Privacy Policy

Last updated: May 17, 2026

This Privacy Policy describes how Polimati LLC ("AquaSnap", "we", "our", "the App") collects, uses, and protects your information when you use the AquaSnap mobile application. Polimati LLC acts as the Data Controller for personal data processed in connection with the App.

Data Controller: Polimati LLC, a California limited liability company.
Mailing address: 440 N Barranca Ave #3778, Covina, CA 91723, United States.
Contact: aquasnap@polimati.com

1. Information We Collect

Information stored on your device only

When you use AquaSnap, the following information is stored locally on your device and is not transmitted to our servers during ordinary use:

Photos and videos you capture using the App
Tank profiles, stocking list, equipment, notes, and reminders
On-device AI identification results
App preferences and settings

This data is stored in a local database on your device. If you delete the App, this data is removed from your device.

Anonymous identifier (created automatically)

When you first open the App, we generate a randomized server-side identifier (an anonymous Firebase UID) associated with your installation. This identifier contains no name, email, or other information that identifies you personally, and we use it to:

Enforce free-tier and paid-tier usage limits (for example, monthly Deep Analysis quotas).
Prevent abuse and fraudulent use of the service.
Manage subscription entitlements, including before sign-in. A minimal, non-PII record is also created on our subscription management provider (RevenueCat) keyed to this anonymous identifier, so that any purchase you make is correctly attributed.

If you sign in with Apple or Google, this anonymous identifier is linked to your provider account. If you delete the App without signing in, the anonymous identifier remains in our systems but cannot be linked back to you, since it contains no information that identifies you personally.

Information collected when you sign in

If you optionally sign in with Apple or Google to access subscription features or preserve your account across devices:

Authentication data: Your name and email address (or a relay email for Apple Sign-In). This is used to create and manage your account.
Subscription data: Your subscription status (tier, entitlement, purchase history), processed by our subscription management provider (RevenueCat) and our authentication provider (Firebase Auth). We do not receive or store payment card information, which is handled exclusively by the applicable App Store.

Information collected when you use Deep Analysis

Deep Analysis is a paid feature that uses cloud-based AI.

Photos and videos: Temporarily uploaded to our cloud infrastructure and processed by a third-party AI provider for species identification, health assessment, compatibility checking, and care recommendations.
Deletion: These files are deleted from our servers immediately after processing, with a short-lived lifecycle rule as a safety net. These files are not used to train AI models.
Analysis results: Returned to your device and stored locally; they are not retained on our servers beyond what is necessary to return the result.

Analytics data

We use a third-party analytics provider to collect pseudonymous usage analytics. Event examples: app opens, feature usage, feature-gate assignments, and paywall views. Analytics events are tied to a pseudonymous device identifier (a randomized installation ID) — not your name or email, but a value that lets us group events from the same installation. For this reason we treat analytics as pseudonymous (still personal data under the EU/UK GDPR and similar laws) rather than fully anonymous. We do not include directly identifying information (such as your name or email) in analytics events. You can disable analytics and error reporting at any time via Settings → App → Usage analytics; when disabled, no further events are sent for the remainder of the session and the analytics client is not initialized on future launches until you re-enable it.

Feedback data

The App includes an optional feedback feature where you can tell us whether an identification was correct. When you submit feedback you may:

Provide a thumbs up/down rating
Write optional notes about why the identification was right or wrong
Opt in, via an explicit consent control in the App, to include the associated photo with your feedback

When you opt in to share the photo, you grant us permission to use the photo, your rating, and your notes to improve the App and to train our AI models. You can submit a rating and notes without sharing the photo — the photo is only collected when you explicitly consent.

This is separate from Deep Analysis: Deep Analysis photos are never used to train AI models, regardless of whether you also submit feedback.

Future features

We may introduce new features that involve additional data collection or server-side processing — for example, optional cloud backup or sync of your tank data, or collaborative tank-sharing features. When we do:

We will make the feature opt-in where the new data collection is material (such as uploading your tank photos or stocking list to our servers).
We will update this Privacy Policy before the feature is generally available to you.
We will surface a notice within the App the next time you open it, and email you if you have provided an email address.

The core commitments in this policy — local-first by default, no selling of personal information, no training on Deep Analysis photos, and explicit consent for feedback photos — continue to apply to all new features.

