Privacy Policy — WaterGiraffe
This policy explains what data WaterGiraffe collects, how it is used, who processes it, and how you can delete it. It is written in plain language because you should be able to read it once and understand it.
1. At a glance
- WaterGiraffe is local-first. Your hydration log, settings, milestones, and Health Connect interactions stay on your device unless you explicitly enable Cloud Sync, Friends, or the Weekly Insight.
- We do not run ads. There is no advertising SDK in the app.
- We do not embed third-party analytics. There is no Firebase Analytics, AdMob, PostHog, Mixpanel, Amplitude, or similar SDK.
- We use five external services, each only when the related feature is used: Supabase (account, social, optional cloud sync), Anthropic (Weekly Insight), RevenueCat (subscription receipts), Open-Meteo (weather), and Open Food Facts (barcode lookups).
- You can delete your account and associated data from inside the app or by emailing privacy@hirenpaghadal.in. See Section 9.
2. Data we collect off your device
We collect the minimum needed for the features you use. Nothing leaves your phone until a feature that needs it is turned on.
Account (Supabase)
When you create a WaterGiraffe account we store:
- Email address
- A randomly generated user ID
- Display name (optional, only if you set one)
- Account creation and last-active timestamps
We do not ask for a real name, date of birth, phone number, or address.
Cloud Sync / Social (Supabase)
If you turn on Cloud Sync or use Friends and Challenges, the following is uploaded to your Supabase row, protected by row-level security so only your account and people you accept can read it:
- Hydration log entries (timestamp, amount in millilitres, drink type)
- Daily totals and goal progress
- Friend list and challenge participation
- Profile picture (only if you set one)
Weekly Insight (Anthropic)
When you tap “Generate insight” we send a short, anonymous summaryto Anthropic’s Claude API. The summary contains seven daily totals, average goal, drink-type mix, and a few derived flags (e.g. “evenly paced”, “behind on weekends”). It does notinclude your email, name, location, friends, exact timestamps, or device identifiers. Anthropic does not train its models on our API traffic (per Anthropic’s commercial terms).
Subscription receipts (RevenueCat)
When you purchase WaterGiraffe Pro through the Play Store or App Store, the store sends a receipt to RevenueCat. RevenueCat stores:
- A pseudonymous app user ID
- Purchase, renewal, and cancellation events
- Receipt validation tokens from Google / Apple
RevenueCat does not receive your email or name from us. The Play Store / App Store may share their own purchase identifiers per their own policies.
Weather (Open-Meteo)
When weather-adjusted goals are enabled and you grant location permission, we send your latitude and longitude rounded to four decimal places (about 11 metres of accuracy) to api.open-meteo.com. Open-Meteo is a free public weather service that does not require an API key, an account, or a tracker. We do not include any identifier in this request.
Barcode lookups (Open Food Facts)
When you scan a bottle, we send the barcode number only to world.openfoodfacts.org. We attach a generic User-Agent containing our own developer contact email (not yours). The barcode is the only data sent; nothing about you or the scan time is included.
3. Data processed only on your device
The following never leaves your device unless you act to share it:
- All hydration log entries until/unless Cloud Sync is enabled
- All milestone, streak, score, and heatmap calculations
- All reminder schedules and notification content
- Camera frames during barcode scanning (we read the code locally; no image is uploaded)
- Photos used for Share Cards
- PDF and CSV exports generated by the app
- Health Connect read and write operations (Android only) — this is interop with the system Health Connect store on your phone and does not involve our servers
4. How your data is used
| Purpose | Data used | Where |
|---|---|---|
| Run the core app | Hydration logs, settings | On device |
| Restore on a new phone | Account email, cloud-synced logs | Supabase |
| Friends and Challenges | Display name, daily totals, challenge state | Supabase |
| Weather-aware goal | Latitude / longitude (4 dp) | Open-Meteo |
| Identify scanned drink | Barcode | Open Food Facts |
| Weekly Insight | Anonymous weekly summary | Anthropic |
| Manage Pro subscription | Anonymous user ID, store receipts | RevenueCat |
| Crash diagnostics | None — we do not collect crashes | — |
| Marketing | None — we do not run marketing campaigns | — |
We do not sell your personal data. We do not share it for cross-context behavioural advertising.
