Privacy Policy

1. Information We Collect

We collect information you provide directly to us when you:

• Create an account with your email address
• Add information about your pets (crittrs), habitats, and care logs
• Upload photos of your pets and their environments
• Track inventory items like food, equipment, and supplies
• Set up care tasks and reminders
• Communicate with our support team

1.1 Analytics and Error Reporting Data

With your consent, we may collect technical data to improve the reliability and performance of our service:

• Error Reports: When errors occur, we collect error messages, stack traces, and contextual information (current page, browser type, app version) to diagnose and fix issues. Personal data is scrubbed from error reports before transmission.
• Performance Metrics: We collect web performance data (page load times, response times) to optimize the application experience.
• User Interactions: We may record recent user actions (such as clicks and navigation) as “breadcrumbs” to help reproduce and resolve technical issues.

Opting Out: Error reporting and performance monitoring are optional. You can disable these features in your app settings at any time.

1.2 Device Information in Support Requests

When you submit a support request or feedback, we may collect:

• Your email address (optional)
• Device and browser information (user agent, current page)
• The feedback type and message content

This information helps us reproduce issues and provide better support. Device information collection is opt-in — you can choose not to include it when submitting support requests. Support requests may be used to create issue reports in our development tracker. Any personal information is sanitized before being shared with our development team.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our pet care tracking services
• Process your subscription payments and manage your account
• Send you care reminders and notifications about your pets
• Generate analytics about your pet's care patterns
• Provide customer support and respond to your inquiries
• Send you important updates about our service
• Diagnose technical issues and improve application reliability
• Monitor application performance and optimize user experience

2.1 Legal Basis for Data Processing (GDPR Article 6)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases:

• Contract Performance: Processing your account data, subscription management, and payment processing is necessary to provide the services you have subscribed to.
• Legitimate Interest: We rely on legitimate interest for account management, service improvements, error reporting (with data scrubbing), security monitoring, and sending essential service updates. We balance our interests against your rights and freedoms.
• Consent: We obtain your consent for marketing communications, optional analytics and performance monitoring, push notifications, and optional device information collection in support requests. You may withdraw consent at any time (see Section 9).
• Legal Obligation: We process certain data to comply with tax, regulatory, and legal requirements applicable to our business.

3. Information Sharing and Third-Party Services

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

3.1 Third-Party Service Integrations

We use the following third-party services to operate CrittrHavens:

• Supabase (Database, Authentication, Storage): Hosts our database, handles user authentication, and stores your uploaded photos. Supabase maintains SOC 2 Type II compliance. Your data is isolated using Row Level Security (RLS) policies, ensuring no other user can access your information.
• Stripe (Payment Processing): Processes subscription payments. We share your email address and user ID with Stripe to create checkout sessions. Stripe is PCI DSS Level 1 compliant. We do not store your credit card numbers or payment method details — these are handled entirely by Stripe.
• Google OAuth (Authentication): If you choose to sign in with Google, Google provides us with your name and email address. We do not receive your Google password or access other Google account data.
• iNaturalist / Encyclopedia of Life APIs (Species Data): When you look up species information, we query these public APIs on your behalf. Only the species search query is shared — no personal data is transmitted to these services.
• Error Reporting Service (Optional): If enabled, error data is transmitted to our error reporting service. Personal data is scrubbed before transmission. This is opt-in and can be disabled at any time.

3.2 Cross-Platform Data Sharing

CrittrHavens is available on the web, iOS (App Store), and Android (Google Play). Depending on which platform you use to subscribe and access the app, your data may be processed by different parties. This section explains how data flows between platforms.

3.2.1 Platform-Specific Payment Processing

• iOS (Apple App Store): When you subscribe through the App Store, Apple processes your payment information directly. Apple shares your subscription status, plan type, and renewal dates with us, but we never receive your payment card details, billing address, or Apple ID password. Apple's payment processing is governed by Apple's Privacy Policy.
• Android (Google Play): When you subscribe through Google Play, Google processes your payment and manages subscription billing. Google shares your subscription status, plan type, and renewal dates with us. We do not receive your payment method details or billing address. Google's payment processing is governed by Google's Privacy Policy.
• Web (Stripe): When you subscribe through our website, payments are processed directly by Stripe. We share your email address and user ID with Stripe to create checkout sessions. Stripe is PCI DSS Level 1 compliant. We do not store your credit card numbers — these are handled entirely by Stripe. See Stripe's Privacy Policy.

3.2.2 Cross-Platform Subscription Syncing

If you subscribe on one platform and use CrittrHavens on another, here is how your subscription works across platforms:

• Subscription Status Sync: Your subscription status is stored in our servers and accessible from any platform. Regardless of where you subscribed, your premium features are available on web, iOS, and Android.
• Account Data Consistency: Your pets, habitats, care logs, photos, tasks, and settings sync through our secure servers (Supabase) and remain consistent across all platforms. Platform providers (Apple/Google) do not have access to your app content data.
• Manage Through Original Platform: Subscriptions must be managed (upgraded, downgraded, or cancelled) through the platform where you originally subscribed:
  • iOS subscriptions: Apple Settings → Subscriptions
  • Android subscriptions: Google Play → Payments & Subscriptions
  • Web subscriptions: Managed through your CrittrHavens account settings via our Stripe billing portal.
• No Cross-Platform Transfer: Subscriptions cannot be transferred between platforms (e.g., from iOS to web). If you wish to switch platforms, cancel your current subscription on the original platform and resubscribe on the new one.