2. How We Use Your Information

Provide species identification, health analysis, and care recommendations
Manage your account and subscription entitlements
Enforce usage rate limits associated with your subscription tier
Improve our AI models and App features using aggregated, anonymized data (and, where applicable, voluntarily submitted feedback)
Send you local push notifications for maintenance reminders you have configured
Respond to support requests and communicate with you about service-related matters

Legal basis for processing (EU/UK users)

We process your personal data on the following legal bases under the UK GDPR and EU GDPR:

Performance of a contract: To provide the features of the App you have requested (e.g., Deep Analysis, subscription management).
Consent: For optional analytics and voluntary feedback submissions.
Legitimate interests: To maintain and improve the App, prevent fraud or abuse, and enforce our Terms of Service.

3. Data Storage and Security

Your local data (photos, tank profiles, stocking list) is stored on your device and is not backed up to our servers unless you explicitly use a feature that requires server-side processing (currently: Deep Analysis and account authentication).

Cloud data is stored on reputable cloud infrastructure with industry-standard security measures including encryption in transit (TLS) and encryption at rest. Access to cloud data is restricted via security rules and server-side validation.

We take reasonable precautions to protect your data, but no system can be 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

4. Current Service Providers

To operate the App, we rely on the following categories of service providers. Each has its own privacy policy governing how it handles data. The specific providers below are current as of the "Last updated" date and may change over time; we will update this list and notify you of material changes.

Cloud AI (Deep Analysis): Google Gemini API via Vertex AI. Google Cloud Privacy
Cloud infrastructure, auth, database, storage: Firebase (Google). Firebase Privacy
Subscription management: RevenueCat. RevenueCat Privacy
Pseudonymous analytics and feature flags: Statsig. Statsig Privacy
App store and payments: Apple App Store (iOS), Google Play (Android). Apple · Google

If we replace or add a service provider, we will update this list. If the change is material (e.g., a change in where data is processed, or a new category of data sharing), we will also notify you within the App or via email.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We only share data with the third-party services listed above as necessary to provide the App's core functionality.

California Consumer Privacy Act (CCPA/CPRA) notice

For California residents, in the 12 months preceding the "Last updated" date of this Policy, we have collected the following statutory categories of personal information, used them for the purposes described in Section 2, and disclosed them only to the service providers listed above for those same purposes:

Identifiers — anonymous device/Firebase identifiers; email address and account name (only if you sign in); a relay email for Apple Sign-In.
Commercial information — subscription status, tier, purchase history (handled by Apple/Google as the payment processor; we do not receive card data).
Internet or other electronic network activity information — app open events, feature usage events, feature-gate assignments, paywall view events (anonymous analytics).
Geolocation data — coarse, derived from your IP address as part of standard service operation; we do not collect precise GPS location.
Visual information — photos and videos you submit to Deep Analysis (transient; deleted within 1 hour) or that you opt in to share with feedback (retained up to 180 days).
Inferences — AI-generated identifications, health observations, and care recommendations derived from your submitted media.

We do not "sell" or "share" personal information as those terms are defined by the CCPA/CPRA. We do not use or disclose "sensitive personal information" for purposes that require an opt-out under § 7027 of the CCPA regulations. We do not knowingly collect personal information from consumers under 16. California residents have the right to: (i) know what personal information we have collected, (ii) request deletion, (iii) request correction, (iv) limit use of sensitive personal information, (v) opt out of sale or sharing (we do not sell or share), and (vi) not be discriminated against for exercising these rights. You may exercise these rights by contacting us at aquasnap@polimati.com; we will respond within the timeframes required by law (generally 45 days, extendable to 90 where permitted). You may also designate an authorized agent to make a request on your behalf; we may require verification of the agent's authority and of your identity before completing the request.

Do Not Track and Global Privacy Control signals

Some browsers and operating systems offer a "Do Not Track" (DNT) feature or a "Global Privacy Control" (GPC) signal. Because we do not sell or share personal information as those terms are defined by California law, GPC signals do not change how we process your data. We do not currently respond to DNT signals in a uniform way, in part because there is no industry standard for how those signals should be interpreted. We will update this section if our practices change.

6. Children's Privacy

AquaSnap is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at aquasnap@polimati.com and we will delete it promptly.

