Privacy Policy
Effective date: 2026-05-09. Last updated: 2026-05-28.
1. What this policy covers
This Privacy Policy explains what data the Just Drink! mobile application (the "App") collects, how we use it, who we share it with, and the rights you have. By using the App you agree to this policy.
2. Data we collect and why
2.1 Stored only on your device
- Hydration log — every drink entry (volume, timestamp, type) is stored on your device in a local file (
drinks.json). It does not leave the device unless you explicitly export it (no export feature exists at the moment). - App settings and profile — selected plant, daily goal, language, reminder times, dark mode flag — stored in iOS UserDefaults on your device.
- Achievements and unlocked content — stored in iOS UserDefaults on your device.
2.2 Sent to our servers (premium subscribers only)
If — and only if — you are a premium subscriber, the App contacts our backend at nf-ai.cyberded.com approximately once every 7-14 days to generate personalized hydration tips. The request contains:
- Device identifier — a randomly generated UUID stored in iOS UserDefaults. It is reset whenever you reinstall the App. It is not your Apple ID, IDFA, or any system identifier, and it is not linked to your name or email.
- Aggregate hydration metrics — current streak (days), today's progress (%), goal-hit rate over the last 7 days, average ml per day, daily goal in ml. We do not send raw drink entries or timestamps.
- Selected language and selected plant name (e.g. Cactus) so generated tips match your language and plant choice.
Our backend forwards this minimal aggregate to OpenAI (see Section 4) to produce 14 days' worth of short text suggestions, returns them to your device, and discards the request. We do not maintain any database of users or hydration history on the server. The only state we keep is an in-memory rate-limit counter (resets every 24 hours, lost on every restart).
2.3 Free-tier users
If you are not a premium subscriber, the App generates all notification text locally from on-device templates and never contacts our backend. No data of any kind leaves your device through Just Drink!.
2.4 Apple HealthKit integration (optional, premium only)
With your explicit permission, the App can read and write water-intake data to Apple Health on your device. This integration is fully on-device — Apple HealthKit data never reaches our servers and is governed by Apple's own privacy policies. You can revoke access at any time in iOS Settings → Health → Data Access & Devices → Just Drink!.
2.5 Analytics, attribution, and subscription processing
We use the following third-party SDKs embedded in the App to operate the product. Each receives only the data described:
- RevenueCat — handles in-app subscription validation and entitlement state. Receives an anonymous user ID, your subscription product identifiers, and purchase events. RevenueCat Privacy Policy.
- AppsFlyer — measures install attribution and in-app engagement so we can understand which marketing channels and product features work. Receives:
- your IDFA only if you grant permission via the Apple App Tracking Transparency prompt (otherwise IDFA is not transmitted);
- your IDFV (a non-resettable per-vendor device identifier that does not leave the Apple ecosystem);
- your anonymous RevenueCat user ID, so we can join install attribution with subscription events;
- an approximate country/region inferred from your IP address (no precise GPS coordinates);
- in-app product events such as onboarding step completion, drink-log taps, paywall views, plan selections, and subscription outcomes — without any raw drink volumes, timestamps, or personally identifying content.
- Apple App Store / Apple Analytics — Apple may report standard install, crash, and engagement metrics to us based on your privacy choices in iOS Settings → Privacy & Security → Analytics & Improvements. Apple Privacy Policy.
3. What we do not collect
- Your name, email address, postal address, phone number, or any contact information.
- Your precise location (GPS coordinates). We never request the iOS location permission. AppsFlyer infers an approximate country/region from your IP address for attribution — see Section 2.5.
- Your contacts, photos, microphone, camera, calendar, or any system data outside of what's listed above.
- Raw drink-by-drink hydration entries (we send only aggregates to the backend, only for premium users).
- Any biometric or non-hydration health data.
4. Third parties that process data
- OpenAI — only for premium users. Receives the aggregate metrics described in Section 2.2 via our backend, generates short text suggestions, and returns them. Your aggregate metrics are submitted to OpenAI's API in accordance with their API data usage policy; OpenAI does not use API submissions to train models.
- RevenueCat — subscription status processing.
- AppsFlyer — install attribution measurement.
- Apple — App Store distribution, in-app purchase processing, optional HealthKit storage on your device.
- Our hosting provider (the operator of
nf-ai.cyberded.com) — receives the API requests described above. Our backend is stateless: no logs of request bodies are persisted beyond standard short-lived diagnostic logs.
We do not sell or rent your data to anyone, ever.
5. Children's privacy
The App is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has used the App in a way that resulted in data collection, please contact us and we will delete the relevant data.
6. Your rights
Because the App stores almost everything on your device, most rights are exercised directly:
- Access / portability — your hydration log lives in
drinks.jsonin the App's container. You can request a copy or removal by contacting us. - Erasure — uninstalling the App removes the device identifier, hydration log, and settings entirely.
- Withdraw consent — you can disable HealthKit access in iOS Settings, deny the App Tracking Transparency prompt, or unsubscribe at any time.
- Subscription cancellation — manage in iOS Settings → [your name] → Subscriptions.
If you are in the EEA, UK, or California, you also have rights under GDPR / UK GDPR / CCPA respectively. Contact us at the address below to exercise them.
7. Data retention
On-device data is retained until you delete it or uninstall the App. Backend requests are not stored beyond short-lived diagnostic logs (typically rotated within 14 days). Subscription records held by RevenueCat and Apple are retained according to their own policies and applicable laws.
8. Security
All network calls between the App and our backend use HTTPS (TLS). Authentication uses a shared secret embedded in the App binary. We do not maintain a user database, so there is no password to protect. We follow industry standard practices to keep our servers up to date.
9. International data transfers
Our backend may be located outside your country of residence. By using the App you consent to your aggregate metrics being processed wherever our servers are operated, subject to appropriate safeguards.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be communicated through the App or its App Store listing.
11. Contact
Questions about this policy or your data? Email us at support@cyberded.com.
© 2026 Just Drink! — All rights reserved.