Privacy Policy
1. Introduction
Studio Apricity ("we," "us," or "our") operates the Gaitkeeper application (the "App"), a dog show management tool that helps exhibitors track shows, results, championship points, health documents, and more.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read it carefully. By using Gaitkeeper, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information You Provide Directly
When you use Gaitkeeper, you may provide:
- Account Information: Email address, name, and password (stored as a bcrypt hash — we never store your actual password)
- Experience Level: Your self-reported experience with dog showing
- Registry Preferences: Which kennel clubs you participate in (AKC, UKC, etc.)
- Dog Profiles: Registered names, call names, breeds, dates of birth, registration numbers, titles, and photos
- Show Information: Show names, dates, locations, results, points, judges, and related notes
- Media: Photos, videos, and voice notes you upload
- Health Documents: Vaccination records, health certificates, and other documents
- Expense Data: Show-related expenses you choose to track
- Judge Notes: Personal notes about judges
- Journal Entries: Personal notes and memories about shows
- Payment Information: Processed securely through Stripe — we never see or store your full card number
- Support Communications: Messages you send us for help or feedback
Information Collected via Google Sign-In
If you choose to sign in with Google, we receive the following information from your Google account through Google's OAuth 2.0 authentication service:
- Email address: Used as your account identifier and for transactional communications
- Display name: Used to personalize your experience within the App
- Profile photo URL: Used to display your avatar within the App
We access this data solely to create and maintain your Gaitkeeper account. We do not request access to your Google contacts, Google Drive, Gmail, Google Calendar, or any other Google services beyond basic profile information. We do not store your Google access tokens beyond the authentication session.
Information Collected Automatically
When you use the App, we may automatically collect:
- Device Information: Device type, operating system, browser type, and screen resolution
- App Version: Which version of Gaitkeeper you are using
- Session Duration: How long you use the App per session
- Crash and Error Data: Technical information when errors occur, collected via Sentry to help us fix bugs
- IP Address: Collected by our hosting infrastructure for security and rate-limiting purposes
Information We Do NOT Collect
- We do not collect your precise or approximate location
- We do not access your contacts, messages, or other apps
- We do not collect browsing history outside the App
- We do not collect biometric data
- We do not use advertising identifiers or tracking IDs
- We do not access your camera or microphone except when you explicitly choose to upload media within the App
3. How We Use Your Information
We use your information to:
- Provide App Functionality: Store your dogs, shows, results, points, media, and notes
- Authenticate Your Account: Verify your identity via email/password or Google Sign-In
- Process Payments: Manage your subscription through Stripe
- Send Notifications: Entry deadline reminders, health document expiration alerts, and optional summaries (with your permission)
- Improve the App: Understand usage patterns and fix bugs using aggregated, anonymized data
- Communicate With You: Respond to support requests, send important service updates
- Maintain Security: Detect and prevent fraud, abuse, and unauthorized access
Google user data (email, name, profile photo) is used only for account authentication and personalization within the App. We do not use Google user data for advertising, analytics targeting, or any purpose unrelated to providing App functionality.
4. How We Share Your Information
We DO NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not share your data with data brokers. Ever.
Service Providers
We share data with service providers who help us operate the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All app data (encrypted at rest) |
| OAuth authentication (Sign in with Google) | Authentication tokens (session only) | |
| Netlify | App hosting and CDN | IP address, request headers |
| Stripe | Payment processing | Email, subscription status |
| Sentry | Error tracking and crash reporting | Error details, device info (no personal data) |
| OneSignal | Push notifications | Device token, notification preferences |
| Resend | Transactional email | Email address, email content |
These providers are contractually obligated to protect your information and may only use it to provide services to us.
Google user data is not shared with any third parties except as necessary for authentication through Supabase (our authentication provider). Google user data is never shared for advertising, analytics, or marketing purposes.
Co-Owners You Authorize
If you share a dog's profile with a co-owner or breeder, they will see the information you explicitly grant them access to. You control these permissions and can revoke access at any time.
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
Business Transfers
If Studio Apricity is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide at least 30 days' notice before your information becomes subject to a different privacy policy.
