BeagleBay Privacy Policy
Last updated: May 15, 2026 · Effective: May 15, 2026
ProPawsTech ("we", "us", "our") operates the BeagleBay iOS application ("the App"). This Privacy Policy explains what information we collect, why, how we use it, who we share it with, and the rights you have over it.
This policy is written for our current US launch and describes our privacy practices for App Store users in the United States. It is designed to satisfy Apple's App Store privacy requirements and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA). US users outside California with substantively similar state-level rights (e.g. Virginia VCDPA, Colorado CPA) may exercise them via the same channels.
Availability
The App is currently available only in the United States via the US App Store. We will update this policy and appoint the required local representatives before expanding to additional regions (such as the EU/EEA, the United Kingdom, or Switzerland).
1. Who is the data controller?
ProPawsTech
Email: propawstech@proton.me
2. Data we collect and why
The App operates with a device-local data model. Almost everything you do in the App — your dog's profile, walks, GPS routes, wellness logs, photos, vocalization counts — is stored only on your device in an encrypted on-device database. None of it is uploaded to our servers.
The only data that leaves your device for our backend is what's needed to authenticate your account, manage account deletion, and tell which ProPawsTech app created the account (including the Apple revocation token described below).
| Category | Source | Examples | Where it lives | Purpose |
|---|---|---|---|---|
| Account identifier | Sign in with Apple or email/password | Apple-issued user ID, private-relay or actual email address, email address for email/password accounts, Supabase user ID, session tokens, and password authentication data handled by Supabase | Our auth backend (Supabase) | Authenticate you and allow account deletion |
| App source | App during account use | A short app tag such as beaglebay or goldengrin |
Our auth backend (Supabase) | Count accounts by ProPawsTech app and support app-specific account operations |
| Apple revocation token | Apple (via Sign in with Apple, only if you chose that sign-in method) | A long-lived refresh token Apple issues so we can revoke your authorization server-side when you delete your account | Our auth backend (Supabase) — server-side only, never sent back to the device | Revoke your Sign in with Apple authorization when you delete your account |
| Dog profile | You (manual entry) | Name, breed, birth date, weight, photo | On your device only | Display in the App |
| Walk activity | App during use | GPS route, distance, duration, elevation | On your device only | Show walk history, write to Apple Health |
| Wellness logs | You (manual entry) | Weight history, meals, care notes | On your device only | Show in wellness tabs |
| HealthKit (optional, write-only) | Apple Health | Walk distance + active energy written from completed walks | On your device only | Credit your Apple Health Activity rings |
| Audio (transient) | Microphone | Audio buffers analyzed on-device only; | On your device only — | Detect dog vocalizations |
| never recorded, stored or transmitted | discarded immediately | |||
| Vocalization counts | App during walks | Per-event timestamp + confidence score | On your device only | Show vocalization insights |
We do not collect contact lists, advertising identifiers (IDFA), browser history, biometric facial data, precise device fingerprints, or any data about people other than the account holder.
Anonymous app accounts. You can use the App without providing any account details (Sign in with Apple or email/password). If you do, the App still creates an internal identifier — a random UUID — so it can manage your session and so account deletion can wipe the server-side record. This identifier is not linked to any personal information about you. If you reinstall the App while using an anonymous app account, a new identifier is generated; we do not deduplicate via device identifiers or fingerprints.
Implication of the device-local model. Because your dogs, walks, and wellness data are not uploaded, we cannot recover them if you delete the App, lose your device, or sign in on a new device. Cross-device sync is not offered in this version.
2a. Permissions and consent
iOS asks for explicit permission the first time the App uses each of:
- Location (to record walk routes)
- Microphone (for on-device vocalization detection during walks)
- Apple Health (to write completed walks to your Activity rings)
- Notifications (to deliver care reminders)
- Photos / Camera (to attach photos to a walk or to your dog's profile)
You can revoke any of these at any time in iOS Settings → Privacy & Security → BeagleBay, or for Apple Health in iOS Settings → Privacy & Security → Health → BeagleBay. Revocation does not affect processing that already took place.
2b. HealthKit specifics
If you grant HealthKit access, we process that data under Apple's HealthKit terms.
BeagleBay uses HealthKit write-only access: at the end of each completed walk, the session's walking/running distance and active energy are written to Apple Health so your Activity ring credits the session. BeagleBay does not read your steps, energy, or other Health data — distance, duration, and calories shown in the app are all computed on-device from GPS during the walk itself.
In addition to the write-only scope:
- Stays on your device. HealthKit data is never uploaded to our servers, Supabase, or any third party.
- Not used for advertising or data mining. Per Apple's policy, HealthKit data is never used for marketing, shared with data brokers, or sold.
- Fully revocable. You can revoke BeagleBay's ability to write to Apple Health at any time in Settings → Privacy & Security → Health → BeagleBay. Walks already written remain in Apple Health; future walks just won't be mirrored.
3. Sharing & sub-processors
We do not sell or "share" (as defined under CCPA/CPRA) your personal information. We do not engage in cross-context behavioral advertising.
