Privacy Policy
Your privacy and your baby's safety are our top priorities
Baby photos are only visible to registered members
Effective Date: January 1, 2025 | Version 1.0
Member-Only Photo Access
To protect children's privacy, all baby photos on Baby of the Month are only visible to registered and logged-in members. This ensures that photos are viewed only by our community of parents and not accessible to the general public or search engines.
Quick Navigation
Our Privacy Commitment
We are committed to protecting your privacy and your children's personal information. This Privacy Policy explains how Baby of the Month LLC ("we," "us," or "our") collects, uses, and protects information when you use our Platform. We comply with all applicable privacy laws including COPPA, CCPA, and maintain GDPR-compliant practices.
IMPORTANT: BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT NO DATA TRANSMISSION OR STORAGE IS 100% SECURE. WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION.
1. Privacy Overview
1.1 Scope. This Privacy Policy applies to information collected through our website, mobile applications, and services (collectively, the "Platform"). It does not apply to third-party websites or services linked from our Platform.
1.2 Consent. By using our Platform, you consent to the collection, use, and disclosure of information as described in this Privacy Policy. If you do not agree, please do not use our services.
1.3 Updates. We may update this Privacy Policy periodically. Material changes will be notified via email or Platform notice. The "Effective Date" above indicates the last revision.
2. Children's Privacy Protection (COPPA Compliance)
COPPA Compliance Notice
We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13 years of age without verifiable parental consent.
2.1 Information About Children
When parents submit contest entries, we collect:
- Baby's first name only (no last names)
- Baby's age in months
- Baby's photo (only visible to registered members)
- Optional: City and state (no street addresses)
- Optional: Brief message from parent (screened for personal info)
🔒 PHOTO PROTECTION: Baby photos are only visible to registered and logged-in members. This protects your child's privacy by preventing public access to photos.
2.2 Parental Rights Under COPPA
Parents have the right to:
- Review information collected about their child
- Request deletion of their child's information
- Refuse further collection or use of their child's information
- Consent to collection and use but not disclosure to third parties
To exercise these rights, contact us at info@babyofthemonth.org.
2.3 How We Protect Children's Information
- We never display full names or contact information of children
- Photos are reviewed before publication
- We don't allow children to create accounts or communicate with others
- We don't collect more information than necessary for contest participation
- We implement age-appropriate privacy defaults
2.4 School and Educator Notice
If you are a school or educator submitting on behalf of students, you must have appropriate permissions from parents. We can provide COPPA-compliant consent forms upon request.
3. Information We Collect
3.1 Information You Provide
Account Registration
- • Email address
- • Username
- • Password (encrypted)
- • Display name
- • Profile photo (optional)
Contest Entries
- • Baby's first name
- • Baby's age
- • Baby's photo (member-only access)
- • Location (city/state)
- • Parent message
Prize Claims
- • Full legal name
- • Mailing address
- • Phone number
- • Tax ID (if required)
- • Payment information
Communications
- • Support inquiries
- • Feedback and reviews
- • Survey responses
- • Social media interactions
- • Marketing preferences
3.2 Information Collected Automatically
Device & Browser Information
IP address, browser type, operating system, device identifiers, device fingerprinting, mobile network information, screen resolution, language preferences, timezone, referring URLs, UTM parameters, session tracking, and crash reports.
Usage Information
Pages viewed, links clicked, features used, time spent, search queries, detailed voting patterns and history, vote types (free, purchased, credits), credit earning and usage, contest participation, social media shares, referral activities, and interaction with emails and campaigns.
Location Information
Approximate location from IP address, VPN/proxy detection, country, city, location data from device (with permission), timezone information, and location information you provide in entries.
3.3 Information from Third Parties
- Social Media: Profile information when you authenticate or share (for credit rewards)
- Payment Processors: Transaction confirmations, fraud scores, payment method details (no full card numbers)
- Fraud Detection Services: Risk scores, VPN/proxy detection, device reputation
- Analytics Providers: Aggregated demographic and interest data
- Marketing Partners: Email delivery, engagement metrics, campaign participation
- Referral Tracking: Information about users who refer you or whom you refer
3.4 Voting & Credit Data
For every vote cast, we collect:
- Vote Metadata: Type (free/purchased/credit), count, timestamp, competition
- User Data: Account ID, email, IP address, session info
- Device Data: Browser, OS, device type, fingerprint, timezone
- Location: Country, city, VPN/proxy status
- Financial Data (if purchased): Transaction ID, amount, payment method type
- Fraud Indicators: Risk score, velocity metrics, pattern analysis
- Credit Source: How credits were earned (newsletter, social, referral, etc.)