3.2.3 Data Minimization Across Platforms

• We only receive subscription status (active/expired/cancelled), plan type, and expiration or renewal dates from app store platforms. No payment card details are ever shared with us.
• User account data (pets, habitats, care logs, photos) remains on our servers and is never shared with Apple or Google.
• Photo and app data sync is handled exclusively through our secure servers — platform providers cannot access your app content.
• We send only subscription validation requests to Apple and Google. No personal data beyond what is required for receipt validation is transmitted.

3.2.4 Your Control Over Cross-Platform Data

• You can access your full account data from any platform, regardless of where you subscribed.
• Data export (Section 9) is available from any platform and includes all your data in a portable format.
• Account deletion (Section 9) removes your data from our servers across all platforms. Note that Apple and Google may retain their own records of your subscription transactions per their respective privacy policies.
• You can review what data Apple and Google hold about your CrittrHavens subscription through their respective privacy dashboards (Apple Data & Privacy, Google Data & Privacy).

3.3 Other Circumstances

We may also share your information:

• When required by law or to protect our rights and safety
• With your explicit consent for specific purposes

4. Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

4.1 Technical Security Implementation

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security).
• Encryption at Rest: Your data stored in our database is encrypted at rest using AES-256 encryption.
• Infrastructure Compliance: Our database and storage infrastructure (Supabase) maintains SOC 2 Type II compliance, with regular third-party security audits.
• Access Controls: Row Level Security (RLS) policies enforce complete data isolation between users at the database level, ensuring your data can only be accessed by your authenticated account.
• Audit Logging: Security events are monitored and logged for anomaly detection and incident response.
• Authentication Security: We support secure authentication via email/password and Google OAuth, with industry-standard session management.

5. Photo Storage and Retention

Photos you upload are stored securely in cloud storage. Photo retention depends on your subscription plan and whether photos are marked as favorites.

5.1 Retention by Subscription Tier

• Favorites: Photos marked as favorites are retained indefinitely, up to your plan's photo limit.
• Automated Cleanup: Non-favorite photos past their retention period are automatically deleted by our cleanup process. An audit record is kept for transparency.
• User Control: You can mark or unmark photos as favorites at any time to control retention. You may also manually delete any photo before the retention period expires.
• Image Processing: Uploaded photos are optimized (converted to WebP format) for storage efficiency. Maximum upload size is 10 MB per image.

6. Push Notifications

With your permission, we may send push notifications for care reminders, low inventory alerts, and daily summaries. You can disable these notifications at any time in your device settings or app preferences.

7. Data Storage and Offline Functionality

To provide a seamless experience, CrittrHavens stores limited data locally on your device:

• Session Data: Authentication session information for keeping you signed in.
• Offline Queue: When you use the app without an internet connection, your actions (creating, updating, or deleting records) are queued locally and synchronized when connectivity is restored.
• Error Reports: The last 10 error reports may be cached locally before transmission.

All locally stored data is removed when you sign out or clear your browser data.

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. Your Rights and Data Control

You have the following rights regarding your personal data:

• Right of Access: Request a complete copy of all personal data we hold about you. You can export your data from within the app at any time.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Rectification: Update or correct your personal information at any time through your account settings.
• Right to Erasure: Delete your account and all associated data. We offer two options:
  • Data Reset: Remove all your pet, habitat, care, and task data while keeping your account active.
  • Full Account Deletion: Permanently delete your account, all data, all uploaded photos, and your authentication credentials.
• Right to Withdraw Consent: Revoke consent for optional data processing (analytics, error reporting, marketing communications, push notifications) at any time through your app settings. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
• Right to Object: Object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to Restrict Processing: Request that we limit processing of your data in certain circumstances.
• Disable Push Notifications: Turn off all push notifications in your device settings or app preferences.

9.1 How to Exercise Your Rights

Most rights can be exercised directly within the app:

• Data export and account deletion: Navigate to Settings in the app.
• Notification preferences: Manage in app settings or your device settings.
• Analytics opt-out: Toggle analytics settings in the app.
• Other requests: Contact us through our support channels. We will respond within 30 days (or sooner as required by applicable law).

9.2 Complaint Rights

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. EEA residents can contact their local Data Protection Authority. UK residents can contact the Information Commissioner's Office (ICO). You may also contact us first and we will endeavor to resolve your concern.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt-out of the sale of personal information. We do not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the “Last updated” date. For significant changes that affect your rights, we will provide prominent notice within the app or via email.

12. Contact Us

If you have any questions about this privacy policy, our data practices, or wish to exercise your data rights, please contact us through our support channels within the app or by visiting our website.