Privacy Policy

1. Who we are

CatDogTor™ (the "app," "we," "us," "our") is a pet health tracking application for cats and dogs, available on iOS and Android. The app is developed and operated by an individual developer based in Serbia.

Data controller: Prokhor Vernikovskii, Novi Sad, Serbia, operating as an individual developer.

Privacy & support contact: catdogtor.app@protonmail.com

If you prefer a postal address, send us an email and we'll share it privately — we don't publish a home address on a public website.

2. What this policy covers

This policy covers:

• The CatDogTor mobile app on iOS (via the App Store) and Android (via Google Play).
• The CatDogTor website at catdogtor.app, including all subpages.
• All data we collect, process, or store as part of running the above.

This policy does not cover:

• Third-party services we link to (the App Store, Google Play, your veterinary clinic's own website, etc.). Each has its own privacy practices, and we list the ones we actually use in Section 7.
• Anything you do with your data after you export it to a PDF. Once it's out of the app, it's yours to handle.

3. The principles that guided the design

Four rules shaped the app, and you'll see them reflected in every section below:

1. Anonymous by default. The default sign-in is anonymous. You choose if and when to link a Google or Apple identity, and only to sync across devices.
2. Minimum data. We only collect what the feature you're using actually needs. No "just in case" telemetry.
3. No advertising, no data sales. We have one business model: an optional Pro subscription. That's it.
4. You're the operator of your data. Export, delete, change your mind — all from inside the app, no support ticket required.

4. What data we collect and why

We collect the following categories of data. Each one is tied to a feature of the app, not to a business purpose that's hidden from you.

4.1 Pet profile data

You enter this yourself when you create a pet:

• Pet name (e.g., "Luna")
• Species (cat or dog)
• Breed (optional)
• Sex and neuter/spay status (optional)
• Birth date or estimated age
• Weight entries over time
• Optional photo of the pet

We use this to run the app: showing your pet on the home screen, calculating age-appropriate vaccine recommendations against WSAVA 2024 guidelines, and rendering your records correctly.

4.2 Medical records you create

• Vaccinations (vaccine name, date, manufacturer, lot number if you enter it, next-due date)
• Veterinary visits (date, clinic name, reason, notes)
• Lab test results (biomarkers, values, units, reference ranges, the lab form photo)
• Parasite treatments and quick tests
• Medication courses (drug name, dose, frequency, start/end dates, individual dose log)
• Plans and reminders (what's scheduled, when)
• Free-text notes

We store these in your private Firestore workspace so the app can display them, calculate live vaccine status, and send local reminders. They belong to you.

4.3 Documents you photograph

When you use the AI scanner or attach a photo to a record, the image is uploaded to Firebase Storage (a Google Cloud service) under your account. The URL is stored in the corresponding record.

If you chose AI scanning, the image is also sent to Firebase AI Logic (Google's Gemini model), which reads the document and returns structured fields (dates, doses, biomarker values, clinic names). Per Google's Firebase AI Logic terms, your content is not used to train Google's AI models and is not retained by Google beyond what's necessary to return the result.

You can delete any photo from inside the app. Deletion is immediate from Firebase Storage.

4.4 AI scan usage counter

We count how many AI scans you've used across the lifetime of your account, to enforce the free-tier limit (currently 5 lifetime scans before Pro is required). The counter stores one integer. That's it.

4.5 Voice input (optional)

Several text fields in the app have a microphone button. If you tap it, your device converts your speech to text.

• On iOS, speech recognition runs on-device via Apple's SFSpeechRecognizer where supported. Apple's separate privacy policy applies to any portion of recognition handled by Apple.
• On Android, the speech_to_text package uses Google's speech recognition service, which sends a short audio stream to Google's servers for transcription. Google's privacy policy applies to that stream.

We don't record your voice ourselves. We only receive the transcribed text and paste it into the field. If you don't tap the microphone, we never touch your mic.

4.6 Account identity

By default, Firebase Auth assigns you an anonymous user ID the first time the app runs. It's a random string that identifies your data on our servers; it doesn't identify you as a person.

If you choose to sign in with Google or Apple (so your data syncs across devices), we then store:

• Your Google/Apple-provided user ID
• Your email address (as shared by Google/Apple)
• Your display name (as shared by Google/Apple)

We use these only to sync your data. We don't use them for marketing — we don't send marketing email at all.

