1 Introduction
This Privacy Policy describes how Aplexity Limited ("Company," "we," "us," or "our") collects, uses, discloses, and protects your information when you use the DogTalk mobile application (also referred to as "AI Dog Translator"; the name of the application may change). The term "App" refers to the application under any name, and the term "Website" refers to our website at aplexityai.com. Together, the App and Website are the "Services."
We process personal data in accordance with applicable data protection laws, including the Hong Kong Personal Data (Privacy) Ordinance ("PDPO"), the EU General Data Protection Regulation ("GDPR"), and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").
This Privacy Policy forms part of and is incorporated into our Terms of Use. By using the Services, you agree to the collection and use of information described here. If you do not agree, do not use the Services.
2 Data Architecture
The App follows a local-first architecture. Your personal content (dog profiles, health records, care logs, photos, and documents) is stored on your device and is not uploaded to or stored on our servers. We do not maintain a centralized database of user content.
When you use the AI behavior analysis feature, the App transmits your photo to Google's Gemini API for processing. The photo is sent directly to Google's servers, processed, and the result is returned to your device. We do not store, cache, or retain photos on any server we operate. Google's use of this data is governed by Google's Gemini API Terms of Service.
On our side, we collect only product analytics and diagnostic data (described below) to maintain and improve the App.
2b Personal Data We Collect
"Personal Data" means any information relating to you directly or indirectly as an identified or identifiable natural person.
2b.1 Data Stored Locally on Your Device
The following data is created and stored exclusively on your device. We do not have access to it unless you explicitly share it (e.g., via support request):
- Dog Profile Data: Your dog's name, breed, birthdate, weight, gender, color, photo, microchip number, and pedigree number.
- Health Records: Vaccination records (dates, types, manufacturer), parasite treatment history, and veterinary documents you scan.
- Care & Activity Data: Water intake logs, food tracking entries, activity logs (walks, play, training sessions), daily wellness entries, and reminder schedules.
- Photos & Images: Photos stored in the App for dog profiles or document scanning.
2b.2 Data Processed by Third-Party AI
- Photos for Behavior Analysis: When you use the AI analysis feature, the selected photo is transmitted to Google Gemini API for processing. We do not store or retain these photos. Google processes them under its own data policies.
2b.3 Data Collected by Us (Server-Side)
- Account Information: Email address when you create an account (via Firebase Authentication).
- Product Analytics: App interactions, feature usage (tabs visited, scans performed, tips viewed), onboarding progress, and subscription events, collected via Firebase Analytics.
- Crash Reports: Diagnostic data, error logs, and crash information collected via Firebase Crashlytics.
- Remote Configuration: App configuration parameters retrieved via Firebase Remote Config.
- Subscription Data: Purchase and subscription status managed via RevenueCat.
2b.4 Communications
- Any information you provide when contacting our support team.
2b.5 CCPA Categories
Under CCPA/CPRA, the categories of personal information we collect server-side include: (A) identifiers (email, device ID); (D) commercial information (subscription history, purchase records); (F) internet or electronic network activity (usage data, analytics within the App).
3 Legal Basis for Processing (GDPR)
If you are located in the EEA, UK, or Switzerland, we rely on the following legal bases under GDPR Article 6(1):
- Contractual Necessity (Art. 6(1)(b)): Processing required to provide the Services (account management, core features, subscription processing).
- Legitimate Interests (Art. 6(1)(f)): Analytics, app performance improvement, fraud prevention, and service optimization, where these interests do not override your fundamental rights.
- Consent (Art. 6(1)(a)): Non-essential analytics, marketing communications, and optional tracking. You may withdraw consent at any time.
- Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws (tax records, regulatory requests).
4 How We Use Your Information
- Provide Core Services: Analyze dog behavior from photos using AI, manage dog profiles and health records, track care activities, and deliver personalized recommendations.
- Process Transactions: Manage subscriptions, verify purchases, and process in-app transactions through Apple's App Store and RevenueCat.
- Send Notifications: Deliver push notifications for water reminders, feeding schedules, activity reminders, and other alerts you configure.
- Improve Services: Analyze usage patterns, diagnose technical issues, and optimize app performance.
- Safety & Security: Detect and prevent fraud, abuse, and unauthorized access.
- Legal Compliance: Meet applicable legal requirements and respond to lawful requests.
5 Data Processing Principles
- We process Personal Data in a limited and measured manner, only as necessary for the purposes described in this Policy.
- We take reasonable steps to keep Personal Data accurate, complete, and up to date.
- We transfer or disclose Personal Data only as authorized by applicable law or with your consent.
6 Third-Party Services
The App relies on the following third-party services. Each service receives only the minimum data required for its function:
- Google Gemini API (Google LLC): Dog photos are transmitted to Google Gemini for AI-powered behavior analysis. Photos are processed by Google under its API terms and are not used for model training when sent via the API. We do not store these photos on any server we operate. Gemini API Terms
- Firebase (Google LLC): Authentication (email only), product analytics, crash reporting, and remote configuration. No user content (photos, profiles, health records) is sent to Firebase. Firebase Privacy Policy
- RevenueCat, Inc.: Subscription management and in-app purchase validation. Receives purchase data and anonymous device identifiers. RevenueCat Privacy Policy
- Apple Inc.: Purchase processing and app distribution. Apple Privacy Policy
7 Data Transfer and Disclosure
We may transfer or disclose your Personal Data to:
- Service Providers: Third-party companies that help us operate and improve the Services (cloud hosting, analytics, payment processing).
