Privacy Policy

Last updated: April 5, 2026

AquaLock ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

1. Information we collect

Account information

  • Name and email address (via Sign in with Apple or Sign in with Google)

Health & profile data (provided during onboarding)

  • Age, gender, height, weight
  • Activity level (weekly workout frequency)
  • Daily water goal and unit preference (ml/oz)
  • Wake time, sleep time, and reminder preferences
  • Goals and motivations you share with us

Hydration data

  • Water intake logs (amount, timestamp)
  • Photos you submit for AI water verification

Usage & analytics

  • Screen views and in-app events (via PostHog)
  • App attribution (where you heard about AquaLock)
  • Subscription status

Device data

  • Device timezone
  • Push notification tokens (for reminders)
  • App Lock configuration (which apps you choose to lock — stored only on your device and never transmitted to our servers)

2. How we use your information

  • To provide the app's core features: hydration tracking, reminders, streaks, and app locking
  • To calculate a personalised daily water goal based on your profile
  • To verify water photos using AI (images are sent to OpenAI's API for analysis and are not stored by OpenAI beyond the request)
  • To send push notifications for hydration reminders and streak alerts
  • To process and manage your Pro subscription
  • To improve the app using anonymised, aggregated analytics data

Health and wellness (not medical advice)

We are not medical professionals or healthcare providers. AquaLock is a wellness tool for hydration habits only. It is not a medical device and does not provide medical advice, diagnosis, or treatment. Any health-related information you share is used solely to operate app features (such as goal estimates), not as a clinical record. If you have medical conditions, are pregnant, or have specific hydration needs, consult a qualified healthcare professional.

3. Third-party services

We share data with the following services to operate AquaLock:

  • Supabase — Database, authentication, file storage, and backend functions. Your profile and hydration data are stored here. supabase.com/privacy
  • Apple / Google — Sign-in authentication. We receive only the name and email address you choose to share via Sign in with Apple or Sign in with Google.
  • Firebase (Google) — Delivery of push notifications on iOS and Android. Your device push token is used solely for this purpose. firebase.google.com/support/privacy
  • RevenueCat — In-app purchase and subscription management. revenuecat.com/privacy
  • OpenAI— AI-powered water photo verification. Photos are transmitted to OpenAI's API per request and are subject to OpenAI's data usage policies for API customers (not used to train models by default). openai.com/policies/privacy-policy
  • PostHog — Product analytics. We collect anonymised usage events (screen views, onboarding steps) to improve the app. No personal health data is shared with PostHog. posthog.com/privacy

We do not sell your personal data to third parties.

4. App locking & Screen Time

AquaLock's app locking feature uses Apple's Family Controls framework (iOS only). The list of apps you choose to lock is stored locally on your device and is never transmitted to our servers. You must explicitly authorise this feature. You can revoke this authorisation at any time in iOS Settings > Screen Time.

5. Data storage & security

  • Your data is stored on Supabase servers with row-level security enforced — only you can access your own records.
  • All data is transmitted over HTTPS/TLS.
  • Water photos are stored in a private, user-namespaced Supabase Storage bucket.
  • Some preferences (e.g. unit settings, lock schedule) are stored locally on your device.

6. Data retention & deletion

We retain your data for as long as your account is active. You can permanently delete your account at any time from the app's Settings screen. Deletion removes your profile, all hydration logs, water photos, and authentication credentials. This action is irreversible.

7. Age requirement

AquaLock is intended for users aged 16 and older. We do not knowingly collect personal information from anyone under 16. If you believe someone under 16 has created an account, please contact us and we will delete it promptly.

8. Your rights (UK GDPR)

As a UK resident, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time

To exercise any of these rights, contact us at contact@aqualock.app. You also have the right to lodge a complaint with the ICO (Information Commissioner's Office) at ico.org.uk.

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via the app or by email. Continued use of AquaLock after changes constitutes acceptance.

10. Contact

contact@aqualock.app