4.7 Subscription data

If you subscribe to CatDogTor Pro, your payment is processed by Apple (in the App Store) or Google (in Google Play). We never see your credit card or bank details.

We use RevenueCat to know whether your subscription is active. We send them your anonymous user ID and your App Store / Google Play transaction token. RevenueCat sends us back a simple answer: "active Pro" or "not active." They retain this record per their own privacy policy.

4.8 Diagnostics and product analytics

We use PostHog (hosted in the European Union) to:

1. Receive crash reports — if the app crashes, we collect the exception type, stack trace, device model, operating system version, app version, and an anonymized installation ID. Crash reports are designed not to contain personal data. We don't send pet names, record contents, photos, or any content you created — only the technical trace of the crash.
2. Understand aggregate usage — we log non-personal app events like "vaccine_card_viewed," "ai_scan_success," or "medication_course_completed" so we can understand which features work and which break. Events are anonymized and rolled up into aggregate counters. We never log pet names, record values, photographs, or anything identifying about you personally.
3. Improve the WSAVA biomarker catalog — when our AI encounters a lab biomarker it can't match to a known reference, we log just the canonical name of the unrecognized biomarker (e.g., "creatinine_serum_ru_2"). We never log the value, the pet, or the user. This feedback loop is how the app gets smarter at reading new lab forms.

You can disable diagnostic data collection in Settings → Privacy → Share diagnostic data. PostHog's own privacy practices are at posthog.com/privacy.

4.9 Website analytics

On catdogtor.app we use Plausible Analytics. Plausible is cookieless and privacy-friendly: it counts page views and outbound clicks in aggregate, and it doesn't set any cookies or fingerprint visitors. No personal data is collected. This is why we don't show a cookie banner — we don't set cookies that require consent.

4.10 What we do NOT collect

For clarity, we do not collect, request, infer, or buy:

• Your precise location
• Your contacts, calendar, or photos outside the ones you explicitly attach
• Advertising identifiers (IDFA, GAID) — we don't pass them to any ad network because we don't work with any ad network
• Your browsing history
• Biometric data (Face ID / Touch ID stay on your device)
• Health or fitness data about you personally
• Any of your veterinarian's information beyond the clinic name you optionally type

We don't ask for permissions we don't use.

5. How we use your data

We use the data described above only for these purposes:

We don't use your data for anything else. If we ever want to — we'll ask first, and we'll update this policy before the first use.

6. Legal bases (GDPR, UK GDPR)

If you're in the EU, UK, or another region where GDPR-style rules apply, we process your data on the following legal bases:

• Performance of a contract. Storing your records and running the app are part of delivering the service you installed. This covers most of the processing above.
• Legitimate interest. We rely on legitimate interest for crash reporting, aggregate analytics, and fraud prevention (e.g., keeping the AI scan counter honest). We've weighed this against your privacy; the data involved is minimal and non-identifying, and we use an EU-hosted analytics provider (PostHog) specifically to minimize international transfers.
• Consent. You consent to specific things by tapping them — using the camera, using the microphone, turning on notifications, enabling AI scanning. You can withdraw that consent from your device's Settings at any time.
• Legal obligation. If we're required by law (for example, to respond to a valid court order), we'll process data to comply — and we'll challenge overbroad requests.

We never rely on "legitimate interest" for advertising or profiling, because we don't do advertising or profiling.

7. Who we share data with (subprocessors)

We use a small set of trusted services to run the app. Each is bound by a data-processing agreement and handles only what's needed for its specific function. We never "share" data with anyone else — no marketing partners, no data brokers, no ad networks.

We don't add a new subprocessor without updating this list. If you'd like a notification when we do, email catdogtor.app@protonmail.com and we'll tell you when the list changes.

8. International data transfers

Your pet records, photos, and Firebase authentication data are stored in Google's nam5 multi-region in the United States. Your Pro subscription status is tracked by RevenueCat, also in the United States. Your diagnostic data (crash reports, product analytics) stays in the European Union at PostHog Frankfurt.

When you're outside the United States, your data crosses an international border each time it's synced to Firebase or RevenueCat. We've designed around this:

• For Firebase (Google) and RevenueCat: we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, and for Google specifically on the EU–US Data Privacy Framework.
• For PostHog: we specifically chose PostHog EU Cloud over PostHog US Cloud so that diagnostic data from EU users (and every other user) never leaves the European Union. This is stricter than GDPR requires.
• For Apple and Google Play: they handle your payment in their own regional infrastructure under their own transfer frameworks.

