Privacy Policy

Effective date: May 10, 2026  ·  Last updated: May 10, 2026

This policy describes how Zhiva ("we," "our," or "the app") handles information when you use our iOS application. We are committed to keeping your pet's health data private.

1. What We Collect and Why

1.1 Diagnostic and Analytics Data

Zhiva collects anonymized diagnostic events to help us understand how the app is performing and identify problems. These events are linked to your account identifier (see §1.2) and include:

• Scan lifecycle events (scan initiated, completed, accepted)
• Insight delivery and engagement events (insight delivered, expanded)
• Subscription and paywall events (paywall presented, purchase completed, purchase failed)
• App error events (authentication failures, keychain errors)

Purpose: App functionality and product analytics. This data is used solely to improve Zhiva. It is not sold and is not used for third-party advertising.

1.2 User Identifier

Each Zhiva account is assigned a random UUID (owner_id). This identifier is attached to the diagnostic events described above so we can correlate events for the same account without storing any personal information (name, email, device identifiers). The identifier is not shared with advertising networks.

2. What We Do Not Collect

• No tracking: Zhiva does not use Apple's App Tracking Transparency framework, does not share data across apps or websites for advertising, and does not use any third-party tracking SDKs.
• No contact information: We do not collect your name, email address, or phone number through the app.
• No location data: We do not collect GPS or location data.
• No browsing or search history within or outside the app.
• No health or medical data beyond what you enter for your pets — pet health records you create are stored in your account and are not analyzed or shared.

3. On-Device Storage

Zhiva uses iOS UserDefaults to persist on-device preferences (selected pet, notification settings, onboarding state, and optional diagnostics opt-out). These values are read and written on your device only and are never transmitted off-device.

Offline scan documents are queued in your device's Application Support directory and uploaded to your account when connectivity is restored. File timestamps on these queued items are read solely to manage storage (FIFO eviction) — they are not transmitted and are not used for any tracking purpose.

4. Data Storage and Security

Pet health records and diagnostic events are stored on Supabase infrastructure (Supabase Inc., USA). Data in transit is encrypted with TLS. Data at rest is encrypted by the database provider. We apply Row-Level Security so that each account can access only its own records.

5. Data Retention

We retain account data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting support@zhiva.app. We will process deletion requests within 30 days.

6. Children

Zhiva is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

7. Changes to This Policy

If we make material changes, we will update the effective date above and, where feasible, notify you via the app. Continued use of Zhiva after a change takes effect constitutes acceptance of the revised policy.

8. Contact

Questions or privacy requests: support@zhiva.app

This policy will be reconciled with the App Store Connect privacy nutrition label and PrivacyInfo.xcprivacy manifest prior to the v1.0 public release.