Plain English summary: Burrow stores your pet and medication data securely in Supabase. We never sell your data or use it for advertising. You can delete your account and all associated data at any time from the app.
1. What We Collect
When you use Burrow, we collect the following information to provide the service:
- Account information โ your email address and display name
- Pet profiles โ pet name, species, breed, date of birth, and optional profile photos
- Medication data โ medication names, dosages, frequencies, and scheduled times
- Dose history โ a record of doses logged, skipped, or missed, with timestamps
- Vet details โ your vet's clinic name, contact information, and address (if you choose to add them)
- Prescription records โ medication prescriptions and expiry dates (if you choose to add them)
- Caregiver tokens โ secure access tokens generated when you invite a caregiver
- Device push token โ used to send dose reminder notifications to your device
- App security PIN โ stored as a one-way SHA-256 hash on your device only; never transmitted to our servers
2. How We Use Your Data
Your data is used solely to operate and improve Burrow:
- Displaying your pet's medication schedule and dose history
- Sending local and push dose reminder notifications
- Generating adherence analytics and health reports
- Allowing caregivers you invite to log doses on your behalf
- Providing AI-assisted answers through Burrow Buddy (your pet context is sent to our server-side AI proxy; no conversation history is stored)
We do not use your data for advertising, profiling, or any purpose beyond operating the app.
3. Data Storage and Security
Your data is stored in Supabase, a secure cloud database platform. Access is protected by Row Level Security (RLS) policies โ only your authenticated account can read or write your data.
All data is encrypted in transit via HTTPS. Pet and profile photos are stored in a public Supabase Storage bucket accessible via direct URL โ do not store sensitive documents in photo fields.
Your app security PIN is stored as a one-way hash in iOS Secure Enclave / Android Keystore on your device only and is never sent to our servers.
4. Caregiver Access
When you generate a caregiver link, a secure random token is created and stored. Anyone with that link can view your pet's medication schedule and log doses. You can revoke access at any time by deleting the caregiver entry from the Care Team tab โ this immediately invalidates the link.
5. Payments
Burrow Pro subscriptions are processed entirely by Apple (App Store) or Google (Google Play). Burrow does not collect or store payment card details. Subscription management, billing, and refunds are handled by the respective platform.
6. Third-Party Services
Burrow uses the following third-party services:
- Supabase โ database, authentication, and file storage
- RevenueCat โ subscription management (does not receive personally identifiable data beyond an anonymous user ID)
- Expo / Expo Push โ push notification delivery
- Groq โ AI inference for Burrow Buddy (messages are sent to Groq via our server-side proxy; Groq's privacy policy applies to message content)
- Google Places API โ used by the Emergency Vet Finder feature (your approximate location is sent to Google to find nearby clinics; Google's privacy policy applies)
7. Your Rights
You have the right to:
- Access your data โ all data is visible within the app
- Delete your data โ tap Settings โ Delete Account to permanently delete your account and all associated data. This action is immediate and irreversible.
- Correct your data โ edit any pet, medication, or profile information at any time within the app
- Export your data โ generate a PDF health report from the Analytics tab at any time
If you are located in the European Union, United Kingdom, or other jurisdictions with specific privacy regulations (including the New Zealand Privacy Act 2020), you may have additional rights. Contact us at privacy@getburrow.app with any requests.
8. Children's Privacy
Burrow is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Data Retention
Your data is retained for as long as your account is active. When you delete your account, all data is permanently deleted from our database. Anonymised, aggregated analytics (if any) may be retained indefinitely as they cannot be linked to any individual.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of Burrow after changes constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data requests, or concerns, contact us at:
privacy@getburrow.app
Burrow is developed and operated in New Zealand.