Effective Date: 1 June 2026 | Last Updated: 1 June 2026
1. Who We Are
Larkling is a co-parenting platform operated by Larkling Ltd, registered in England and Wales. We provide a web-based progressive web app (PWA) at larklingapp.com and app.larklingapp.com designed to help families coordinate schedules, communicate securely, track expenses, store documents, and manage co-parenting arrangements.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Larkling Ltd is the data controller of the personal data you provide through our service.
If you have any questions about this policy or how we handle your data, please contact us at hello@larklingapp.com.
2. Data We Collect
We collect only the information necessary to provide our co-parenting service. Here is exactly what we collect and why:
2.1 Account & Profile Data
When you create a Larkling account, we collect:
- Email address — used for account authentication, notifications, and service communications.
- Display name — the name you choose to show within your family group.
- Profile settings — preferences such as pronouns, time zone, notification settings, and family structure configuration.
2.2 Co-Parenting Data
As you use Larkling, you may create and store the following types of content:
- Calendar events — custody schedules, parenting time arrangements, appointments, school events, holidays, and other family calendar entries.
- Messages — secure messages exchanged between co-parents within your family group, including any AI Tone Coach rewrites you choose to generate.
- Expenses — shared expense records including amounts, categories, descriptions, receipts, and payment status.
- Documents — files you upload to the document vault, such as court orders, parenting plans, school reports, medical records, and receipts.
- Journal entries — private timestamped notes and reflections.
2.3 Technical & Usage Data
When you visit or use Larkling, we automatically collect:
- Device information — browser type, operating system, device type, and screen resolution.
- Usage data — pages visited, features used, time spent, and interaction patterns (only if you consent to analytics cookies).
- IP address — temporarily processed for security, fraud prevention, and geographic region detection.
2.4 Data We Do Not Collect
We do not collect, process, or store:
- Payment card details (all payments are processed by our payment provider, Stripe).
- Location/GPS data (beyond what your IP address reveals for regional routing).
- Social media profiles or contacts.
- Information about children beyond what you voluntarily enter (e.g., names in calendar events).
3. How We Use Your Data
We use your data exclusively for the purposes of providing, maintaining, and improving the Larkling service:
- Service delivery — to operate your account, display your calendar, deliver messages to your co-parent, process expense records, and store your documents.
- Authentication & security — to verify your identity, protect your account from unauthorised access, and detect/prevent fraudulent or abusive activity.
- AI Tone Coach — when you use the AI Tone Coach, your draft message is processed to analyse tone and suggest alternatives. Messages are processed transiently and are not used to train AI models.
- Communications — to send you essential service emails (e.g., password resets, account changes, new co-parent invitations) and, with your consent, product updates and newsletters.
- Analytics & improvement — to understand how our service is used and identify areas for improvement. This is only done with your explicit consent via our cookie banner.
- Legal compliance — to comply with applicable laws, regulations, and legal processes, including responding to lawful requests from UK authorities.
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects concerning you.
4. Legal Basis for Processing
Under UK GDPR, we rely on the following lawful bases to process your personal data:
- Contractual necessity (Article 6(1)(b)) — processing your account data, co-parenting data, and messages is necessary to perform our contract with you (i.e., to provide the Larkling service).
- Legitimate interests (Article 6(1)(f)) — we process technical and usage data (in a limited, non-invasive manner) for security, fraud prevention, and service improvement. We have balanced these interests against your rights and freedoms.
- Consent (Article 6(1)(a)) — for analytics cookies, marketing communications, and any processing not strictly necessary for service delivery, we rely on your explicit consent. You can withdraw consent at any time.
- Legal obligation (Article 6(1)(c)) — where we are required to process data to comply with UK law.
5. Data Storage & Security
5.1 Where Your Data Lives
All Larkling user data is stored in Supabase, a secure cloud database platform. Our Supabase project is hosted in the AWS London (eu-west-2) region, meaning your data resides on servers physically located in the United Kingdom. This ensures your data remains under UK and EU-equivalent data protection standards.
5.2 Security Measures
We take the security of your co-parenting data extremely seriously — we know it can contain sensitive information about your family, finances, and legal matters. Our security measures include:
- Encryption in transit — all data between your browser and our servers is encrypted using TLS 1.3 (HTTPS).
- Encryption at rest — all stored data is encrypted at rest using AES-256 encryption.
- Row-Level Security (RLS) — Supabase Row-Level Security policies ensure that your co-parenting data can only be accessed by members of your authorised family group.
- Authentication — we use Supabase Auth with secure, hashed password storage and optional multi-factor authentication.
- Access controls — strict internal access controls limit who at Larkling can access production data, and all access is logged and audited.
- Regular backups — automated encrypted backups are performed daily and retained securely.
While we implement industry-standard security practices, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password and enable any additional security features we offer.
6. Data Sharing & Third Parties
6.1 We Do Not Sell Your Data
Let us be absolutely clear: Larkling does not sell, rent, trade, or otherwise disclose your personal data to third parties for their own marketing or commercial purposes. Your co-parenting data is yours — not a product we sell.