- Audit Trail: All modifications, invalidations, admin actions
This comprehensive tracking enables fraud prevention and contest integrity.
4. How We Use Your Information
Contest & Voting Operations
- • Process and display contest entries
- • Track, validate, and audit all vote types (free, purchased, credits)
- • Manage vote credit earning, distribution, and expiration
- • Process vote bundle purchases and payment verification
- • Detect and prevent voting fraud through:
- Pattern analysis and ML-based fraud scoring
- Device fingerprinting and IP tracking
- VPN/proxy detection
- Rapid voting detection
- Multiple account detection
- • Determine and verify winners
- • Distribute prizes and tax forms
- • Enforce contest rules and terms
- • Grant promotional or compensatory credits
Platform Services
- • Create and manage accounts
- • Provide customer support
- • Process payments securely
- • Send transactional emails
- • Personalize user experience
- • Remember preferences
Communications
- • Contest updates and results
- • Prize notifications
- • Service announcements
- • Security alerts
- • Marketing (with consent)
- • Surveys and feedback requests
Analytics & Improvement
- • Analyze usage patterns
- • Test new features
- • Improve performance
- • Fix bugs and errors
- • Develop new services
- • Generate insights
Legal & Compliance
- • Comply with legal obligations
- • Respond to legal requests
- • Protect rights and safety
- • Investigate violations
- • Enforce agreements
- • Prevent illegal activities
Business Operations
- • Audit and accounting
- • Tax reporting
- • Business planning
- • Risk assessment
- • Insurance purposes
- • Corporate transactions
7. Data Security
IMPORTANT SECURITY DISCLAIMER
While we implement commercially reasonable security measures, we CANNOT and DO NOT guarantee the absolute security of your information. No method of electronic transmission or storage is 100% secure, and we cannot ensure or warrant the security of any information you transmit to us.
YOU UNDERSTAND AND AGREE THAT YOU TRANSMIT INFORMATION AT YOUR OWN RISK.
7.1 Technical Safeguards
We implement industry-standard security measures which may include, but are not limited to:
- Encryption: TLS/SSL encryption for data in transit (subject to availability)
- Storage: Encrypted data at rest where technically feasible
- Access Controls: Role-based permissions when implemented
- Monitoring: Security monitoring as resources permit
- Updates: Periodic security updates as deemed necessary
- Backups: Data backups subject to technical limitations
Note: These measures are subject to change without notice and may not be implemented at all times.
7.2 NO WARRANTY OF SECURITY
WE EXPRESSLY DISCLAIM ANY WARRANTY THAT:
- Your information will be secure or confidential
- Our security measures will prevent all unauthorized access
- Data breaches, hacking, or theft will not occur
- Your information will not be disclosed due to our errors or third-party actions
- Our security measures meet any particular standard
7.3 Your Security Responsibilities
You are solely responsible for:
- Maintaining the confidentiality of your account credentials
- Any activities that occur under your account
- Implementing your own security measures for your devices
- Backing up any important information
- The security of your internet connection
We are not responsible for any damages resulting from your failure to maintain adequate security.
7.4 Data Breach Notification
If a security breach occurs that may affect your personal information, we will attempt to notify affected users as required by applicable law. However, we do not guarantee timely notification, and you agree that we have no liability for any delay in or failure to provide notification.
ASSUMPTION OF RISK
By using our Platform, you acknowledge and accept the inherent security risks of providing information online and agree that we shall have no liability for any breach of security unless it is due to our gross negligence or willful misconduct, and then only to the extent required by law.
8. Data Retention
We retain information only as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.
8.1 Retention Periods
8.2 Deletion Process
When retention periods expire, we:
- Securely delete or anonymize personal information
- Remove photos from active storage
- Retain only aggregated, non-identifying statistics
- Maintain deletion logs for compliance
8.3 Legal Holds
We may retain information beyond normal periods if subject to legal hold, investigation, or litigation. You will be notified if this affects your data.
9. Your Privacy Rights
9.1 Rights for All Users
Access & Portability
- • Request copy of your information
- • Download data in common formats
- • See how data is processed
- • Transfer to another service
Correction & Deletion
- • Update incorrect information
- • Delete unnecessary data
- • Remove contest entries
- • Close your account
Control & Consent
- • Opt out of marketing
- • Manage cookie preferences
- • Limit data processing
- • Withdraw consent
Transparency & Objection
- • Know what data we have
- • Understand processing purposes
- • Object to certain uses
- • Lodge complaints
9.2 California Privacy Rights (CCPA/CPRA)
CALIFORNIA CONSUMER PRIVACY ACT (CCPA) & CALIFORNIA PRIVACY RIGHTS ACT (CPRA) DISCLOSURE
California residents have specific rights under the CCPA/CPRA. This section provides required disclosures and explains how to exercise your rights.
