cannot independently request deletion — only the parent or guardian who holds the account may do so.
Right to Withdraw Consent — stop data processing at any time by contacting us.
Right to Data Portability — request a machine-readable export of your data.
Right to Object — object to specific types of processing.

How to exercise your rights: Use the Settings menu for profile viewing and correction, or contact us at claim@wegrowly.com. We will respond within 30 days.

8. Consent

Before collecting any data about your child, we require your explicit consent during account registration. You must actively agree to our Privacy Policy and Terms of Service, and consent to data collection, AI processing, and cross-border data transfer before creating an account.

You must actively agree before proceeding. We do not use pre-checked boxes or implied consent. Consent records include: what you consented to, the timestamp, the policy version, your IP address, and your browser user agent. These records are retained for 5 years as required by applicable law.

For children under 13, we require verified parental consent in accordance with the UAE Child Digital Safety Law and COPPA best practices.

9. Data Retention

Data Type	Retention	After
Parent account	Until deletion requested via claim@wegrowly.com	Permanently deleted
Child PII	Until deletion requested via claim@wegrowly.com	Permanently deleted
Child developmental data	Until deletion requested via claim@wegrowly.com	Permanently deleted
Chat messages	Until deletion requested via claim@wegrowly.com	Permanently deleted
Activity & education records	Until deleted by parent in the app	Permanently deleted
Child interface data (nickname, avatar, goals, streak)	Until child profile or account deletion, or access revocation	Permanently deleted
Uploaded documents	Files stored until deleted by parent	Permanently deleted
Consent records	5 years	Archived, then deleted

When data is deleted, it is permanently removed from active databases. Encrypted backups may retain data for up to 30 days before being overwritten.

10. Cookies and Tracking

Growly uses only essential cookies required for the service to function:

Cookie	Purpose	Type
Authentication session	Keep you logged in	Essential
Language preference	Remember your language setting	Essential
PostHog analytics (ph_*)	Anonymous product analytics to improve Growly	Analytics

We do not use advertising cookies, remarketing pixels, or cross-site tracking cookies. The PostHog analytics cookie does not track you across other websites and does not contain child data.

11. Children's Privacy

Growly is designed for parents. A separate, limited child interface is available and requires explicit parental setup, supervision, and control, in accordance with the UAE Child Digital Safety Law. Children cannot create accounts independently — only a parent or guardian can enable child access.

When a parent activates the child interface, the child may voluntarily enter a limited set of data: a nickname, an avatar emoji, a WhatsApp number (optional), and personal goals. This data is used only within the child interface.

Children's core data is collected only from their parents, with explicit consent.
Children cannot register or access the service independently.
We never contact children directly.
We anonymize child data before AI processing — the child's name and nickname are never sent to AI.
We encrypt child PII at the field level.
We never use child data for commercial purposes, advertising, or profiling beyond providing the service.
We comply with the UAE Child Digital Safety Law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or in-app notification and may ask you to re-consent if changes affect how we process your child's data.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or how we handle your data:

Email: claim@wegrowly.com
Website: wegrowly.com

We take every inquiry seriously and will respond within 30 days.

This Privacy Policy is written in plain language to help you understand exactly how Growly handles your data and your child's data. If anything is unclear, please contact us.