Privacy Policy

Effective: 2026-06-07

Last updated: 2026-06-07

This is the privacy policy for PawQuirks ("the app", "we"), an iOS app that interprets pet behavior from short videos. PawQuirks is operated by Joseph Kim, a sole proprietor based in British Columbia, Canada. We've kept this policy short and specific. If you see a term you don't recognize, contact us.

This policy was reviewed by the founder and reflects PawQuirks's actual data practices as of the effective date above. Formal legal review will be obtained before the app expands beyond its initial Canada-first availability.

1. The short version

• We collect the videos you record of your pet, plus a few small things needed to make the app work (your account ID, an optional context note you write).
• We use that data only to run the AI interpretation and show you the result. We do not advertise, profile, or track you.
• We share the video with three service providers (Supabase for storage, Google for the AI model, ElevenLabs for voice synthesis when applicable). Each one is contractually bound not to train on your content or use it for advertising.
• You can delete your account and all your data from inside the app at any time. The deletion is real — your data is removed from our servers, not just hidden.
• We do not knowingly collect data from children under 13.

2. What we collect

Videos and audio (your pet clips)

When you tap Record, the app captures a short video (5–30 seconds) of your pet. The video and its audio are uploaded to our servers so the AI model can interpret your pet's behavior.

• What's in the clip: whatever the camera and microphone capture — typically your pet, possibly your home environment, possibly your voice or the voices of other people in the room.
• What we do with it: send it to our AI interpretation pipeline, store it linked to your account, and surface the resulting interpretation back to you.
• What we do NOT do with it: train AI models, sell it, share it for advertising, or look at it manually except where required (for example, debugging a specific issue you have reported, or investigating an emergency-flag clip — see § 9 Welfare incidents).

Account ID

When you sign in with Sign in with Apple, Apple gives us an opaque account identifier. We use it to associate your clips and pets with your account so you see your data and not someone else's.

We do not store your name or email address, even when Apple shares them at sign-in. Apple's relay system means an email visible to us is generally a forwarding alias, not your real address; we discard it on receipt.

The context note you write (optional)

Each clip can include a short free-text note ("just got home from a walk", "thunder outside", etc.). It's optional. If you write one, it's sent to the AI model alongside the clip and stored linked to your account.

What we do NOT collect

We do not collect:

• Contact info (your name, email, phone, address)
• Location (precise or coarse)
• Health or fitness data
• Browsing or search history
• Contacts
• Advertising identifiers (no IDFA, no advertising ID)
• Usage analytics (no third-party analytics SDK in v1)
• Payment card or financial information (subscriptions are handled by Apple — we never see your card)

3. How we use what we collect

We use your data for one purpose: running the PawQuirks app. Specifically:

• Interpretation. Each clip is sent to the AI model to produce a behavioral read.
• Voice synthesis. When the welfare layer permits a voice card, the model writes 2–5 short voice lines (capped at 200 characters total) and an external service synthesizes audio for them.
• History. Your past clips and interpretations are kept so you can scroll your pet's timeline inside the app.
• Welfare gates and escalation. A safety layer reviews every interpretation before showing it. If the model surfaces signs of pain, fear, or aggression, the app routes you to vet or behaviorist resources instead of producing a voice card. This processing happens automatically; no human reviews your clip unless you've reported a problem with it.
• Service operation and security. Things like making the upload work, retrying a failed interpretation, and preventing abuse.

We do not:

• Sell your data to anyone.
• Share it with advertisers or data brokers.
• Use it to build profiles of you for targeting purposes.
• Use it to train AI models, ours or anyone else's. (See § 4 for what each service provider does — none of them are contractually allowed to train on your content.)

4. Who we share it with

To run the app we send your data to a small set of service providers ("sub-processors"). Each one is contracted to handle your data the same way we would.

We do not currently use any analytics, advertising, or tracking SDKs.

If you are outside Canada or the United States, your data may be transferred to and processed in the United States or other jurisdictions where our sub-processors operate. Where required by your local law, we rely on standard contractual clauses with our sub-processors to maintain protections equivalent to your home jurisdiction.

5. How long we keep it

How long we hold a clip on our servers depends on the data sharing setting you choose at first run (and can change anytime in Settings → Privacy → Data sharing):

Local copies on your device persist until you delete the clip or uninstall the app, whichever comes first.

Account metadata (your account ID, the link between you and your pets) is retained as long as your account is active. When you delete your account (§ 6), everything is removed.

