Skip to main content
🍼 Tabsly
The most complete diaper database.
Community-sourced · Always free · No ads.
Support on Ko-fi
Browse
All DiapersBrandsCompareFind My DiaperStart HereWishlist
Community
Community HubLeaderboardCommunity ListsChallengesAbout TabslySuggest a ProductSign in
© 2026 TabslyTermsPrivacyAboutSubmit a productContactHelp

Privacy Policy

Last updated: April 2026

We wrote this in plain language because we think privacy policies should actually be readable.

What data we collect

Account data
Email address, display name, username, and avatar (optional). Required to create an account.
Profile preferences
Default diaper size, per-product size preferences, notification settings. Stored to personalise your experience.
Wear logs
Diaper used, wettings, changes, fill level, booster used, leaked status, comfort rating, odor noted, wear duration, and worn size. You create these voluntarily. They are private to your account.
Reviews and ratings
Product ratings (1–5) and written reviews you submit. These are public.
Wishlist and tried list
Products you save or mark as tried. Private to your account.
Inventory
Product quantities and notes you track. Private to your account.
Usage data
Pages visited and features used, via Vercel Analytics — privacy-preserving, aggregated, no cross-site tracking. We do not use Google Analytics.
Payment data
If you subscribe to Pro, Stripe processes your payment. We never see or store your card number. We store your Stripe customer ID and subscription status only.

What we do NOT collect

  • We do not sell your data to anyone, ever.
  • We do not run advertising. There are no ad networks on Tabsly.
  • We do not use cookies for tracking — only for session management.
  • We do not collect your real name, address, phone number, or any government ID.
  • We do not profile you across websites.
  • We do not share your personal wear logs with any third party.

Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

Contract
Processing your email and account data is necessary to provide the service you signed up for.
Legitimate interests
We process anonymised usage data to understand how the platform is used and improve it. We process wear log aggregates to power community statistics that benefit all users. Our legitimate interest does not override your rights.
Consent
Marketing emails (weekly digest, new release alerts) are sent only if you explicitly enable them in your notification settings. You may withdraw consent at any time.
Legal obligation
We retain payment and transaction records as required by applicable financial regulations.

How wear log data becomes community data

When you log a wear for a specific diaper, your entry contributes to anonymised aggregate statistics shown on that product's page (average wettings, leak rate, comfort percentage, fill level distribution). This aggregation happens at the database level — the query groups by product ID only, with no user identifier in the output. It is not possible to reverse-engineer individual users from this aggregate data.

Where data is stored

All data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure in the United States. If you are an EU/EEA resident, your data is transferred outside the EEA. We rely on Standard Contractual Clauses (SCCs) via Supabase's Data Processing Agreement to ensure an adequate level of protection.

Your rights

AccessYou can view all your data in your profile at any time.
DeleteYou can delete your account and all associated data from your profile settings. Deletion is permanent and takes effect within 24 hours.
ExportYou can download your wear logs, journal, reviews, and wishlist as CSV files from Profile → Settings → Export my data.
CorrectYou can edit or delete any review, log entry, or profile information at any time.
RestrictYou may request that we restrict processing of your data pending correction or while you object to processing based on legitimate interests.
ObjectYou may object to processing based on our legitimate interests. We will cease unless we can demonstrate compelling grounds.
UnsubscribeYou can opt out of all marketing emails at any time from Profile → Settings, or via the unsubscribe link in any email.

To exercise any of these rights, contact us. We will respond within 30 days (the statutory period under GDPR).

California residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — you may request disclosure of the categories and specific pieces of personal information we collect about you.
  • Right to delete — you may request deletion of your personal information, subject to certain exceptions.
  • Right to correct — you may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioural advertising.
  • Right to non-discrimination — we will not discriminate against you for exercising any CCPA/CPRA rights.

To submit a CCPA/CPRA request, contact uswith the subject “California Privacy Request”. We will respond within 45 days.

Cookies

Tabsly uses the following cookies:

Session cookies (Supabase)
Required to keep you signed in. Cannot be disabled without breaking authentication.
Essential
Theme preference
Stores your light/dark/high-contrast preference in localStorage. No server involved.
Functional
Consent record
Stores your cookie consent choice in localStorage so we do not prompt you on every visit.
Functional

We use no advertising cookies, no third-party tracking pixels, and no fingerprinting technology.

Third-party services

SupabaseDatabase and authenticationPolicy ↗
StripePayment processing (Pro subscriptions)Policy ↗
VercelHosting, CDN, and analyticsPolicy ↗
ResendTransactional email deliveryPolicy ↗

Children

Tabsly is not directed at or intended for anyone under 18. If you are under 18, please do not create an account. If we become aware that a user is under 18, we will delete their account and all associated data.

Data retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data is deleted within 24 hours, except where we are required by law to retain it (e.g. payment records, which are retained for 7 years per standard accounting requirements). Anonymised aggregate data (e.g. your contributions to community wetting statistics) may persist indefinitely as it cannot be linked back to you.

Changes to this policy

If we make material changes to how we handle your data, we will post a notice on the site at least 14 days before the change takes effect. For non-material changes (typos, clarifications) we will update the date at the top.

Contact and supervisory authority

Privacy questions, data requests, or complaints: contact us. We aim to respond within 30 days.

If you are an EU/EEA resident and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (DPA). A list of EU DPAs is available at edpb.europa.eu.

Terms of Service →Community Guidelines →← Back to home