The Short Version
We do not run our own servers for your health data. Your bowel-movement logs, pet state, and personal settings are stored on your device (Core Data, Keychain, UserDefaults) and — if you are signed into iCloud — synced through your private iCloud account using Apple CloudKit. Some non-personal data (anonymous public-toilet locations, your chosen username, friend connections) lives in a shared CloudKit public database so the social and map features work. We never sell your data. We never use it for advertising. We never train AI models on it.
1. Who We Are
Pooey ("we", "us", "the App") is operated by the individual developer publishing the iOS app on the Apple App Store. For privacy enquiries, GDPR/CCPA requests, or to exercise any rights described below, contact privacy@pooey.app. For product support, use support@pooey.app.
2. Data Categories & Where They Live
We process the following categories of personal data. The "Storage" column tells you exactly where each lives.
| Category | Examples | Storage | Purpose |
|---|---|---|---|
| Health & fitness | Bristol type, timestamps, duration, color, mood before/after, symptoms, notes, photos | Device (Core Data) + iCloud private DB (CloudKit) | Core app functionality — your personal log |
| Apple Health data | Dietary fiber, water intake, sleep — read with your permission; bowel-movement events — written with your permission | Apple HealthKit (Apple-managed, on-device + iCloud if you enable Health sync) | Generate cross-correlated insights |
| Location | Approximate coordinates when you tag a toilet on the Poop Map | Device + iCloud private DB. Public-toilet locations (OSM data) are cached in CloudKit public DB without user attribution. | Restroom finder + map features |
| Identity (public profile) | Username you choose, display name, current streak | iCloud public DB (CloudKit) | Friends search, social features, leaderboards |
| Contacts | Names and phone numbers — only after you grant permission | Device only. Matched against the public username DB locally. | Find friends already using Pooey. Contacts are never uploaded. |
| Pet & gamification | Pet name, evolution stage, level, happiness, XP | UserDefaults (app group) + iCloud private DB | App functionality |
| IAP / purchase data | Subscription state, receipt, entitlement | Apple StoreKit (Apple-managed). We never see your payment method. | Verify subscription, restore purchases |
| Diagnostics | Crash logs, performance traces — only with your opt-in | Apple's analytics infrastructure (iOS Settings → Privacy & Security → Analytics & Improvements) | Bug fixing, performance improvements |
What we do not collect: we have no third-party analytics SDKs (no Firebase, no Mixpanel, no Adjust), no advertising IDs, and no tracking pixels. The app does not request App Tracking Transparency because it performs no cross-app tracking.
3. Third Parties That Process Data
- Apple Inc. — iCloud (CloudKit), HealthKit, StoreKit, APNs, App Store, optional crash analytics. Governed by Apple's privacy policy: apple.com/legal/privacy.
- OpenFoodFacts — public, open-source food-barcode database. When you scan a barcode we send only the barcode number to world.openfoodfacts.org to retrieve product info. No personal data is sent.
- OpenStreetMap / Overpass API — to fetch public-toilet locations near you. We send only the bounding box of the map region you are viewing. We do not transmit personally identifying data.
We do not share data with advertisers, data brokers, insurance providers, employers, or any other third party.
4. Legal Bases for Processing (EEA/UK GDPR)
If you are in the European Economic Area or the United Kingdom, our legal bases under Article 6 / Article 9 of the GDPR are:
- Performance of a contract (Art. 6(1)(b)) — to deliver the core logging, insight, and sync features you signed up for.
- Explicit consent (Art. 9(2)(a)) — for processing health data (Bristol logs, symptoms, HealthKit) and for contact-matching. You may withdraw consent at any time in iOS Settings → Pooey, or by deleting the app.
- Legitimate interest (Art. 6(1)(f)) — for diagnostic and crash analytics necessary to keep the app working safely; this never includes health data.
5. Your GDPR Rights (EEA, UK, Switzerland)
You have the right to:
- Access the data we hold about you (Art. 15) — request a copy via privacy@pooey.app. Most of your data already lives in your iCloud account and can be inspected through iOS Settings → Apple ID → iCloud → Manage Account Storage.
- Rectification of inaccurate data (Art. 16) — edit any log entry directly in the app.
- Erasure ("right to be forgotten", Art. 17) — see Section 7 "Data Deletion". The in-app "Delete Account" flow wipes everything.
- Restriction of processing (Art. 18) — disable iCloud sync in iOS Settings, or simply stop using affected features.
