Trust
Security & Trust
Last updated: 8 June 2026 · Version 1.5
Tylu is built for families. Your children's names, photos, health notes, and daily logs deserve the same care you give them at home — so protecting your personal and family information is at the heart of everything we do.
Sensitive personal data is encrypted at rest
Your family account is private to you and those you invite
We do not sell identifiable personal data
Our commitment to you
We built Tylu because we know how personal parenting is. Every feed log, milestone photo, and health note belongs to your family — and we treat it that way. Your personal and family information is handled with care and stored securely.
Protecting your privacy is part of how Tylu works, so you can focus on what matters: your little ones.
What we encrypt
The most sensitive information in Tylu is encrypted before it is stored. We use AES-256-CBC encryption — the same industry-standard algorithm described in our Privacy Policy. Each piece of data is encrypted with a key scoped to your account or your family, so stored records are not readable as plain text.
| Data | Protection |
|---|---|
| Your email address | Encrypted at rest with AES-256 (account-level) |
| Your display name | Encrypted at rest with AES-256 (account-level) |
| Child names | Encrypted at rest with AES-256 (family-scoped) |
| Child dates of birth | Encrypted at rest with AES-256 (family-scoped) |
| Photos | AES-256 encryption applied to image files before storage (family-scoped) |
| Cycle tracking entries | Encrypted at rest with AES-256 (family-scoped) — includes symptoms, notes, and linked test photos |
| Pregnancy journal entries | Encrypted at rest with AES-256 (account-level) — includes notes, bump photos, and milestones |
| Family invitation email addresses | Encrypted at rest with AES-256 (account-level) |
| Sign-up consent records | Encrypted at rest with AES-256 (account-level) |
Account-level encryption protects data tied to your login. Family-scoped encryption means each family account has its own derived key, so child profiles, photos, and cycle logs for one family are encrypted separately from another.
What travels securely
Whenever you use Tylu in the app or on the web, your data travels over HTTPS (TLS). That encrypts information in transit between your device and our servers — including logins, log submissions, and photo uploads — so it cannot be read by third parties on the network path.
Photos and personal details are not shown on public pages. Your information is available only to members of your family account.
Other account data
Some information is stored in your family account to power everyday tracking features but is not individually encrypted at rest. This includes:
- Daily activity logs — feeds, sleep, weight, medicines, nappies, appointments, and similar records
- Gallery notes and captions attached to photos
- App preferences — theme, country, notification settings
- Child feeding preferences — formula brand, feed type, and container settings
This data is still protected by account authentication, family-level access controls, and HTTPS in transit. Only you and family members you invite can view it.
Privacy by design
Tylu is designed with your family's privacy in mind. We collect only what we need to run the app, we do not share identifiable information with advertisers, and we do not sell identifiable personal data to third parties.
You stay in control. You can review what we hold, update your preferences, and request deletion of your account and data at any time. Full details are in our Privacy Policy.
Built and hosted with care
Tylu is developed in Wales and operated with care. We work to keep your family's information safe, and we are here if you have concerns.
Parenting is hard enough without worrying about your data. Tylu is built so you can focus on what matters: your little ones.
Questions
We're happy to help. Contact us at support@tylu.uk or via our contact form. For legal or data-rights requests, see the Privacy Policy.