7. Data Retention

Local data: Stored on your device until you delete it or uninstall the App.
Deep Analysis photos and videos: Deleted from our servers immediately after processing (maximum 1 hour).
Account data: Retained while your account is active; deleted upon your request or account deletion.
Subscription data (RevenueCat/Firebase): Retained as long as your account exists and as required by tax and accounting laws.
Feedback data and photos: Retained for up to 180 days to improve AI accuracy, after which the original photo file is permanently deleted. Aggregated, anonymized, or derived outputs (such as model improvements, statistics, and labels) generated during that period may persist after the photo itself is deleted.
Analytics data: Aggregated and anonymized; retained for up to 12 months.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information. Several of these can be exercised directly inside the App without contacting us:

Access: You can obtain a copy of your data at any time via Settings → Account → Export Data in the App. It produces a ZIP archive containing a structured JSON of all your records (tanks, species, equipment, captures, notes, reminders, identifications) together with the original photo and video files. You may also request a copy by contacting us at the email address below.
Correction: You can edit your tank, species, equipment, note, and reminder records directly in the App. For account-level data (such as the email tied to your sign-in), contact us at the email address below.
Deletion: You can delete your account and all associated cloud data via Settings → Account → Delete Account in the App, or via the web form at aquasnap.io/delete-account. This removes your Firebase Auth user, your subscription record, and your server-side data; for iOS users who signed in with Apple, the Sign in with Apple grant is revoked as part of the same flow. Locally cached data on your device is removed when you uninstall the App.
Portability: The Export Data archive described under Access is structured JSON plus your original media files — a machine-readable format suitable for porting your data to another service.
Opt-out of analytics: Opt out at any time via Settings → App → Usage analytics in the App. Once disabled, no further events are sent and the analytics client is torn down for the remainder of the session. You may also opt out by contacting us.
Withdraw consent: Where we rely on your consent (e.g., analytics or feedback photo sharing), withdraw it at any time. The feedback photo opt-in is per-submission, so you control it each time you submit feedback.
Lodge a complaint: EU/UK users have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at aquasnap@polimati.com. We will respond within 30 days (or sooner where required by law).

Jurisdiction-specific rights

EU/EEA and UK (GDPR / UK GDPR): You have all the rights listed above. You may also lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).

Brazil (LGPD): If you are in Brazil, the Lei Geral de Proteção de Dados (Law No. 13,709/2018) gives you the rights of confirmation and access, correction, anonymization or blocking, deletion, portability, information about sharing of your data, and the right to revoke consent. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). Contact us at aquasnap@polimati.com to exercise these rights.

Japan (APPI): If you are in Japan, the Act on the Protection of Personal Information gives you the rights to request disclosure, correction, addition, deletion, and cessation of use or provision to third parties of your retained personal data. Contact us at aquasnap@polimati.com to exercise these rights; we may verify your identity before responding.

9. International Data Transfers

The App is operated from the United States. If you access the App from outside the United States, your information may be transferred to, stored, and processed in the United States and in other countries where our service providers operate. By using the App, you consent to these transfers.

EU/EEA and UK: Where we transfer personal data out of the EU/EEA or UK to a country that has not been the subject of an adequacy decision, we rely on appropriate safeguards under Article 46 of the GDPR — typically the European Commission's Standard Contractual Clauses (SCCs) and, for transfers from the UK, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs. Our principal sub-processors (Google Cloud / Firebase, RevenueCat, Statsig) make these safeguards available as part of their standard terms of service.

Brazil (LGPD): Where we transfer personal data of users in Brazil to another country, we rely on transfer mechanisms recognized under Article 33 of the LGPD, including standard contractual clauses adopted or recognized by the ANPD, or your specific consent where required.

Japan (APPI): Where we provide personal information of users in Japan to a third party in a foreign country, we rely on mechanisms permitted by the APPI, such as obtaining your prior consent or ensuring the recipient maintains a system that conforms to APPI standards. You may request information about the destination country's data protection regime at the contact address above.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this policy
Post the updated policy on our website
Display a notice within the App the next time you open it
Send an email to users who have provided an email address (account holders)

Your continued use of the App after changes are posted constitutes your acceptance of the revised policy. We recommend reviewing this policy periodically to stay informed. Anonymous users who have not provided an email address should check this page for updates.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at aquasnap@polimati.com.