6.2 Service Providers (Data Processors)
We use carefully selected third-party service providers to operate our service. These providers act as data processors on our behalf and are contractually bound to handle your data only as instructed by us and in compliance with UK GDPR:
- Supabase — cloud database hosting (AWS London eu-west-2). Supabase Privacy Policy.
- Stripe — payment processing for Premium subscriptions. Larkling never sees or stores your full card details. Stripe Privacy Policy.
- PostHog — product analytics (EU-hosted, only activated with your cookie consent). PostHog Privacy Policy.
- Google Analytics — website analytics (only activated with your cookie consent, with IP anonymisation enabled). Google Privacy Policy.
6.3 Legal Disclosures
We may disclose your data if required to do so by law, court order, or competent UK regulatory authority. We will notify you of any such disclosure unless prohibited by law.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
- Active accounts — your data is retained for the lifetime of your account.
- Deleted accounts — if you request account deletion, your personal data (profile, messages, calendar, expenses, journal) is permanently deleted within 30 days. We may retain anonymised or aggregated data that cannot identify you.
- Documents — uploaded documents are permanently deleted along with your account upon account deletion.
- Legal holds — in limited circumstances (e.g., ongoing legal disputes, regulatory investigations), we may need to retain certain data beyond the standard deletion schedule. We will inform you if this occurs.
- Backups — deleted data is purged from our backup systems in accordance with our standard backup rotation cycle (typically within 90 days).
8. Your Rights (UK GDPR)
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights regarding your personal data:
- Right of access (Article 15) — you can request a copy of the personal data we hold about you, along with information about how it is processed.
- Right to rectification (Article 16) — you can ask us to correct inaccurate or incomplete personal data we hold about you.
- Right to erasure / "right to be forgotten" (Article 17) — you can request that we delete your personal data in certain circumstances, such as when it is no longer needed for the purpose it was collected.
- Right to restriction of processing (Article 18) — you can ask us to restrict processing of your data in certain situations (e.g., while we verify the accuracy of contested data).
- Right to data portability (Article 20) — you can request your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and have it transferred directly to another service where technically feasible.
- Right to object (Article 21) — you can object to processing based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent (Article 7(3)) — where processing is based on your consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Rights relating to automated decision-making (Article 22) — Larkling does not engage in automated decision-making that produces legal or significant effects. We do not profile you.
To exercise any of these rights, please email us at hello@larklingapp.com with the subject line "Data Rights Request". We will respond within one month (extendable by a further two months for complex requests, with notice). We may need to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk/make-a-complaint.
9. Cookies & Tracking Technologies
Larkling uses cookies and similar technologies for the following purposes:
9.1 Essential Cookies (Always Active)
These cookies are strictly necessary for our service to function and cannot be disabled:
- Authentication cookies — to keep you logged in securely (session tokens managed by Supabase Auth).
- Preference cookies — to remember your display preferences, such as dark mode, and your cookie consent choice (
lk_cookie_consent in localStorage).
- Security cookies — to protect against cross-site request forgery (CSRF) and other security threats.
9.2 Analytics Cookies (Opt-in Only)
With your explicit consent (via our cookie banner), we use:
- Google Analytics 4 — to understand how visitors use our website. We have configured GA4 with IP anonymisation, disabled Google Signals, and disabled ad personalisation. Data is retained for 14 months.
- PostHog — for product analytics, hosted on EU servers (eu.i.posthog.com). PostHog is configured to only identify you if you have an account.
You can manage your cookie preferences at any time by clicking "Manage cookies" in the footer, or through your browser settings. For more details, see our Cookie Policy.
10. Children's Data
Larkling is a co-parenting tool designed for use by adults aged 18 and over. We do not knowingly collect personal data from children under the age of 13, and our service is not directed at children.
While parents may choose to include information about their children within the app (such as a child's name in a calendar event, school appointment, or expense record), this information is entered voluntarily by the adult account holder and is subject to the same protections as all other co-parenting data.
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at hello@larklingapp.com and we will promptly delete it.
11. International Transfers
Your data is stored in the United Kingdom (AWS London eu-west-2) and is not routinely transferred outside the UK or the European Economic Area.
In limited circumstances where a data processor we use may process data outside the UK (such as Stripe for payment processing, which may transfer data to the United States), we ensure that appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs) with the UK Addendum, or an adequacy decision by the UK Government — to protect your data to UK GDPR standards.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service features. When we make material changes, we will:
- Post the updated policy on this page with a revised effective date.
- Notify active account holders via email at least 14 days before changes take effect.
- Display a prominent notice within the app for logged-in users.
We encourage you to review this policy periodically. Continued use of Larkling after changes take effect constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or how Larkling handles your personal data, please contact us:
- Email: hello@larklingapp.com
- Website: larklingapp.com
- Data Protection: For formal data subject rights requests, please use the subject line "Data Rights Request" in your email to ensure prompt routing to the correct team.
You also have the right to contact the Information Commissioner's Office (ICO), the UK's independent data protection authority. Visit ico.org.uk or call 0303 123 1113.
🐦 Larkling Ltd — Co-parenting for every family. Your data is safe with us.