- Portability (Art. 20) — use the in-app PDF/CSV export from Profile → Export Data to receive your logs in machine-readable form.
- Object to processing (Art. 21) — particularly for any processing relying on legitimate interest. Email us and we will stop or justify it.
- Withdraw consent at any time — uninstall, disable iCloud sync, or revoke HealthKit / Contacts / Location / Camera / Photo permissions in iOS Settings.
- Lodge a complaint with your supervisory authority (EEA / ICO in the UK) at any time.
We aim to respond to all GDPR requests within 30 days.
6. California Consumer Privacy Act (CCPA / CPRA) Rights
If you are a California resident, you have the right to:
- Right to Know — request the categories and specific pieces of personal information we have collected about you. Email privacy@pooey.app.
- Right to Delete — request deletion of your personal information. Use the in-app "Delete All Data" flow (Profile → Account → Delete Account) or email us.
- Right to Correct — inaccurate personal information; edit directly in the app or email us.
- Right to Opt Out of Sale or Sharing — Pooey does not sell and does not share personal information as defined under the CCPA. There is nothing to opt out of, but you may still request confirmation in writing.
- Right of Non-Discrimination — we will not deny service, charge different prices, or provide a different quality of service if you exercise any CCPA right.
- Sensitive Personal Information — health data is "sensitive personal information" under the CPRA. We use it only for the disclosed purposes and do not infer characteristics about you for unrelated uses.
An "authorised agent" may submit requests on your behalf with signed authorisation. We may verify your identity by asking you to confirm details only the account holder would know.
7. Data Deletion
You have the right to delete your account and data at any time, with no waiting period:
- In the app — open Profile → Account → Delete Account. This wipes your CloudKit private database records, Core Data store, Keychain entries, UserDefaults preferences, and scheduled notifications. Your public-profile entry (username + display name) is also removed from the CloudKit public database.
- By uninstalling — removes all on-device data. iCloud-synced data remains until you delete it via the in-app flow or iCloud Settings.
- By email — write to privacy@pooey.app and we will process the right to erasure / right to delete request within 30 days.
HealthKit data is governed by Apple. Even if we read it, we cannot delete it from your Health app — you control that in Settings → Health → Data Access & Devices → Pooey.
8. Retention
We retain personal data only as long as you keep an account and your iCloud sync is enabled. When you delete your account, all records are removed within 30 days. Apple's iCloud back-end may retain encrypted backup snapshots for up to 30 additional days per their retention policy. Anonymised diagnostic data, if you enabled it, is retained by Apple per their analytics policy.
9. International Transfers
Apple's iCloud and CloudKit infrastructure may store your data in Apple data centres outside your country, including the United States. Apple's transfer safeguards (Standard Contractual Clauses, EU-US Data Privacy Framework) apply. See apple.com/legal/privacy for details.
10. Security
We rely on Apple's first-party security primitives:
- Transport: all network requests use TLS 1.2 or higher; App Transport Security is enabled with no exceptions.
- At rest: Core Data is stored in your iOS data protection class; sensitive identifiers use Keychain with
kSecAttrAccessibleWhenUnlockedThisDeviceOnly. - CloudKit: end-to-end encryption (Apple-managed) for private database records when Advanced Data Protection is enabled on your iCloud account.
- Authentication: CloudKit uses your iCloud identity; private records have an owner-only ACL.
- Rate-limiting: public-toilet writes are rate-limited per Apple iCloud user to prevent abuse.
11. Children's Privacy
Pooey is rated 12+ on the App Store. We do not knowingly collect personal data from children under 13 (or under 16 in the EU). If you believe a child has used the app, contact privacy@pooey.app and we will delete the account.
12. Changes to This Policy
When we materially change this policy we will (a) update the "Last updated" date, (b) post a notice in the app, and (c) for changes affecting your existing rights, request fresh consent if required by law. Continuing to use the app after a change constitutes acceptance.
13. Contact
- Privacy / data-protection officer: privacy@pooey.app
- Product support: support@pooey.app
- Legal / terms: legal@pooey.app
Postal correspondence: please use the email addresses above for the fastest response.
Our Privacy Promise
Digestive-health data is sensitive. We architected Pooey so that your records live in your iCloud, not ours. We have no business model that requires monetising your data. We do not use it for advertising, do not train AI on it, and do not share it with anyone except Apple's first-party services described above.