Privacy Policy

UnderBreath, operated from France, is the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR) and the French Loi Informatique et Libertés. Contact: founder@underbreath.com. Given the scale and nature of our processing, we are not currently required to appoint a Data Protection Officer; the founder acts as the privacy contact.

Publisher: UnderBreath, operated by its founder as an individual entrepreneur based in France. A full legal identification (legal form, registered address, registration number where applicable) will be added here before the community opens to paid or commercial services.

Publication director: the founder of UnderBreath, reachable at founder@underbreath.com.

Hosting: the site is hosted on the Cloudflare edge network (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) with backend data stored within the European Union via Supabase (managed by Supabase, Inc.). Both providers are bound by appropriate data processing terms.

• Account data: email address, chosen handle or display name, password (hashed)
• Profile data you choose to share: stage of motherhood, region, interests, avatar — used to suggest circles
• Content you post: messages, comments, reactions inside circles and topics
• Technical data: IP address, device type, browser, basic logs — used for security and debugging
• Communications: emails you send us and our replies

We do not collect: your real name (unless you choose to share it), location beyond region, payment information (UnderBreath is free during early access).

• To run the service (contract): account, posting, circle membership, notifications
• To keep it safe (legitimate interest): moderation, abuse prevention, security logs
• To improve UnderBreath (legitimate interest): aggregated, anonymous analytics on how features are used
• To send you updates (consent): waitlist updates and product news — you can unsubscribe any time
• To comply with the law (legal obligation): responding to lawful requests from authorities

We do not sell your data. We share it only with:

• Service providers who help us run the platform (hosting, email delivery, error monitoring) — bound by data processing agreements
• Other members, only the parts of your profile and posts you choose to make visible inside circles you've joined
• Authorities, when legally required (court order, criminal investigation)

Your data is stored on servers within the European Union. If any service provider processes data outside the EU, we ensure adequate safeguards through European Commission-approved standard contractual clauses or adequacy decisions.

• Account data: until you delete your account
• Posts: until you delete them or your account
• Backups: up to 30 days after deletion
• Security logs: up to 12 months
• Records we must keep by law (e.g. moderation decisions related to illegal content): as required, then deleted

You have the right to:

• Access a copy of the data we hold about you
• Correct inaccurate data
• Delete your account and personal data ("right to be forgotten")
• Restrict processing in certain circumstances
• Export your data in a portable format
• Object to processing based on legitimate interest
• Withdraw consent at any time (e.g. unsubscribe from emails) — withdrawal does not affect the lawfulness of processing before it
• Give post-mortem directives about what happens to your data after your death (art. 85 of the French Loi Informatique et Libertés)
• Complain to a supervisory authority — in France, the CNIL (cnil.fr), or the authority of your EU country of residence

To exercise any of these, email founder@underbreath.com. We respond within one month (extendable by two months for complex requests, as permitted by GDPR art. 12).

We use essential cookies to keep you signed in and to remember your preferences. We use minimal, privacy-respecting analytics to understand how the platform is used — no third-party advertising trackers, no Facebook pixel, no Google Ads. You can manage cookie preferences in your browser at any time.

UnderBreath is for adults aged 18 and over. We do not knowingly collect data from children. If you believe a child has registered, please email founder@underbreath.com and we will delete the account.

Members must not post identifying information or photos of children, including their own — see our Community Guidelines.

We use industry-standard measures to protect your data: encryption in transit (HTTPS), encryption at rest, hashed passwords, access controls, and regular security reviews. No system is perfectly secure, but we take this seriously and will notify affected members of any breach as required by GDPR (within 72 hours where the breach poses a risk to your rights).

If we make material changes, we'll notify you by email or in the app at least 14 days before they take effect.

Questions or requests: founder@underbreath.com.