- Affiliates: Companies within the Aplexity Limited corporate group for operational purposes.
- Professional Advisors: Legal, accounting, and other professional advisors when necessary.
- Legal Requirements: Government authorities or law enforcement when required by applicable law, regulation, or legal process.
- Business Transfers: In connection with any merger, acquisition, or sale of company assets.
8 Cross-Border Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including Hong Kong and the United States (cloud services and analytics). We take reasonable steps to ensure that appropriate safeguards are in place for international data transfers in compliance with applicable laws. By using the Services, you consent to such transfers.
9 Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the Personal Data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your Personal Data (account deletion is available in the App settings).
- Restriction: Request that we limit processing of your data.
- Objection: Object to processing of your Personal Data for certain purposes.
- Data Portability: Request your data in a structured, machine-readable format (where applicable under GDPR).
- Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Lodge a Complaint: File a complaint with a supervisory authority (e.g., the Privacy Commissioner for Personal Data in Hong Kong, or the relevant supervisory authority in your EEA/UK jurisdiction).
To exercise any of these rights, contact us at support@aplexityai.com. We will respond within 30 days (or 45 days for CCPA requests, extendable by an additional 45 days with notice).
10 Additional Disclosures for California Residents
If you are a California resident, the following applies under CCPA/CPRA:
10.1 Sale and Sharing of Personal Information
We do not sell your Personal Information as defined by CCPA. We do not share your Personal Information for cross-context behavioral advertising purposes.
10.2 Your California Privacy Rights
- Right to Know: Request the categories and specific pieces of personal information we collected, the categories of sources, the business purpose for collecting, and the categories of third parties to whom we disclosed it, covering the prior 12 months.
- Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: Although we do not sell or share personal information, you may submit an opt-out request at any time at support@aplexityai.com.
- Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you can request that we limit its use to what is necessary for providing the Services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different quality of service because you exercised your rights.
10.3 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of written authorization from you. We may still require you to verify your identity directly.
10.4 Do Not Track
The App does not respond to "Do Not Track" browser signals. Our tracking practices are described in Section 11 below.
10.5 Shine the Light
Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.
11 Cookies and Tracking Technologies
The App and Website may use cookies and similar tracking technologies:
- Session Cookies: Temporary cookies that expire when you close the App or browser.
- Persistent Cookies: Cookies that remain on your device for a set period to remember your preferences.
- Analytics SDK: Firebase Analytics SDK collects app usage data to help us understand how the Services are used.
For users in the EEA/UK, we obtain consent before using non-essential cookies in accordance with applicable regulations.
Apple App Tracking Transparency: If the App uses identifiers for tracking as defined by Apple, we will request your permission through the App Tracking Transparency prompt before any such tracking occurs. You may change your preference at any time in your device settings.
12 Automated Processing and Profiling
The App uses Google Gemini AI to analyze dog behavior from photos. When you submit a photo, it is sent to Google Gemini API, which returns a behavioral interpretation based on principles of ethology (the scientific study of animal behavior). This constitutes automated processing under GDPR.
No decisions with legal or similarly significant effects are made through this processing. The AI output is informational only, intended to help you better understand your dog's body language. It does not replace professional veterinary or behavioral assessment. You have the right to request human review of any AI-generated output by contacting us.
13 Data Retention
We retain Personal Data according to the following schedule:
- Account data (Firebase Auth): Retained for the duration of your account. Upon account deletion, your authentication record is deleted immediately.
- Dog profiles, health records, care data: Stored exclusively on your device. You control this data. It is deleted when you remove profiles, clear app data, or uninstall the App. We never have access to it.
- Photos for AI analysis: Transmitted directly to Google Gemini API for processing. We do not store, cache, or retain these photos. Google's retention is governed by Gemini API Terms.
- Product analytics: Retained in aggregated form for up to 26 months (Firebase Analytics default).
- Crash reports: Retained for up to 180 days (Firebase Crashlytics default).
- Transaction records: Retained by RevenueCat and Apple for up to 7 years to comply with tax and accounting obligations.
14 Security
We implement technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), secure cloud storage, and access controls. No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
15 Security Breach Notification
In the event of a security breach affecting your Personal Data: (a) we will notify the relevant supervisory authority within 72 hours where required by GDPR; (b) we will notify affected individuals without unreasonable delay in accordance with applicable law, including California Civil Code Section 1798.82; (c) notification will be made electronically through the App or via email.
16 Children's Privacy
The Services are not directed at children under 13. We do not knowingly collect Personal Data from children under the age of 13. In compliance with the U.S. Children's Online Privacy Protection Act ("COPPA"):
- We do not target the App to children under 13.
- If we learn that we have collected Personal Data from a child under 13, we will delete that data within 30 days.
- A parent or guardian who believes their child has provided Personal Data to us may contact us at support@aplexityai.com to request review, deletion, or to refuse further collection of the child's data.
Users aged 13 to 17 may use the Services only with verifiable parental consent and under parental supervision, as described in Section 2 of our Terms of Use. We apply the same data protection standards to all minor users. Where applicable, we comply with the California Age-Appropriate Design Code Act for users under 18.
17 Liability
While we take reasonable measures to protect your data, we are not responsible for any loss of data due to technical failures, security breaches beyond our reasonable control, or malicious third-party actions such as malware or hacking.
18 Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. For material changes, we will provide at least 30 days' notice by posting the updated policy in the App and, where possible, by email. If you do not agree with the changes, you may stop using the Services and delete your account before the changes take effect. Continued use of the Services after the notice period constitutes acceptance of the updated policy.
19 Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our data practices: