Privacy Policy

1. Age Requirement

Bunnefit is intended for adults only. You must be 18 years of age or older to use the Service. We do not knowingly collect or store information from anyone under 18.

2. Information We Collect

2.1 Information Stored Locally (Your Private Logs)

All information you enter manually is stored only on your device with industry-standard encryption. We do not have access to this data:

• Health Logs: Symptoms (severity and body part), Mood, Sleep patterns, Energy levels, Water intake.
• Lifestyle Tracking: Medication logs, Meal logs, Exercise duration/intensity.
• Reflections & Photos: Daily journal entries and any photos you attach via Photo Journaling.
• Personalization: Your nickname and your bunny's name.

2.2 Anonymous Cloud Data

To enable certain app features, limited anonymous data is stored in the cloud (Firebase):

• Anonymous User Identification: Bunnefit assigns a random, internal identifier to your device via Firebase Anonymous Authentication. This ID is used only to verify your Bun+ status and award badges. It is not linked to your name, email, or any health/journal data.
• Sanctuary Rank & Founder Badges: When a new user joins, a global counter increments. This is anonymous and cannot identify you personally.

2.3 Store & Subscription Information

For Bun+ subscriptions, transactions are processed by the Google Play Store. We do not collect or store credit card or billing information. We receive only an anonymous token to confirm active subscriptions.

3. How Your Data Is Stored

• On-Device Encryption: All wellness and symptom data is encrypted and stored only on your device.
• No Health Cloud: We do not maintain servers that store your health, mood, or journal entries. Developers cannot see your private logs.
• Device Backups: If you use Google Drive to back up your phone, your Bunnefit data may be included and is governed by your agreement with Google.

4. Analytics and Crash Reporting

To improve the app, we use Google Firebase tools:

• Firebase Analytics: Tracks anonymous events (e.g., "User opened Achievements page"). This does not include health logs, reflections, or journal content.
• Firebase Crashlytics: Sends anonymized crash reports (device type, code error) to help fix bugs. No personal health information is included.

5. Permissions

Bunnefit requests only the minimum permissions necessary for optional features:

• Notifications (Optional): To send reminders for check-ins.
• Biometrics (Optional): To lock the app with fingerprint authentication. Your raw biometric data never leaves your device.
• Photo Library (Optional): Only needed if you use Photo Journaling.

6. Data Portability and Deletion

You have full control over your data:

• Export Data: Generate a CSV file of your full history, including timestamps, from Settings.
• Delete All Data: Wipe all logs, photos, and settings from your device. See the Data Deletion page for step-by-step instructions.
• Uninstallation: Deleting the app permanently and irreversibly removes all local data.

7. Medical Disclaimer

Bunnefit is not a medical device and does not provide medical advice, diagnosis, or treatment. It is a self-monitoring tool for informational purposes only. Always consult a qualified healthcare provider for medical concerns.

8. Legal and International Compliance

GDPR (European Union)

If you're in the EU, you have rights over your data — and we want to make them easy to actually use.

Because Bunnefit stores your health logs only on your device, we don't hold or process that data on our end. But for the anonymous data we do handle (your Firebase ID, analytics events, and crash reports), here's what you're entitled to:

• Access — you can ask what anonymous data we hold about your device.
• Rectification — you can ask us to correct inaccurate data.
• Erasure — you can request deletion of your anonymous ID and associated records.
• Restriction — you can ask us to limit how we process your data.
• Portability — you can export your full local history as a CSV anytime from Settings.
• Objection — you can object to processing based on legitimate interests.
• Complaints — you have the right to lodge a complaint with your local data protection authority (DPA).

Lawful basis for processing: We process anonymous identifiers and analytics data on the basis of legitimate interests (improving app stability and functionality). No special category health data is processed on our servers.

Retention periods: Your anonymous Firebase ID is retained for as long as your app is installed. Crashlytics reports are retained for 90 days. Firebase Analytics data is retained for 14 months (Google's default). You can reset or delete your anonymous ID at any time by wiping your data from Settings or uninstalling the app.

To exercise any of these rights, email us at support@bunnefit.com.

COPPA (United States)

Bunnefit is not intended for children under 13 and we do not knowingly collect data from minors.

HIPAA (United States)

Bunnefit is not a covered entity under HIPAA and does not store health information on servers.

9. Changes to This Policy

We may update this policy as new features are added. Significant changes will be communicated via an in-app update or by revising the "Last Updated" date at the top of this page.

10. Contact Us

For questions about your privacy, please reach out: