Privacy Policy
Last Updated: January 2026 · Version 1.0
1. Introduction
Welcome to Taylee ("we", "our", "us"). We are committed to protecting your privacy and handling your personal data responsibly.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Taylee mobile application ("the App").
URBANHARE.AI LIMITED
272 Bath Street, Glasgow, Scotland, G2 4JR
Email: privacy@taylee.app
Website: https://taylee.app
We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Your name
- Email address
- Password (encrypted)
- Whether you consent to marketing communications
2.2 Family Information
To personalise activity recommendations, we collect:
- Children's first names
- Children's ages
- Children's interests (selected from categories)
2.3 Location Information
- Your postcode (to find local activities)
- Your region (for school holiday detection)
We do NOT collect precise GPS location.
2.4 Optional Sensitive Information
With your explicit consent, you may choose to provide:
- Dietary requirements (allergies, religious dietary needs)
- Additional support needs (to find suitable accessible activities)
This sensitive information is:
- Only collected with explicit consent
- Stored securely in the UK
- Anonymised before being sent to AI services
- Never shared with third parties for marketing
2.5 Usage Information
We automatically collect:
- Activities you save, complete, or dismiss
- Your preferences and feedback
- App interaction data (to improve recommendations)
- Device information (for technical support)
2.6 Calendar Information
If you choose to add activities to your calendar:
- We create calendar events on your device
- We do NOT read or access your existing calendar
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide personalised activity recommendations | Contract performance |
| Send activity reminders and notifications | Legitimate interest / Consent |
| Improve our recommendation algorithm | Legitimate interest |
| Send school holiday alerts | Legitimate interest |
| Process subscription payments | Contract performance |
| Respond to support requests | Contract performance |
| Send marketing communications | Consent (opt-in only) |
| Comply with legal obligations | Legal obligation |
4. How We Share Your Information
4.1 AI Services (OpenAI)
To generate activity recommendations, we send information to OpenAI's GPT service. Before sending:
- Children's names are replaced with generic labels (e.g., "Child 1")
- Your exact location is generalised to region level
- Sensitive data (dietary, SEN) is anonymised
OpenAI does not use your data to train their AI models.
4.2 Firebase (Google Cloud)
We use Firebase for:
- User authentication
- Secure data storage
- Push notifications
Data is stored in Google's UK/EU data centres.
4.3 Weather Services
We send your general location (postcode area) to weather services to provide weather-aware recommendations.
4.4 Venue Information
We use Google Places API to find venue details. Only your general location is shared, not personal information.
4.5 Payment Processors
Subscriptions are processed by Apple (App Store) or Google (Play Store). We do not receive or store your payment card details.
4.6 We Never
- Sell your personal data
- Share your data with advertisers
- Share children's information with third parties for marketing
- Use your data to build advertising profiles
5. Children's Privacy
Taylee helps parents plan activities for their children. We take children's privacy seriously:
- We collect minimal information about children (first name, age, interests only)
- Children's names are anonymised before being sent to AI services
- We do not allow children under 18 to create accounts
- Only parents/guardians can input information about children
- We comply with the Children's Code (Age Appropriate Design Code)
6. Data Storage and Security
6.1 Where We Store Data
| Data Type | Storage Location |
|---|---|
| Account & family data | Firebase (UK/EU) |
| Preferences | Your device (local) |
| Saved activities | Firebase (UK/EU) |
6.2 Security Measures
- All data transmitted using TLS encryption
- Passwords hashed using industry-standard algorithms
- Firebase security rules restrict data access
- Regular security reviews
6.3 International Data Transfers
Some of our third-party service providers process data outside the United Kingdom:
| Service | Location | Safeguard |
|---|---|---|
| OpenAI (AI recommendations) | United States | Standard Contractual Clauses (SCCs) |
| Firebase (Google Cloud) | UK/EU data centres | UK Adequacy Regulations |
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including Standard Contractual Clauses approved by the Information Commissioner's Office.
6.4 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Activity history | 12 months |
| Anonymised analytics | 24 months |
7. Your Rights
Under UK GDPR, you have the right to:
7.1 Access Your Data
Request a copy of all personal data we hold about you.
7.2 Correct Your Data
Update inaccurate or incomplete information via the app or by contacting us.
7.3 Delete Your Data
Request deletion of your account and all associated data. You can do this in Settings > Delete Account, or by contacting us.
7.4 Export Your Data
Request your data in a portable format.
7.5 Withdraw Consent
Withdraw consent for optional data processing (dietary, SEN, marketing) at any time in Settings.
7.6 Object to Processing
Object to processing based on legitimate interests.
7.7 Automated Decision-Making and Profiling
Taylee uses AI to generate personalised activity recommendations based on your children's ages, interests, location, and weather conditions. This constitutes profiling under UK GDPR Article 22.
However:
- No decisions with legal or similarly significant effects are made solely by automated means
- All recommendations are suggestions only — you decide which activities to pursue
- You can adjust your preferences at any time to influence recommendations
- You can contact us at privacy@taylee.app to request human review of how your data is used for recommendations
7.8 Lodge a Complaint
You have the right to complain to the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Telephone: 0303 123 1113
8. Cookies and Tracking
The Taylee app does not use cookies. We use minimal local storage on your device to:
- Remember your preferences
- Keep you logged in
- Cache data for offline use
8.1 Website Analytics
Our website (taylee.app) uses Plausible Analytics, a privacy-friendly analytics service. Plausible:
- Does not use cookies
- Does not collect personal data
- Does not track users across websites
- Collects only aggregate data (page views, referral sources, device type)
No consent banner is required as Plausible is compliant with UK GDPR and the Privacy and Electronic Communications Regulations (PECR) without collecting personal data.
9. Third-Party Links
Taylee may display links to venue websites or booking pages. We are not responsible for the privacy practices of these external sites.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- In-app notification
- Email (if you've opted in to communications)
The "Last Updated" date at the top indicates when changes were made.
11. Contact Us
For privacy-related enquiries or to exercise your rights:
Website: https://taylee.app
Data Controller:
URBANHARE.AI LIMITED
Registered in Scotland, no. SC876925
272 Bath Street, Glasgow, Scotland, G2 4JR
We aim to respond to all requests within 30 days.
12. Additional Information for Scottish Users
Taylee is developed in Scotland. While UK GDPR applies throughout the United Kingdom, Scottish users may have additional rights under Scots law. If you have questions about your rights, please contact us.
This Privacy Policy is governed by the laws of Scotland and the United Kingdom.