Privacy Policy

Effective date: May 11, 2026 · Last updated: May 11, 2026

1. Information We Collect

Account information

When you sign in with Google or Apple, we receive your email address and display name. We never collect or store passwords. If you skip login and use the app as a guest, no account information is collected at all.

Health log data

PUP lets you log bowel movements. Each entry can include:

  • Stool type (Bristol Scale 1–7), toilet type, date & time — required
  • Duration, notes (up to 500 characters), location name — optional
  • GPS coordinates — optional, only when you tap the location button and enable "save on map"

Calculated insights

From your logs we compute streaks, scores (0–100), achievements, health predictions, and a country travel map. These are derived from your own data and visible only to you (or friends, where the feature exists).

What we don't collect

No device identifiers, no advertising IDs, no analytics, no crash reports, no tracking pixels. Our server logs record only HTTP method, URL, status code, and response time — nothing that identifies you personally.

2. How We Use Your Information

We use your data to:

  • Store and sync your logs across devices
  • Calculate health insights, scores, and achievements
  • Power leaderboards and social features (friends, reactions)
  • Let you export your data (JSON/CSV) for personal records or clinical use

We do not use your data for advertising, user profiling, or sale to third parties.

3. Location Data

Location is never collected automatically. You must press the location button in the add-log form, grant foreground location permission, and enable the "save on map" toggle — all three steps — before coordinates are stored.

Even then, our server strips coordinates for sensitive locations (home, apartment, boarding house, etc.) automatically.

When coordinates are saved, they're sent to OpenStreetMap to look up the country, city, and place type. Only latitude and longitude are sent — no account details or other data.

4. Data Sharing

We do not sell, rent, or trade your personal data.

If you use social features, other authenticated users may see:

  • Leaderboards: your display name and ranking
  • Friends: your display name, email, and poop score
  • Reactions: your display name on emoji reactions you send

Your individual logs, notes, and GPS coordinates are never visible to other users.

5. Storage & Security

All data in transit is encrypted via HTTPS. On your device, auth tokens are stored in the iOS Keychain or Android Keystore (hardware- backed encryption), and logs are kept in a local SQLite database within the app's private sandbox.

On our servers, data lives in a managed PostgreSQL database (Render) with encryption at rest. Refresh tokens are stored as SHA-256 hashes — raw tokens are never persisted. Access tokens expire every 15 minutes and refresh tokens rotate on each use.

In guest mode, all data stays on your device. Nothing is sent to our servers.

6. Your Rights & Choices

  • Access & export: download all your logs as JSON or CSV from the app
  • Edit: modify any log entry at any time
  • Delete: remove individual logs or delete your entire account (all logs, achievements, friends, tokens — gone permanently)
  • Go offline: use the app in guest mode to keep everything local

To exercise these rights, use the in-app tools or email us at privacy@pup.my.id.

7. Data Retention

We keep your data for as long as your account is active. When you delete your account, everything is permanently removed from our servers within 30 days — profile, logs, achievements, friends, tokens, all of it.

8. Children's Privacy

PUP is not intended for anyone under 13. We don't knowingly collect data from children. If we learn that a child under 13 has an account, we'll delete it and all associated data. Let us know at privacy@pup.my.id.

9. Third-Party Services

A small number of services process data on our behalf:

ServiceWhat it doesWhat it sees
Google / Apple Sign-InAuthenticationEmail and name from your ID token
OpenStreetMap (Nominatim)Reverse geocodingLatitude & longitude only
RenderHosting & databaseAll server-side data (managed PostgreSQL)
Google Maps SDKIn-app map displayMap tile requests — no user data

No analytics platforms, crash reporters, ad networks, or tracking tools are used anywhere in PUP.

10. Changes to This Policy

We may update this page from time to time. The "Last updated" date at the top always reflects the current version. If a change materially affects how your data is handled, we'll let you know through the app or by email before it takes effect.

11. Contact Us

Questions, concerns, or data requests — reach out anytime:

privacy@pup.my.id