Privacy Policy — Furwise

Effective date: April 24, 2026

This Privacy Policy explains how OrcaKobo, an independent studio based in Taiwan ("OrcaKobo", "we", "us"), handles personal data when you use the Furwise mobile app and website (together, the "Service").

This policy is written in English. Translations are for convenience only; the English version prevails. This policy covers our practices globally and highlights additional rights for users in the EU/UK (GDPR), Japan (APPI), and California (CCPA/CPRA) where applicable.

1. Who we are

Furwise is an independent product by OrcaKobo. OrcaKobo is a sole proprietorship based in Taiwan, not an incorporated company. For the purposes of GDPR, OrcaKobo is the data controller for data processed through the Service. For APPI, we are the personal information handler (個人情報取扱事業者).

Contact: [email protected].

2. What data we collect

We collect only what we need to run Furwise. The list below mirrors the Privacy Manifest bundled with our iOS app and the App Store Connect "App Privacy" disclosure.

From the iOS app

  • Email address. Provided when you sign in with Apple, Google, or email. Used to identify your account and send service emails.
  • Display name. Optional, set during onboarding or in profile settings. Used to personalize the app.
  • User ID. A Supabase-generated UUID that identifies your account across our systems (also used as your RevenueCat subscription ID).
  • Photos you upload as pet avatars, care record attachments, AI insight inputs, or bug-report attachments.
  • Pet care data you enter: pet profiles (name, species, breed, birth date), weight logs, feeding and drinking records, litter records, symptoms, medications, medical visit notes, and memos. Pet data is not classified as "Health & Fitness" under Apple's taxonomy, which covers human health via HealthKit.
  • Product interaction events. Screen views and specific events (for example, paywall_view, recap_generated) collected by Firebase Analytics to understand how the app is used. Linked to your user ID.
  • Crash data. Stack traces, exception type, and thread state collected by Firebase Crashlytics when the app crashes. Linked to your user ID so we can group reports per user.
  • Other diagnostic data. Breadcrumbs, the analytics event trail leading up to a crash, and device/OS/app version context attached to each report.

We do not track you across other apps or websites. Our Privacy Manifest declares NSPrivacyTracking: false with no tracking domains.

From the website (furwise.app)

  • Waitlist email address you provide when joining the launch waitlist. Stored in our Supabase database (see § 5). Used to send you a launch announcement and occasional product updates.
  • Analytics data via Google Analytics 4 (measurement ID G-T0HXJPVS88): pages viewed, session duration, device and browser information, country-level location, and referral source. Google Analytics sets cookies (_ga, _gid) in your browser. See § 10. Cookies for details.

From our backend

  • API request logs. IP address, request path, response code, and timestamp — retained for 30 days for abuse prevention and debugging.
  • Backend error reports via Sentry. Includes stack trace, request context, and IP address at the time of error.

3. How we use your data

We use your data only for the purposes below. For users in the EU/UK, each purpose has a GDPR lawful basis.

  • To provide the Service: let you log in, store your pet records, generate insights and recaps, process subscriptions, send push notifications. Lawful basis: performance of a contract (Art. 6(1)(b)).
  • To generate AI insights: photos and relevant care notes are sent to Google Gemini to generate summaries, mood observations, and facial-cue prompts. See § 4. AI processing for details. Lawful basis: performance of a contract.
  • To maintain and improve the Service: crash reports, analytics, and diagnostic data help us fix bugs and understand which features matter. Lawful basis: legitimate interests (Art. 6(1)(f)) — running a reliable app.
  • To communicate with you: send transactional emails (password resets, receipts, security notices) and, for waitlist subscribers, a launch announcement and occasional product updates. Lawful basis: performance of a contract for transactional email; consent (Art. 6(1)(a)) for waitlist updates.
  • To enforce our Terms and prevent abuse: API logs and Firebase App Check protect against scraping and misuse. Lawful basis: legitimate interests.
  • To comply with law: respond to legal requests where required. Lawful basis: legal obligation (Art. 6(1)(c)).

We do not sell your personal data and we do not use it for advertising.

4. AI processing

Some Furwise features use AI to produce insights about your cat (for example, mood summaries, weekly recaps, and facial-cue observations). When you trigger these features, the inputs — which may include photos, weights, symptoms, or memos — are sent to Google Gemini via Google's generative-AI API.

Google's paid generative-AI API, which we use, does not train Google's models on customer data by default. Inputs and outputs may be logged briefly for abuse monitoring but are not retained for model training. We do not use your data to train third-party AI models, and we do not use consumer ChatGPT or other free-tier tools with your data.

AI outputs are probabilistic. They may be wrong. They are not medical advice. See our Terms of Service, § 6 (Veterinary and medical disclaimer) and § 7 (AI and data limitations).

5. Who we share data with

We use a small number of third-party service providers ("processors") to run Furwise. Each processes your data only on our instructions and under their own privacy terms.

