Privacy Policy
Little Handy Apps — Last updated: April 2026
1. Who we are
VaxFile is a vaccination record-keeping app developed by Little Handy Apps. If you have questions about this policy, contact us at support@vaxfile.app.
2. What data we collect
Account data
When you create an account we collect your email address and a password (stored as a secure hash, never in plain text).
Profile data
Information you enter about your children or family members: name, date of birth, sex, country, and an optional profile photo.
Vaccination records
Vaccination logs you create: vaccine name, date administered, dose number, who administered it, and optional notes.
Usage data
We collect anonymised usage events (e.g. which features you use, how often you open the app) via PostHog, a GDPR-compliant analytics provider hosted in the EU. This data cannot be used to identify you personally.
Device data
We store a push notification token on your device and in our database to send you vaccination reminders. We do not use this for marketing.
3. How we use your data
We use your data solely to provide the VaxFile service:
- To show you personalised vaccination schedules
- To remind you when vaccinations are due
- To allow you to log and review vaccination records
- To improve the app based on anonymised usage patterns
We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except as described below.
4. Third parties
Supabase
Your account, profile, and vaccination data is stored in Supabase, a GDPR-compliant database provider. Supabase servers are located in Frankfurt, Germany (eu-central-1). Supabase's privacy policy is available at supabase.com/privacy.
PostHog
Anonymised usage analytics are processed by PostHog, hosted on PostHog's EU cloud. No personally identifiable information is sent to PostHog. PostHog's privacy policy is available at posthog.com/privacy.
Apple
Push notifications are delivered via Apple Push Notification Service (APNs). Apple does not have access to the content of your vaccination records.
5. Data storage and security
All data is stored in the EU (Frankfurt). Data is encrypted in transit using TLS. Access to your data is restricted by row-level security policies — no other user can access your records. Profile photos are stored in a private storage bucket accessible only to your account.
6. Your rights under GDPR
As a user in the European Union or United Kingdom you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Data portability
To exercise any of these rights, email us at support@vaxfile.app. We will respond within 30 days.
7. Data retention
We retain your data for as long as your account is active. If you request account deletion, we will delete all your personal data within 30 days.
8. Children's data
VaxFile is designed for use by parents and carers. We do not knowingly collect data directly from children. All data about children is entered by the parent or carer who holds the account.
9. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes via the app. The current version is always available at vaxfile.app/privacy.
10. Contact
Little Handy Apps
support@vaxfile.app