Categories of Personal Information We Collect
- Identifiers: Name, email, IP address, account username
- Personal Records: Phone number, billing address, payment information
- Protected Classifications: Age (for contest eligibility)
- Commercial Information: Contest entries, voting history, purchase records
- Internet Activity: Browsing history, search history, interaction with our Platform
- Visual Information: Photos of babies submitted for contests
- Professional Information: Parent/guardian status
- Inferences: Preferences, characteristics, behavior patterns
Your CCPA/CPRA Rights
- Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
- Right to Delete: Request deletion of personal information (with exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt-out of sale/sharing of personal information (we do not sell)
- Right to Limit Use: Limit use and disclosure of sensitive personal information
- Right to Non-Discrimination: Equal service and pricing regardless of rights exercised
How We Use Your Information
| Category | Business Purpose |
|---|---|
| Identifiers | Account creation, communication, security |
| Personal Records | Payment processing, prize distribution |
| Visual Information | Contest participation, winner selection |
| Internet Activity | Platform improvement, personalization |
Data Retention
We retain personal information only as long as necessary for business purposes or legal requirements. See Section 8 for specific retention periods.
How to Exercise Your CCPA Rights
California residents may exercise rights by:
- Email: info@babyofthemonth.org
- Online Form: Visit our Privacy Rights Center
We will verify your identity and California residency before processing requests. Response within 45 days.
Authorized Agents
You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization and verify both identities.
"Do Not Sell or Share" Disclosure
We DO NOT sell or share personal information as defined by CCPA/CPRA. We have not sold personal information in the preceding 12 months.
Annual Statistics: California residents may request metrics on CCPA requests received, complied with, and denied in the previous calendar year.
9.3 European Privacy Rights (GDPR)
GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE
While our services are primarily for U.S. residents, we maintain GDPR-compliant practices. If you're in the European Economic Area (EEA), United Kingdom, or Switzerland, this section applies.
Legal Basis for Processing
- Consent: When you create an account or submit entries
- Contract: To provide contest services you requested
- Legal Obligations: Tax reporting, legal compliance
- Legitimate Interests: Platform security, fraud prevention, improvement
- Vital Interests: Protecting health and safety (rare circumstances)
Your GDPR Rights
- Right of Access: Obtain confirmation and copy of your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict: Limit processing in certain circumstances
- Right to Portability: Receive data in machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Automated Decision Rights: Not be subject to solely automated decisions
- Right to Withdraw Consent: Withdraw consent at any time
International Data Transfers
Your data is transferred to and processed in the United States. We ensure appropriate safeguards:
- Standard Contractual Clauses with processors
- Privacy Shield principles (where applicable)
- Appropriate technical and organizational measures
Data Protection Officer
Contact our Data Protection Officer at: info@babyofthemonth.org
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR.
Privacy by Design
We implement privacy by design principles:
- Data minimization - collect only what's necessary
- Purpose limitation - use data only for stated purposes
- Storage limitation - retain only as long as needed
- Security by default - encryption and access controls
- Transparency - clear privacy notices and controls
9.4 How to Exercise Your Rights
To exercise any privacy right:
- Email: info@babyofthemonth.org
- Include your account email and specific request
- Provide identity verification if requested
- We'll respond within 30 days (45 for complex requests)
10. International Users & State Law Compliance
United States Service Area
Baby of the Month LLC is headquartered in Florida, USA, and operates throughout all 50 United States, the District of Columbia, and U.S. territories. We comply with applicable federal and state laws.
