Privacy Policy

Last updated: 2026-06-08

1. Who we are

Aquairi (“we”, “our”, “us”) provides a mobile and web application for aquarium hobbyists. This policy explains what data we collect when you use the Aquairi mobile app (com.aquairi.app) and our website at aquairi.app, and how we handle it.

2. Data we collect

  • Account: email address, optional display name, avatar, profile bio.
  • Aquarium data: tank configuration, water parameters, equipment, schedules, inhabitants, history events.
  • Media: photos and videos you upload (aquarium pictures, profile picture, post media). EXIF metadata is stripped on upload.
  • Social: posts, comments, likes, follows, hashtags, reports and blocks you create.
  • Device data (IoT, optional): readings published by Aquairi-paired devices via MQTT, tied to your aquarium.
  • Subscription & billing: purchase tokens from Google Play / App Store in-app purchases. Payments are handled by the stores; we never see card numbers.
  • Push tokens: Firebase Cloud Messaging tokens used to deliver notifications.
  • Diagnostics: crash reports, app version, OS, anonymous usage events.

3. Permissions we request

  • Camera: to take photos of your aquarium, profile picture, or social posts. We never record video or audio without an explicit user action.
  • Photos / Storage: to attach images you choose from your device.
  • Notifications: to deliver schedule reminders, parameter alerts, social activity, and Health Score drops.
  • Network: to sync your data with our backend.

4. How we use your data

  • Operate core features (tracking, reminders, sharing, AI Health Score and insights).
  • Authenticate you and protect your account (email OTP, session management).
  • Process subscriptions and billing.
  • Detect abuse, enforce community rules, and respond to reports.
  • Improve the product through aggregate analytics. We do not sell your data.

5. Third-party processors

We share the minimum data required with the following processors:

  • DigitalOcean: hosting and S3-compatible media storage (Spaces).
  • MongoDB Atlas: primary database.
  • Firebase Cloud Messaging (Google): push notification delivery.
  • RevenueCat: mobile in-app purchase orchestration (Apple App Store / Google Play).
  • Mailgun (EU region): transactional email via SMTP (login codes, receipts).
  • Anthropic (Claude): AI rationale and insights for Health Score and anomaly detection. Only aquarium parameters and event metadata are sent — never your account identifiers, photos, or private messages.

6. Data retention & deletion

  • Account and aquarium data are retained while your account is active.
  • You can request a full export of your data from the app (Settings → Privacy → Export). Exports are delivered as a ZIP archive within 24 hours.
  • You can delete your account from the app (Settings → Privacy → Delete account). Deletion has a 7-day grace period during which it can be cancelled. After that, data is removed from primary storage and cascade-deleted from related services (social, gamification, history, media).
  • Audit logs and aggregated, non-identifying analytics may be retained for up to 12 months.

7. Your rights (GDPR / CCPA)

You have the right to access, correct, port, restrict, or delete your personal data, and to object to processing. The export and deletion features described above cover the most common requests directly in-app. For anything else, write to us at privacy@aquairi.app.

8. Children

Aquairi is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

9. Security

Passwords are not stored — authentication uses one-time codes. All traffic is encrypted in transit (TLS). Media files are validated on upload (magic-byte check, EXIF strip). Webhooks are protected against replay using idempotency keys. Despite our safeguards, no system is perfectly secure; please use a strong, unique email password.

10. Changes to this policy

We will update this page when our practices change. Material changes will be announced in-app or by email. The “Last updated” date at the top reflects the current version.

11. Contact

Questions, requests, or complaints: privacy@aquairi.app.