Legal
Privacy notice
Last updated: 8 July 2026
Who we are
Villo is a UK-based service being built to help families coordinate the people around their child. This notice covers this website and the pre-launch waitlist. It does not yet describe the full Villo product, which is not available.
What we collect right now
- Waitlist: the email address you give us and the date you joined.
- Server logs: standard technical information (IP address, browser type, requested URL) kept briefly to keep the site running and secure.
We do not currently use analytics cookies, advertising trackers, or third-party marketing pixels on this site.
Why we use it, and on what legal basis
- Waitlist emails: your consent (UK GDPR Art. 6(1)(a)), which you give by ticking the box on the form. You can withdraw it any time by emailing us.
- Site operation and security: our legitimate interests in keeping the site online and safe (Art. 6(1)(f)).
The Villo app (early access)
If you sign in at /app, we additionally hold:
- Your account: email, password (stored only as a bcrypt hash we cannot read), display name and, if you use Google sign-in, the basic profile info Google returns.
- Child profiles you create: the child's name, date of birth, pronouns, avatar image, and any notes you choose to add.
- Documents you upload: reports, letters and files you attach to a child, stored in a private storage bucket.
- Audit log: a record of important actions on a child's profile (uploads, invites, exports, deletions) so you can see who did what.
You are the account owner and the only person who can see your children's data by default. You choose if and when to invite anyone else into the "Village" around a child.
How we protect it
- All traffic is encrypted in transit (HTTPS/TLS).
- Data is encrypted at rest by our hosting provider (AES-256).
- Row-level security in the database means one account cannot read another account's data, even if the app itself had a bug.
- Passwords are checked against the Have I Been Pwned database at signup and rejected if they appear in a known breach.
- Optional two-factor authentication (TOTP) is available in Settings → Security & privacy.
Children's data on the public website
The public website and waitlist do not collect information about children. Children's data is only held inside the signed-in app, entered by the account owner (a parent or carer).
Who sees your information
Waitlist entries are stored in our backend on Supabase (EU region, via Lovable Cloud). No one outside Villo can read them through the website. We do not sell your data or share it for marketing.
How long we keep it
Waitlist emails are kept until Villo launches (or you ask us to remove you, whichever is sooner), plus a short period afterwards for record-keeping.
Your rights & deleting your data
Under UK GDPR you can ask to access, correct, delete, or export the personal data we hold about you, and complain to the ICO (ico.org.uk).
- Waitlist email: reply to any Villo email or write to us and we will remove your address.
- App account: sign in and open Settings → Security & privacy → Delete your account. This permanently removes your account, every child profile you own, uploaded documents and tracking history. It cannot be undone.
- Anything else (access, correction, export): email us at the address below.
Contact
Data controller: Villo (details to be confirmed). Contact: hello@villocare.com.
See also our Terms and Cookie notice.