6. How to delete your data

You can delete your data without contacting us:

• Delete a single clip: Settings → "Inspect & delete my clips" → swipe to delete. The clip is removed from the app and from our servers in the same step.
• Delete your entire account: Settings → "Delete account & data". This is the permanent option. It removes every clip, every pet record, every interpretation, every correction, and your account itself from our servers. There is no soft-delete, no archive, and no undo.

If you can no longer reach the app (uninstalled, lost device, account locked), email privacy@pawquirks.com with the email address Apple uses for your Apple ID and we will manually delete the account and confirm. Allow up to 30 days for us to act on the request.

We retain backups for up to 30 days after a deletion. After that, your data is gone from backups too.

7. Your rights

Depending on where you live, you may have additional rights regarding your personal data. For everyone, no matter where you live:

• Access: the entire scope of personal data PawQuirks holds about you is the data you've explicitly created in the app — your account ID, your pets, your clips, your context notes, and the AI interpretations of them. You can see it all from inside the app.
• Correction: correct your pet's name, breed, age class, etc. anytime in the pet detail screen. The interpretation history is read-only by design (it's a record of what the model saw at the time).
• Deletion: see § 6.
• Withdraw consent: change your data-sharing tier in Settings, or delete the account.

Additional rights for Canadian residents (PIPEDA)

Canadian residents have the right to access the personal information PawQuirks holds about them, to request correction of inaccurate information, and to withdraw consent for our processing (which will result in deletion of the relevant data per § 6). Complaints may be filed with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Additional rights for EU / UK residents (UK / EU GDPR)

You also have the right to data portability, the right to object to processing, the right to lodge a complaint with your local data protection authority, and the right to restrict processing.

The legal basis for our processing:

• Performance of a contract for the core interpretation feature (you record a clip, we interpret it).
• Legitimate interests for service operation and security.
• Consent for the optional Improve/Research data-sharing tiers.

We do not designate a Data Protection Officer at our current scale.

Additional rights for California residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of "sale" or "sharing" (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights. To exercise any of these rights, use the in-app deletion path or email privacy@pawquirks.com.

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

8. Security

We use HTTPS (TLS) for every connection between the app and our servers. Data at rest is encrypted on the storage providers' infrastructure. Access to user data on our backend is limited to the developer of the app under principle-of-least-privilege.

Our edge functions enforce per-user authorization on every operation, and storage objects are gated by row-level security policies that key access to your account ID. The cascade chain that powers full-account deletion is pinned by automated tests so a future migration cannot silently weaken it.

We are a small team and not above mistakes. If you find a security issue, email security@pawquirks.com — we will respond within 7 days.

9. Welfare incidents

If you record a clip showing apparent emergency signs (cyanotic mucous membranes, a child plus aggressive behavior, etc.), the app shows you an escalation card pointing to a vet or behaviorist instead of producing a voice card.

In rare cases — for example, if you contact us about a real bite or near-bite incident, or if a regulatory body lawfully compels us — we may review the specific clip(s) involved manually. This is a defined safety procedure, not a normal data flow. We document each such review internally. We do not use these clips for any other purpose.

10. Children

PawQuirks is not directed at children under 13 (under 16 in the EU). We do not knowingly collect personal data from children. The app interprets pets, not people, but the account holder must be old enough to consent to data processing under applicable law.

If you believe a child has used the app and provided personal data, email privacy@pawquirks.com and we'll delete the account.

11. Changes to this policy

If we change this policy in any material way, we will:

1. Update the "Last updated" date at the top.
2. Surface a one-time in-app notice on next launch.
3. For changes to retention windows or sub-processors, send a push notification or email if we have one for you. (We do not currently have an email for most users — most accounts are Sign in with Apple relay-only.)

Older versions of this policy are kept in the app's public source repository on GitHub so you can review what changed. The full revision history is browsable at github.com/jdskim77/Pawsonality/commits/main/docs/PRIVACY_POLICY.md.

12. Contact us

• General privacy questions / data-deletion requests: privacy@pawquirks.com
• Security disclosures: security@pawquirks.com
• Press / general: hello@pawquirks.com

13. Sub-processor changes

We will update the table in § 4 within 30 days of adding or removing a sub-processor. Existing users will not be notified of additions unless the new sub-processor processes data for a new purpose; removals (which only ever shrink the set of people who can see your data) are not user-actionable.

PawQuirks is currently developed and operated by Joseph Kim, a sole proprietor based in British Columbia, Canada. If that changes — for example, if the app is acquired or a co-founder joins — we'll update this policy to reflect the new arrangement before the change takes effect.