10.1 State-Specific Privacy Law Compliance
We comply with all applicable state privacy laws. Residents of certain states have additional rights:
California (CCPA/CPRA)
- • Right to know what personal information is collected
- • Right to delete personal information
- • Right to opt-out of sale (we don't sell data)
- • Right to non-discrimination
- • Right to correct inaccurate information
- • Right to limit use of sensitive personal information
Virginia (VCDPA)
- • Right to access personal data
- • Right to correct inaccuracies
- • Right to delete personal data
- • Right to data portability
- • Right to opt-out of targeted advertising
Colorado (CPA)
- • Right to opt-out of data processing
- • Right to access and correction
- • Right to deletion
- • Right to data portability
- • Right to opt-out of profiling
Connecticut (CTDPA)
- • Similar rights to Virginia and Colorado
- • Right to appeal privacy rights decisions
Utah (UCPA)
- • Right to access and delete personal data
- • Right to data portability
- • Right to opt-out of targeted advertising
Additional State Privacy Laws (Effective 2024-2026)
We comply with all applicable state privacy laws. Additional states with comprehensive privacy laws:
Effective 2024:
- • Texas (TDPSA) - July 2024
- • Oregon (OCPA) - July 2024
- • Montana (MCDPA) - October 2024
Effective 2025:
- • Delaware (DPDPA) - January 2025
- • Iowa (ICDPA) - January 2025
- • Nebraska (NDPA) - January 2025
- • New Hampshire (SB 255) - January 2025
- • New Jersey (SB 332) - January 2025
- • Tennessee (TIPA) - July 2025
- • Minnesota (MCDPA) - July 2025
- • Maryland (MODPA) - October 2025
- • Rhode Island (RIDTPPA) - 2025
We also monitor Florida Digital Bill of Rights, Nevada SB 370, and emerging laws in Kentucky, Indiana, Massachusetts, and other states.
10.2 Federal Law Compliance
We comply with all applicable federal privacy and data protection laws:
COPPA (Children's Online Privacy Protection Act)
• Verifiable parental consent required for children under 13
• Limited data collection about children
• Parental review and deletion rights
• See Section 2 for full COPPA compliance details
CAN-SPAM Act
• Clear identification of commercial emails
• Accurate sender information
• One-click unsubscribe in all emails
• Prompt honor of opt-out requests (within 10 days)
Section 5 of the FTC Act
• Fair and transparent data practices
• No deceptive or unfair practices
• Clear privacy disclosures
• Data security measures
Not Applicable But Worth Noting
HIPAA: We do not collect health information
FERPA: We are not an educational institution
GLBA: We are not a financial institution
FCRA: We do not provide consumer reports
10.3 State Contest & Sweepstakes Compliance
We comply with each state's specific contest and sweepstakes laws, including:
- Florida: Compliance with Florida Statutes Chapter 849 (our home state)
- New York: Registration for prizes over $5,000 if required
- Rhode Island: Registration for prizes over applicable thresholds if required
- All States: No purchase necessary for entry; skill-based judging options available
Note: Contest regulations vary by state. We reserve the right to restrict or modify contests in any jurisdiction to ensure compliance with local laws.
10.3 Biometric Information Laws
For states with biometric information laws (Illinois BIPA, Texas, Washington), we:
- Do not collect biometric identifiers from photos
- Do not use facial recognition technology
- Do not create biometric templates
- Only store photos as submitted for contest display
10.4 Data Location & Processing
All data is processed and stored in the United States. Our primary servers are located in AWS regions within the United States. By using our services from any U.S. state or territory, you consent to the processing of your data in accordance with Florida and federal law, as well as any applicable laws of your state of residence.
10.5 State-Specific Contact Rights
To exercise state-specific privacy rights, contact us via:
- Email: info@babyofthemonth.org
Please specify your state of residence and the specific rights you wish to exercise. We will respond within the timeframe required by your state's law (typically 30-45 days).
10.6 International Users
While we primarily serve the United States, if you access our Platform from outside the U.S., your information will be transferred to and processed in the United States. You consent to this transfer and acknowledge that U.S. privacy laws may differ from those in your country. We currently do not offer services specifically tailored for non-U.S. residents.
Jurisdictional Limitations
Where state law provides greater protection than this Policy, state law will govern. We reserve the right to limit our services or modify our practices in any state to ensure legal compliance. Some features may not be available in all states due to local regulations.
11. Marketing & Communications
11.1 Marketing Preferences
We only send marketing emails with your consent. You can:
- Opt out using the unsubscribe link in any marketing email
- Update preferences in your account settings
- Email us at info@babyofthemonth.org
11.2 Push Notifications
Mobile app users can manage push notifications through device settings. We send notifications for contest updates, voting reminders, and winner announcements.
12. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time, in our sole discretion. Changes may be made without prior notice, although we may attempt to notify you of material changes.
YOUR CONTINUED USE OF THE PLATFORM FOLLOWING ANY CHANGES CONSTITUTES YOUR ACCEPTANCE OF SUCH CHANGES. IT IS YOUR RESPONSIBILITY TO REVIEW THIS POLICY PERIODICALLY.