5. How your data is shared
| Sub-processor | Role | Data shared | Privacy policy |
|---|---|---|---|
| Supabase Inc. (Delaware, USA) | Account, optional cloud sync, social | Email, user ID, hydration data you sync, friend list | supabase.com/privacy |
| Anthropic PBC (San Francisco, USA) | Weekly Insight via Claude API | Anonymous weekly summary | anthropic.com/legal/privacy |
| RevenueCat, Inc. (USA) | Subscription receipt validation | Anonymous app user ID, store receipts | revenuecat.com/privacy |
| Open-Meteo (Switzerland / EU) | Weather | Lat / lon (4 dp), no identifier | open-meteo.com/en/terms |
| Open Food Facts (France / EU) | Product lookups | Barcode, no identifier | openfoodfacts.org/terms |
We will update this table before adding any new sub-processor.
6. No third-party analytics or advertising
WaterGiraffe does not include any of the following: Google Analytics for Firebase, AdMob, AdSense, Facebook SDK, AppsFlyer, Adjust, Branch, Singular, Mixpanel, Amplitude, Segment, PostHog, Sentry, Bugsnag, Crashlytics, TikTok SDK, or any equivalent.
You can verify this by inspecting the open dependency list in our public package.json or by decompiling the released APK.
7. Permissions used by the app
| Permission | Why | When |
|---|---|---|
| Location (precise) | Look up local weather for goal adjustment | Only when weather-aware goals are on |
| Camera | Read drink barcodes | Only on the scan screen |
| Notifications | Send the reminders you configure | When reminders are enabled |
| Health Connect (Android) | Read and write hydration with the system store | When Health Connect sync is on |
| Internet | Account, cloud sync, Weekly Insight, weather, barcode | When those features are used |
You can revoke any permission in your system settings at any time. Revoking a permission turns off the corresponding feature; the rest of the app continues to work.
8. Security
- All network requests use HTTPS (TLS 1.2+).
- Supabase data is protected by Row Level Security: a row is only readable by the account that owns it and, for social data, by friends you have accepted.
- On-device storage uses the platform’s app-sandbox protections. On Android the database lives under the app’s private storage; on iOS it lives in the app’s container.
- Account passwords are never stored in plain text. Supabase Auth handles hashing and key rotation.
- We will notify affected users within 72 hours of becoming aware of a personal data breach where required by law (DPDP Act 2023, GDPR Article 33).
No system is perfectly secure. Use a strong, unique password for your account.
9. Your rights and how to request deletion
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Erase your account and associated data
- Restrict or object to certain processing
- Port your data to another service
- Withdraw consent at any time
- Lodge a complaint with your local data protection authority (in India: the Data Protection Board under the DPDP Act, 2023)
How to delete
- In the app: Profile → Account → Delete account. This erases your Supabase row and all cloud-synced data within seven days.
- By email: Send a request from your account email to privacy@hirenpaghadal.in with the subject “Delete my WaterGiraffe data”. Acknowledgement within 7 days; resolution within 30 days. Sooner where law requires.
- Vendor data: To request deletion from RevenueCat, contact support@revenuecat.com with your app user ID (visible in Profile → About). To request deletion from Anthropic API logs, contact privacy@anthropic.com — note that we do not send your name or email to Anthropic so they likely hold no identifier tied to you.
A separate, more detailed Account Deletion guide explains what is removed in each step.
10. Children’s privacy
WaterGiraffe is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact privacy@hirenpaghadal.in and we will delete it.
For users between 13 and 18 in jurisdictions that require parental consent (including India’s DPDP Act and the EU GDPR), a parent or guardian should review this policy before account creation.
11. International users and legal basis
WaterGiraffe is operated from India by Hiren Paghadal. If you use the app from another jurisdiction your data may be transferred to and processed in countries with different data-protection laws than your own (notably the United States, where Supabase, Anthropic, and RevenueCat are based). Where required we rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards offered by our sub-processors.
Legal bases for processing under the EU/UK GDPR:
- Contract — operating the account and Pro subscription you signed up for
- Consent — Cloud Sync, Weekly Insight, location-based weather, Health Connect sync, Friends and Challenges
- Legitimate interest — security, abuse prevention, and product improvement that does not override your rights
Under India’s DPDP Act, 2023 we are the Data Fiduciary. Our sub-processors are Data Processors acting on our instructions.
Under the CCPA / CPRA we do not sell personal information and do not share it for cross-context behavioural advertising. California residents have rights to know, delete, correct, and opt out of sales — all of which we honour for everyone.
12. Contact
- Privacy: privacy@hirenpaghadal.in
- General: contact@hirenpaghadal.in
- Publisher: Hiren Paghadal, Rajkot, Gujarat, India
13. Changes to this policy
We will post any changes on this page with a new effective date. If a change materially affects your rights, we will notify you in the app and by email (for accountholders) before it takes effect.
Last updated: 26 May 2026.