If you'd like copies of the SCCs we rely on, email catdogtor.app@protonmail.com.

9. How long we keep your data

Deleting your account removes your records from live Firestore and Firebase Storage immediately. There are no automated backups to wait out.

10. Your rights

Regardless of where you live, you can always:

• Access everything we have on you — everything is visible in the app.
• Export your full pet history as a PDF, from Settings → Export.
• Correct or edit any record from inside the app.
• Delete individual records, individual pets, or your entire account from Settings → Account → Delete.

If you are in the EU, UK, or Switzerland, GDPR and UK GDPR also give you:

• The right to object to processing based on legitimate interest.
• The right to restrict processing.
• The right to data portability.
• The right to withdraw consent for things you previously consented to (camera, mic, notifications, AI scanning).
• The right to lodge a complaint with your data protection authority. In Serbia, that's the Commissioner for Information of Public Importance and Personal Data Protection. In the EU, it's your national DPA.

If you are in California, the CCPA/CPRA gives you:

• The right to know what personal information we've collected.
• The right to delete it.
• The right to correct it.
• The right to opt out of sale or sharing. We don't sell or share personal information as those terms are defined under the CCPA, so there's nothing to opt out of, but the right exists.
• The right to non-discrimination for exercising these rights.

If you are in Brazil, LGPD gives you equivalent rights, including the right to request confirmation of processing and anonymization.

To exercise any right not available inside the app, email catdogtor.app@protonmail.com. We'll respond within 30 days, usually much sooner. We never charge for rights requests.

11. Security

We take the standard, serious precautions:

• All traffic between your device and our servers is encrypted in transit (TLS 1.2+).
• Data at rest in Firebase is encrypted using Google-managed keys.
• Firestore security rules are scoped so a user account can only read and write its own data. We test these rules as part of every release.
• Access to production data by the developer is limited, logged, and only used for debugging in response to a direct user request.
• We do not store passwords. If you sign in with Google or Apple, authentication stays with them.

Nothing is perfectly secure. If we ever learn of a breach that materially affects your data, we'll contact you (via an in-app notice and, if we have it, by email) and notify regulators within the time frames the law requires.

12. Medical disclaimer

CatDogTor is a diary and a reminder system, not a medical device and not a substitute for veterinary advice. The live vaccine status, WSAVA-aligned recommendations, and any insights the AI produces are informational only.

• Always consult a licensed veterinarian for diagnosis, treatment, and vaccination decisions.
• We calculate intervals conservatively and push you toward your vet whenever the data is ambiguous.
• We are not responsible for health outcomes based on the app's outputs.

This section isn't "privacy" in a strict sense, but we include it here because it sets the right expectations about what the AI features do — and don't — do.

13. Children

CatDogTor is intended for adults who own pets. The app is not directed at children, and we do not knowingly collect data from anyone under 16.

If you are under 16 and you've used the app, please ask a parent or guardian to help you delete it. If we discover that we've inadvertently collected data from a child, we'll delete it promptly.

14. Automated decision-making

The AI scanner is an automated process, but it doesn't make decisions that affect your legal rights or produce similarly significant effects within the meaning of GDPR Article 22. You review every AI-extracted field before it's saved. The vaccine status calculator is a straightforward rule-based calculation, not profiling.

We don't run any automated decision-making that requires a specific opt-out under GDPR Article 22.

15. Links to other services

The app and website contain links to third-party services (App Store, Google Play, veterinary guideline sources like WSAVA, our subprocessors' privacy pages, etc.). Once you click, you're subject to that site's own privacy practices. We recommend reading them if you care about details.

16. Changes to this policy

When we make a material change to this policy, we'll:

1. Update the "Last updated" date at the top.
2. Show a banner in the app the next time you open it, linking to the updated policy.

For minor changes (typos, clarified wording, new subprocessor in the same category as an existing one), we'll just update the date and the subprocessor table.

17. Contact us

For privacy questions, rights requests, account deletion help, support, and anything else:

catdogtor.app@protonmail.com

We read and reply to every message. If you don't hear back within 3 business days, please resend — it may have been caught by a filter.

See also: Terms of Service · How to delete your account · Support