13. Disclaimers and Limitations
NO WARRANTIES
OUR SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE MAKE NO GUARANTEES REGARDING:
- The security or privacy of your information
- The accuracy, reliability, or completeness of our services
- The availability or uptime of our Platform
- The prevention of unauthorized access or data loss
- Compliance with any particular privacy standard
13.1 Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR:
- Any indirect, incidental, special, consequential, or punitive damages
- Loss of data, revenue, profits, or business opportunities
- Any damages resulting from unauthorized access to your information
- Any damages exceeding $100 USD
- Any matter beyond our reasonable control
13.2 Indemnification
You agree to indemnify, defend, and hold harmless Baby of the Month LLC and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from or related to your use of our services or violation of this Privacy Policy.
13.3 Force Majeure
We shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, strikes, or shortages of transportation facilities, fuel, energy, labor, or materials.
13.4 No Professional Advice
Nothing in this Privacy Policy constitutes legal, financial, or professional advice. You should consult appropriate professionals for specific advice tailored to your situation.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN WARRANTIES OR DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY, AND YOU MAY HAVE ADDITIONAL RIGHTS. IN SUCH CASES, OUR LIABILITY WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
14. Mandatory Binding Arbitration
PLEASE READ CAREFULLY - THIS AFFECTS YOUR LEGAL RIGHTS
BY USING OUR SERVICES, YOU AGREE TO RESOLVE ALL DISPUTES RELATED TO PRIVACY, DATA COLLECTION, OR THIS POLICY THROUGH BINDING INDIVIDUAL ARBITRATION AND WAIVE YOUR RIGHT TO SUE IN COURT OR HAVE A JURY TRIAL.
14.1 Arbitration Agreement
Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, your personal information, data breaches, or privacy rights shall be resolved exclusively through binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. The arbitration shall be conducted in Florida or your state of residence at your option.
14.2 Class Action Waiver
YOU AGREE TO ARBITRATE DISPUTES ONLY IN YOUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MULTIPLE PERSONS' CLAIMS.
14.3 30-Day Opt-Out
You may opt out of this arbitration agreement by sending written notice to info@babyofthemonth.org within 30 days of first using our Platform. Include your name, email address, and clear statement opting out of arbitration.
15. Additional State-Specific Privacy Notices
NOTICE TO RESIDENTS OF SPECIFIC STATES: You may have additional privacy rights under your state's laws. We comply with all applicable state privacy regulations.
Nevada Residents
Nevada law permits residents to opt-out of the sale of certain personal information. We do not sell your personal information. To submit a verified request, email: info@babyofthemonth.org
Maine Residents
Under Maine law, we will not disclose personal information of minors under 16 without affirmative consent. For questions: info@babyofthemonth.org
Vermont Residents
We do not disclose personal information to non-affiliated third parties for their marketing purposes without your consent as required by Vermont law.
Texas Residents
Texas residents may have additional rights under the Texas Identity Theft Enforcement and Protection Act. Contact us for more information.
Illinois Residents
We do not collect biometric data as defined under the Illinois Biometric Information Privacy Act (BIPA). Photos are stored as submitted without biometric processing.
Washington Residents
Washington residents may have additional rights under state privacy laws. We do not use facial recognition technology on submitted photos.
All States: This is not an exhaustive list. Residents of any U.S. state may contact us at info@babyofthemonth.org to learn about state-specific privacy rights. Please include your state of residence in your inquiry.
16. Third-Party Services & External Links
WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF THIRD-PARTY SERVICES OR EXTERNAL WEBSITES.
16.1 Third-Party Services. Our Platform may integrate with third-party services including payment processors, analytics providers, and cloud storage. These services have their own privacy policies and practices that are beyond our control. We are not responsible for the privacy or security practices of these third parties.
16.2 External Links. Our Platform may contain links to external websites. We do not control these sites and are not responsible for their privacy practices. We encourage you to review the privacy policies of any external sites you visit.
16.3 Social Media. If you interact with us through social media platforms, your information may be collected by those platforms according to their privacy policies. We are not responsible for the data collection practices of social media platforms.
16.4 No Endorsement. The presence of third-party services or links does not constitute our endorsement of those parties, their products, services, or privacy practices.
Privacy Questions or Concerns?
We take your privacy seriously. Contact our dedicated privacy team for any questions, concerns, or to exercise your privacy rights.
Data Protection Officer: info@babyofthemonth.org
Baby of the Month LLC
© 2025 All Rights Reserved