  • Supabase (database, authentication, file storage). Your account, pet data, and uploaded photos are stored here. Region: Tokyo, Japan (ap-northeast-1). Privacy policy.
  • Apple Inc. Handles Sign in with Apple, In-App Purchases, push notifications (APNs), and the App Store subscription lifecycle. Payment information is processed by Apple — we never receive your payment card details. Privacy policy.
  • Google LLC. We use several Google services:
    • Google Sign-In for optional Google OAuth login;
    • Google Cloud Run to host our backend;
    • Google Gemini for AI insight generation (see § 4);
    • Firebase Analytics (product interaction events), Firebase Crashlytics (crash reports), and Firebase App Check (API abuse prevention);
    • Google Analytics 4 on the website.
    Privacy policy.
  • RevenueCat. Manages your subscription state. Receives your user ID and purchase events (not your payment card). Privacy policy.
  • Sentry. Receives backend error reports including stack trace, request context, and IP at the time of error. Privacy policy.

We may also disclose data if required by law (for example, in response to a valid court order) or to protect the rights, property, or safety of OrcaKobo, our users, or others.

6. Where your data is stored

Your account, pet data, and photos are stored in Supabase's Tokyo region (Japan). Backend services run on Google Cloud Run in Google's Asia-Pacific infrastructure. Third-party processors may transfer or access your data from other countries (for example, Google and Apple operate globally).

For users in the EU/UK: transfers of personal data from the EU/UK to Japan rely on the European Commission's adequacy decision for Japan (in effect since January 2019), which recognises Japan as providing an adequate level of data protection. No additional safeguards such as Standard Contractual Clauses are required for the Japan leg of the transfer. For transfers to third-country processors (for example, Google and Apple data centers outside Japan or the EU), those processors rely on their own transfer mechanisms, primarily the EU–US Data Privacy Framework and Standard Contractual Clauses.

7. How long we keep your data

  • Account and pet data: for as long as your account is active, plus up to 30 days after account deletion to complete cleanup and honor backup cycles.
  • Waitlist email: until you unsubscribe or for up to 12 months after the app's public launch, whichever comes first.
  • Firebase Analytics event data: 14 months (Firebase default retention).
  • Crash reports (Firebase Crashlytics, Sentry): up to 90 days.
  • Backend API logs: up to 30 days.
  • AI input/output logging at Google: per Google's generative-AI terms, typically a short abuse-monitoring window (current Google documentation applies).

8. Your rights

Regardless of where you live, you have the following rights over your data:

  • Access: ask us what data we hold about you.
  • Correction: update inaccurate data (most can be edited directly in the app; for anything else, email us).
  • Deletion: delete your account and associated data (see § 9. How to delete your account).
  • Export: request a machine-readable copy of your data.
  • Object or restrict processing: ask us to stop processing your data for a specific purpose (for example, analytics).
  • Withdraw consent: where we rely on consent (such as waitlist updates), you can withdraw it at any time.

To exercise any of these rights, email [email protected]. We aim to respond within 30 days.

EU/UK users also have the right to lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu . Japan users may contact the Personal Information Protection Commission (個人情報保護委員会) at ppc.go.jp. California users have CCPA rights to know, delete, correct, and opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information as defined under CCPA/CPRA.

9. How to delete your account

You can delete your account in two ways:

  • From inside the app: open Settings and scroll to the bottom to find Delete Account. This removes your account and associated pet data.
  • By email: write to [email protected] from the address tied to your account and ask for deletion.

Deletion triggers permanent removal of your data within 30 days. Some data may persist longer in offsite backups that overwrite on a rolling schedule, or where retention is required by law (for example, invoice records). Deleting your account ends any active subscription on our side but does not cancel a future auto-renewal — cancel that separately in Settings → Apple ID → Subscriptions on your device.

10. Cookies and website tracking

The furwise.app website uses the following cookies:

  • Google Analytics 4 cookies (_ga, _gid): set by Google to measure website usage. Retention up to 2 years.
  • Essential session state stored in localStorage and sessionStorage (for example, whether you have dismissed the waitlist dialog). These are not cookies and are not shared with any third party.

We do not use advertising cookies, remarketing pixels, or cross-site tracking. You can disable cookies in your browser settings — this may reduce the accuracy of our analytics but will not affect your ability to use the website.

For EU/UK visitors: we rely on your continued use of the website as an indication of consent for analytics cookies. We are evaluating cookieless analytics alternatives (such as Plausible) to eliminate the need for cookie consent entirely.

11. Security

We use HTTPS for all data in transit. Data at rest in Supabase is encrypted by the provider. Passwords are never stored in plaintext — authentication is delegated to Apple, Google, or Supabase (with industry-standard hashing). Backend APIs require JWT authentication, and Firebase App Check validates that requests come from our genuine iOS app.

No system is perfectly secure. If we learn of a personal data breach that is likely to result in a risk to your rights, we will notify affected users without undue delay, and notify the relevant supervisory authority within 72 hours where required by GDPR Art. 33.

12. Children

Furwise is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a child under 13 without verifiable parental consent, we will delete it. If you believe we have such data, please email [email protected].

In jurisdictions where the digital-consent age is higher than 13 (for example, parts of the EU set it at 16), users under that age must have parental or guardian consent to use Furwise.

13. Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we will notify you in the app or by email at least 14 days before changes take effect. Continued use of the Service after changes take effect means you accept the updated policy. Previous versions are available on request.

14. Contact us

Questions about this policy or your data? Email [email protected]. We aim to respond within 30 days.