a) Account data: When you register, we store your email address and an encrypted password via Firebase Authentication. You can also use the app as a guest — this creates an anonymous account without personal data. When you later upgrade to a registered account, the anonymous UID is linked with your new credentials.
b) Phone number (Multi-Factor Authentication): When you register a personal account, SMS-based two-factor authentication (MFA) is mandatory. We store your phone number to send you verification codes for sign-in. Anonymous guest accounts do not require MFA or a phone number.
c) Profile data: Display name, theme and language preferences, premium status, and usage-related statistics (e.g., sleep times, longest pet lifetime, number of bondings, friends count) are stored in Cloud Firestore.
d) Pet data: Information about your virtual pets (name, breed, gender, adoption date, death date, satisfaction attributes, level, XP, bonding status, walked distance, pats given/received) is stored in Cloud Firestore.
e) Location data: (1) During an active walk, the app records your exact GPS location. These route points are stored exclusively locally on your device in a Room database and are not transmitted to our servers. (2) Additionally, an approximate location is stored as an S2 geohash cell (a coarse grid cell, not a precise GPS point) in Cloud Firestore. This allows other users to see you in the „Nearby Users" view of the map. The background location permission is used exclusively during an active walk. You can stop tracking at any time; the S2 cell will then no longer be updated.
f) Social data: Friend requests, friend lists (including custom nicknames you assign to friends), bonding requests, bondings, pet likes, memory comments, pat interactions, and answers in wildlife quizzes are stored in Cloud Firestore.
g) Chat messages: Content, sender, timestamp, and read status of chat messages are stored in Cloud Firestore. Note: chat messages are not end-to-end encrypted — the operator has technical access. Please do not share sensitive information via chat.
h) Status and aggregate data: Online status, current tracking status, last-seen timestamp, and daily aggregated statistics (distance, steps, active time) are stored in Cloud Firestore.
i) Push token: If you enable notifications, we store an FCM token (Firebase Cloud Messaging) to send you alerts. You can disable notifications at any time in the app settings.
j) Bug reports and contact messages: When you report a bug or send us a contact message, we store the text you enter as well as technical diagnostic data (app version, device model, operating system version).
k) Crash and analytics data: We use Firebase Crashlytics for pseudonymized crash reports and Firebase Analytics for pseudonymized usage statistics. Crash reports include your Firebase user ID (a randomly assigned identifier, not your real name), device information (model, OS version), and technical diagnostic data (stack trace, app version, build type). For data integrity errors, the affected virtual pet ID is also included. We never transmit directly identifying data such as email address, phone number, display name, or pet name.
l) Device integrity: Through Firebase App Check / Google Play Integrity, a cryptographic token is generated to protect the app from abuse (e.g., manipulated clients, automated scripts). No personal data is transmitted.
We process your data exclusively for the following purposes:
You may withdraw consent at any time with effect for the future (Art. 7(3) GDPR). The lawfulness of processing carried out before the withdrawal remains unaffected.
The following data is visible to other app users:
Not visible to other users: your email address, phone number, exact GPS routes, account settings.
We use the following services from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland):
These services are hosted in the EU (region europe-west1). Processing is carried out in accordance with Google's privacy policy (policies.google.com/privacy). Where transfers to third countries occur, they are based on Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR.
Use of the app is permitted only from the age of 16. Younger users may only use the app with the explicit consent of their parent or legal guardian (in Germany also §§ 104 ff. BGB). If there is reasonable suspicion that the minimum age is not met, the account may be suspended and deleted.
The following processes run automatically on our cloud functions:
Clarification: No automated decision with legal effects or similarly significant impact within the meaning of Art. 22 GDPR takes place.
You have the right to:
Right to complain: You have the right to lodge a complaint with the competent data protection supervisory authority.
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will report it without undue delay (no later than 72 hours) to the competent supervisory authority (Art. 33 GDPR). If the risk is likely to be high, you will additionally be informed directly (Art. 34 GDPR).
We reserve the right to update this privacy policy as needed — particularly in case of legal changes or app feature changes. The current version is available within the app. We will inform you of significant changes via in-app notice.