1. Who We Are
MeowLog is developed and operated by Ingvaldsen Utvikling. We are responsible for the processing of your personal data. Privacy questions can be directed to [email protected].
2. What We Collect
We collect the following information:
- •Name and email address — used for login and account identification (via Sign in with Apple or Google Sign-In).
- •Pet data — name, species, breed, gender, date of birth, color, microchip ID, adoption date, photos, weight history, health records, and diary entries you provide.
- •Tasks and reminders — task titles, categories, schedules, frequency settings, assignments, and completion records you create for your pets.
- •Documents — veterinary records, vaccination certificates, receipts, and other files (images and PDFs) you upload to the document vault.
- •AI interactions — questions and conversations you have with our AI assistant, including chat history (retained for context within your session, up to 20 messages), photo analysis results, and AI-generated insights, summaries, and tags.
- •Household data — if you create or join a household, we store membership information, display names, and invite codes to enable shared access to pet data among household members.
- •Content reports — if you report inappropriate content on a public pet profile, we collect the report category, description, and your user ID to process the report.
- •Audit logs — we log certain account actions (login, data exports, account deletion, subscription changes) along with your IP address for security and fraud prevention purposes.
- •Usage data — anonymous events (features used, screen views, app performance) collected via PostHog Analytics.
- •Technical data — device type, operating system, app version, and crash reports via Sentry.
3. Why We Collect Data
Under the GDPR, we must have a legal basis for each processing purpose:
- •Deliver and improve the service (Art. 6(1)(b) — contract performance)
- •Sync data across your devices (Art. 6(1)(b) — contract performance)
- •Send account and subscription notifications (e.g. downgrade warnings, security alerts) (Art. 6(1)(b) — contract performance)
- •Send push notifications and reminders to your device (Art. 6(1)(a) — consent, via device settings)
- •Send marketing emails (product updates, tips, new features) (Art. 6(1)(a) — explicit consent, via email preferences in Settings)
- •Analyze usage patterns for product improvement (anonymized) (Art. 6(1)(a) — consent, via cookie preferences)
- •Provide AI-powered insights based on your pet data (Art. 6(1)(b) — contract performance)
- •Store and process documents you upload to the document vault (Art. 6(1)(b) — contract performance)
- •Enable household sharing of pet data between members (Art. 6(1)(b) — contract performance)
- •Moderate uploaded content for policy compliance (Art. 6(1)(f) — legitimate interest in platform safety)
- •Maintain audit logs for security purposes (Art. 6(1)(f) — legitimate interest in security)
- •Display public pet profiles to visitors (Art. 6(1)(a) — consent (user explicitly enables))
4. Storage and Security
Your data is stored in a PostgreSQL database on servers in Germany (EU) operated by Hetzner Online GmbH. All communication between the app and our servers is encrypted with TLS/HTTPS. Data at rest is protected by disk encryption.
Additional security measures include: token-based authentication with automatic expiration, time-limited signed URLs for file access, rate limiting to prevent abuse, automated content moderation on uploads, and secure credential storage using the iOS Keychain.
Access to the production database is restricted to authorized operations personnel. We conduct regular security assessments and updates.
5. Data Sharing
We never sell your personal data to third parties.
We may share data with the following service providers to the extent necessary to deliver the service:
- •PostHog — anonymized usage analytics (EU servers)
- •Sentry — error reporting and performance monitoring
- •Apple — Sign in with Apple authentication and App Store payments
- •Google — Google Sign-In authentication and Cloud Vision API for automated content moderation of uploaded images
- •Google Gemini / Anthropic Claude — AI-powered features including: pet photo analysis (mood detection, health observations, and diary text generation), chat assistance, diary writing prompts, text improvement, tag and summary generation, health Q&A, daily behavioral insights, and veterinary appointment preparation. Only pet-related data is sent — no personal identifying information.
- •Stripe — web subscription payment processing
- •RevenueCat — iOS subscription management
- •Cloudflare — content delivery network (CDN) and security protection. Cloudflare processes your IP address and request metadata to deliver content and protect against abuse.
- •Email service provider — we use a third-party SMTP service to send transactional emails (account notifications, subscription warnings, deletion notices). Only your email address and the message content are shared.
6. International Data Transfers
Your data is primarily stored in the EU (Germany). However, some of our service providers process data in the United States:
- •Google — AI services, authentication, and content moderation
- •Anthropic — AI-powered chat and pet health insights
- •Stripe — web subscription payment processing
- •RevenueCat — iOS subscription management
- •Sentry — error reporting and performance monitoring
- •PostHog — usage analytics (only with your consent)
These transfers are based on the EU-US Data Privacy Framework (DPF), under which the listed providers are certified. In the event the DPF is invalidated, we will rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the alternative transfer mechanism.
7. Automated Content Moderation
To maintain a safe environment, uploaded images are automatically scanned for inappropriate content using Google Cloud Vision API. This analysis happens at the time of upload and the results are not stored — only a pass/fail decision is made.
Images that are flagged as potentially containing adult, violent, or otherwise inappropriate content will be rejected. No human review occurs unless required by law.
8. Public Pet Profiles
You can optionally enable a public profile for your pet. This makes your pet's name, species, breed, age, and photos you explicitly publish visible to anyone with the link. No personal information about you is displayed on public profiles.
Publishing is always explicit — each photo must be individually selected for publication. You can disable the profile or unpublish individual photos at any time, with immediate effect.
Public profile pages do not use cookies, tracking, or analytics. Photo metadata (EXIF data) is stripped before serving.
9. Household Sharing
MeowLog allows you to create or join a household to share pet care responsibilities. When you share a household:
- •All household members can view and edit all pets, diary entries, health records, tasks, photos, and documents within the household.
- •The household owner can invite new members (up to 8) and remove existing members.
- •If you leave or are removed from a household, you lose access to all shared data within that household. Data you contributed remains accessible to remaining members.
- •Household sharing requires a Pro subscription. If the owner's subscription lapses, a 30-day grace period applies before members are removed.
By joining a household, you consent to other members viewing and editing data you add to the household.
10. Your Rights (GDPR)
As a user in the EU/EEA, you have the following rights:
- •Access to what data we have stored about you
- •Correction of inaccurate information
- •Deletion of your account and all associated data
- •Data portability — export your data in a machine-readable format
- •Restriction of processing — request that we limit how we use your data while a dispute is being resolved
- •Right to object to data processing
You can exercise your right to access and data portability directly in the app via Settings → Export My Data, which provides a complete download of your data in JSON format.
You have the right to withdraw your consent at any time. You can withdraw analytics consent through the cookie preferences on our website or by disabling analytics in the app settings. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
To exercise your rights, contact us at [email protected].
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no or by email at [email protected].
11. Data Retention
We store your data for as long as your account is active. When you delete your account, all personal data is removed within 30 days, except for data we are required to retain for accounting purposes (up to 5 years). Accounts that have been inactive for more than 24 months may be deleted. We will send a notification email 30 days before automatic deletion.
12. Children's Privacy
MeowLog is not directed at children under the age of 16 (or 13 in jurisdictions where that is the applicable age of digital consent). We do not knowingly collect personal data from children under this age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will promptly delete the data.
13. Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email or in the app. Continued use of the service after an update constitutes acceptance of the new policy.