✓ GDPR Compliant ✓ 20 Years of Wisdom ✓ Your Data Never Trains AI ✓ European Servers Effective date: 30 October 2025 | Version: 4.2 | Reading time: 4 minutes
💜 Powered by 20+ Years of Parent Wisdom from 25,000+ Danish Families 🔒 YOUR DATA NEVER TRAINS OUR AI – EVER ⚠️ We do NOT use federated learning or any distributed training methods
The 30-Second Summary
Three separate data layers: Your private data + Helen's wisdom vault + Pre-trained AI
Your conversations stay YOURS: Never added to Helen's vault without explicit permission
AI never learns from you: We use pre-trained Claude 3.5, never modified with user data
20 years of wisdom: Anonymized insights from 25,000+ families guide our responses
EU-only data: Your data NEVER leaves the EU without your explicit consent
Delete = Gone forever: Your data deleted within 48 hours, backups purged within 30 days
1. Who We Are & What Makes Us Different
BabyPilot ApS (CVR: 45784630) combines 20+ years of Danish parenting expertise with modern AI technology. We're the digital evolution of Helen's decades of supporting Nordic families.
What makes us unique:
Experience: Built on 20+ years of real parent conversations (fully anonymized)
Privacy: Your data NEVER trains AI or joins our knowledge base without consent
Nordic values: Danish-owned, EU-operated, GDPR-native from day one
No distributed training: We do NOT use federated learning or any form of distributed model training
2. 🔐 Our Three-Layer Privacy System
BabyPilot operates with three completely separated data layers:
What it is: 20+ years of parenting insights from 25,000+ Danish families, collected by Helen with consent and fully anonymized using industry-standard k-anonymity (k>50) and l-diversity techniques.
Key protections:
Irreversibly anonymized using k-anonymity (k>50) – minimum 50 similar records per pattern
L-diversity applied – sensitive attributes well-represented in each group
Read-only system – cannot be modified or updated
Pattern-based – stores wisdom patterns, not personal stories
Danish law compliant – collected under strict privacy rules
How we use it: To provide context and proven patterns when answering your questions. Think of it as collective wisdom, not individual data.
Layer 2: Your Personal Data (Completely Private)
What it is: Everything you share with BabyPilot – conversations, tracking, preferences.
Iron-clad guarantees:
NEVER added to Helen's Knowledge Vault automatically
NEVER used to train or modify AI models
NEVER used for federated learning or distributed training
NEVER shared with other users
NEVER transferred outside the EU without your explicit consent
Deleted completely within 48 hours when requested
Optional contribution: You can choose to contribute anonymized insights to help future parents (with rewards), but this is 100% optional with separate consent.
Layer 3: AI Model (Pre-trained, Never Modified)
What it is: Claude 3.5 Haiku from Anthropic – a pre-trained language model.
What it CANNOT do:
Cannot learn from your conversations
Cannot be modified or fine-tuned with user data
Cannot participate in federated learning
Cannot remember you between sessions
Cannot access your data without explicit API call
AI Provider Changes
If we need to change our AI provider (currently Anthropic), we will:
Notify you 30 days in advance via email and in-app notification
Explain the reasons for the change and any privacy implications
Provide you the option to delete your account with full data erasure if you object
Ensure any new provider meets or exceeds our current privacy standards
3. How These Layers Work Together
When you ask Helen's Whisper a question, here's exactly what happens:
Step 1: Your question is encrypted and sent to our EU servers
Step 2: We search Helen's Knowledge Vault for relevant wisdom patterns (no personal data)
Step 3: Your question + relevant patterns sent to Claude 3.5
Step 4: Claude generates a response (without learning from it)
Step 5: Response delivered to you, conversation saved ONLY in your private account
Critical: Your conversation NEVER enters Helen's Knowledge Vault, trains the AI model, or participates in any form of distributed learning.
4. What We Collect & How It's Protected
5. International Data Transfers
Your data stays in the EU. Period. We will NEVER transfer your personal data outside the European Union without:
Your explicit, informed consent for each transfer
Appropriate safeguards (Standard Contractual Clauses or adequacy decisions)
A clear explanation of why the transfer is necessary
Your ability to refuse without losing access to core services
Current data locations: • Primary: Copenhagen, Denmark (EU) • Backup: Frankfurt, Germany (EU) • Never: USA, UK, China, or any non-EU country
6. The Wisdom Contributor Program (100% Optional)
Want to help the next generation of parents? You can choose to contribute anonymized insights to Helen's Knowledge Vault.
⚠️ Important: Once your contribution is anonymized using k-anonymity (k>50) and added to the Vault, it becomes part of the collective wisdom and cannot be removed, even if you later revoke consent. Only future contributions will stop.
If you choose to contribute:
Separate consent: Explicit opt-in through dedicated process
Complete anonymization: K-anonymity (k>50) and l-diversity applied
Pattern extraction: Only wisdom patterns stored, not stories
Under GDPR, you have extensive rights over your personal data:
Access: Download all your data within 24 hours
Rectification: Correct any inaccurate information
Erasure: Delete account and all data within 48 hours
Restriction: Pause processing while resolving concerns
Portability: Export data to switch services
Objection: Object to any processing
Note: Helen's Knowledge Vault contains anonymized data (k>50) that is no longer personal data under GDPR and thus not subject to individual rights requests.
8. How Long We Keep Your Data
Your personal data:
Active use: Kept while you use BabyPilot
After deletion: Erased within 48 hours
Backups: Purged within 30 days maximum
Helen's Knowledge Vault: Anonymized data (k>50) retained indefinitely as it contains no personal information.
9. Security & Infrastructure
Your data is protected by enterprise-grade security:
Encryption: AES-256-GCM at rest, TLS 1.3 with perfect forward secrecy in transit
Architecture: Zero-trust security model with principle of least privilege
Access control: Multi-factor authentication required for all administrative access
Monitoring: 24/7 automated threat detection and incident response
Compliance: ISO 27001 certification targeted for Q1 2026
Auditing: Annual security audits and Data Protection Impact Assessments (DPIA)
10. Our Trusted Partners
We work only with GDPR-compliant partners:
Anthropic (Claude AI): • Processes queries via EU endpoints • Zero data retention policy • Cannot access Helen's Knowledge Vault • Bound by our Data Processing Agreement • NO federated learning or model training on user data
Stripe (Payments): • PCI DSS Level 1 certified • Processes only payment information • No access to health or conversation data
Lab08 (Technical Infrastructure): • Provides infrastructure support only • Zero access to user data or Helen's Vault • Bound by strict confidentiality agreement
EU Cloud Providers: • All data stored within EU borders • Standard Contractual Clauses in place • Regular compliance audits
11. Contact Us
Data Controller: BabyPilot ApS, Constantin Hansens Gade 7, 19. 2, 1799 Copenhagen V, Denmark CVR: 45784630 Email: privacy@babypilot.ai Phone: +45 XX XX XX XX
Data Protection Officer: Rasmus Schmiegelow Email: dpo@babypilot.ai Response time: Within 24 hours (weekdays)
We'll notify you of any material changes via email and in-app notification at least 30 days before they take effect. Minor clarifications require 7 days notice.