We share data only with the sub-processors required to deliver the service:
| Sub-processor | Purpose | Data residency |
|---|---|---|
| Apple Inc. | Sign in with Apple, HealthKit, local notifications | Per Apple's policies |
| Supabase Inc. | Authentication, account deletion, and app-source attribution — Apple-issued account identifier, private-relay or actual email address, email/password account credentials handled by Supabase, internal Supabase user ID, session tokens, password-reset tokens, a short app tag such as beaglebay or goldengrin, and the Apple-issued refresh token used to revoke Sign in with Apple authorization at deletion |
United States |
Supabase does not store any of your dogs, walks, wellness logs, photos, or HealthKit data — those never leave your device.
3a. International data transfers
Supabase is a US-based service and all authentication data described above is stored in the United States. BeagleBay is currently distributed only via the US App Store. If you later access the App from outside the US, the authentication data we hold will continue to be stored in the United States.
4. Data retention
What deletion does. Settings → Privacy → Delete my account removes your BeagleBay account from our authentication backend, revokes the app's Sign in with Apple authorization using Apple's token revocation flow (if you signed in with Apple), clears local Keychain/session state, and wipes the on-device app data store before signing you out. There is no soft-delete or grace period.
In more detail:
- Server-side account row. Your
auth.usersrow on our authentication backend is permanently deleted within seconds. - Sign in with Apple authorization. If you signed in with
Apple, the deletion call also POSTs to Apple's
/auth/revokeendpoint to invalidate the app's Sign-in-with-Apple authorization. After deletion, signing in again presents Apple's full "Share My Email / Hide My Email" consent dialog rather than a silent re-authorization, confirming the revoke took effect. You can also review or revoke any active app authorizations at any time in iOS Settings → [your Apple ID] → Sign-In & Security → Sign in with Apple. - Email + password accounts. If you signed in with email and password, account deletion removes your Supabase authentication record and invalidates active sessions. There is no Apple authorization to revoke for these accounts.
- On-device data (SwiftData store with your dogs, walks, wellness logs; photos in the app sandbox; Keychain tokens including the Supabase access + refresh tokens) is wiped by the same deletion flow before sign-out.
- Backup retention by Supabase may persist deleted account credentials for up to 7 days in encrypted database backups, after which they are overwritten. No app content is in those backups because no app content is stored server-side.
- Diagnostic logs are not retained server-side. The Edge Function that performs deletion logs only an opaque user ID for audit purposes and is rotated automatically.
5. Security
- TLS 1.3 in transit; AES-256 at rest (Supabase managed).
- Asymmetric ES256 JWT signing for session tokens.
- Apple Sign-In nonces bound to each authentication attempt.
- Passwords (for email + password users) are hashed server-side with bcrypt by Supabase Auth. We never see or store the plaintext, and password reset is initiated via a one-time email link, never via support contact.
- Keychain storage for tokens (
AfterFirstUnlockThisDeviceOnly). - Audio is processed entirely on-device using Apple's SoundAnalysis framework and discarded immediately after each analysis window.
- The first launch after a fresh install wipes any Keychain residue from previous installs.
- Optional Face ID / Touch ID lock. Settings → Security → "Require Face ID to open" gates the app behind a biometric prompt each time it is reopened. The biometric check is performed by iOS — we never see, store, or transmit your face or fingerprint data.
No security control is perfect. If you discover a vulnerability, please
report it to propawstech@proton.me.
6. Your rights
6a. California users (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, disclose, and the purposes (this policy describes all of it).
- Delete your personal information — Settings → Privacy → Delete my account.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" — we do not sell or share your personal information for cross-context behavioral advertising, so no opt-out is needed. There is no "Do Not Sell or Share My Personal Information" link because the practice does not occur.
- Limit use of sensitive personal information — we use sensitive personal information, such as precise location (for walk GPS routes) and Health-related activity data (write-only mirroring of completed walks to Apple Health), only to provide the App's core features. We do not use it for advertising, profiling, sale, or sharing.
- Non-discrimination — we will not deny service, charge different prices, or provide different quality of service if you exercise any of these rights.
6b. Other US users
Users in states with substantively similar consumer-privacy laws (including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and others) have largely the same rights to access, correct, delete, and port their data. You may exercise those rights via the same channels described below.
To exercise any right above, email propawstech@proton.me from the email
associated with your account, or use the in-app Settings → Privacy controls.
We will verify your identity by matching your account email and respond
within 45 days.
7. Children
The App is not directed to children under 13. We do not knowingly
collect personal data from children. If you believe a child has
provided personal data through the App, contact propawstech@proton.me
and we will delete it promptly.
8. Automated decision-making
We do not engage in automated decision-making that produces legal or similarly significant effects on you.
9. Changes to this policy
We will notify you in-app of any material change to this policy at least 14 days before it takes effect. The "Last updated" date at the top reflects the most recent revision.
10. Contact
ProPawsTech — propawstech@proton.me
For data-protection requests, please put "Privacy request" in the subject line.