5. Data Storage and Security
Where Your Data is Stored
Your data is stored on servers in the United States via Supabase (powered by AWS). Media files are stored via Supabase Storage. The App itself is served via Netlify's global CDN.
How We Protect Your Data
- In Transit: All data is encrypted using TLS 1.3
- At Rest: Database encrypted using AES-256-GCM
- Passwords: Hashed using bcrypt (we never store plaintext passwords)
- Row Level Security: Database policies ensure users can only access their own data
- Rate Limiting: API endpoints are rate-limited to prevent abuse
- EXIF Stripping: Photo metadata (location, camera info) is removed on upload
- Error Sanitization: Internal error details are never exposed to users
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovering the breach (per GDPR requirements)
- Provide details about what information was affected
- Describe the steps we are taking to address the breach
- Recommend actions you can take to protect yourself
- Report to relevant supervisory authorities as required by law
7. Data Retention
We retain your data according to the following schedule:
| Data Type | Retention Period |
|---|---|
| Active account data | As long as your account is active |
| Deleted items (dogs, shows, etc.) | 30 days (recoverable), then permanently deleted |
| Account after deletion request | 90-day grace period, then permanently deleted |
| Expired subscription data | Retained in read-only mode for 90 days, then archived |
| Payment records | 7 years (legal/tax requirements) |
| Error logs | 90 days |
| Support communications | 2 years after resolution |
8. Your Rights and Choices
All Users
- Access & Export: Export a complete copy of all your data at any time (Settings → Export Data). Exports include dogs, shows, results, photos, videos, notes, and expenses.
- Correction: Update or correct any information in your account through the App.
- Deletion: Delete your account and all associated data (Settings → Delete Account). After a 90-day grace period, deletion is permanent and irreversible.
- Data Portability: Your exported data is in standard JSON format that can be used with other services.
- Communications: Control notification preferences in Settings. Opt out of all non-essential communications at any time.
- Revoke Google Access: You can revoke Gaitkeeper's access to your Google account at any time through your Google Account permissions. Revoking access will not delete your Gaitkeeper account, but you will need to use email/password to sign in.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell your personal information, but you may submit a request at any time
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Limit Use of Sensitive Information: We only use sensitive personal information as necessary to provide the App
To exercise these rights, contact us at gaitkeeper.app@gmail.com. We will respond within 45 days as required by law.
EU/EEA/UK/Swiss Residents (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR:
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Legal Bases for Processing (GDPR)
We process your data under the following legal bases:
- Contract Performance: Processing necessary to provide the App and fulfill our Terms of Service
- Legitimate Interests: Improving the App, preventing fraud, maintaining security
- Consent: Push notifications, optional communications, analytics
- Legal Obligation: Tax records, breach notifications, law enforcement requests
International Data Transfers
Your data is stored in the United States. For users outside the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data. You may request a copy of these safeguards by contacting us.
Other Jurisdictions
We respect privacy rights under other applicable laws, including Brazil's LGPD, Canada's PIPEDA, Virginia's VCDPA, Colorado's CPA, and Connecticut's CTDPA. If you are a resident of these jurisdictions and wish to exercise your rights, please contact us.
9. Children's Privacy
Gaitkeeper is not intended for children under 13 years of age. We require users to confirm they are at least 13 years old during account creation.
We do not knowingly collect personal information from children under 13. We do not collect date of birth for age verification — instead, we require an affirmative age confirmation during signup.
If you are a parent or guardian and believe your child under 13 has created an account or provided personal information to us, please contact us at gaitkeeper.app@gmail.com. We will promptly delete the account and all associated data.
10. Cookies and Tracking
Gaitkeeper uses only essential cookies and local storage:
- Authentication Token: Required to keep you signed in (Supabase auth)
- App Preferences: Accessibility settings, UI preferences (stored in localStorage)
- Security: CSRF protection tokens
We do not use advertising cookies, analytics cookies, or third-party tracking pixels. We do not participate in ad networks or cross-site tracking.
11. Third-Party Links
The App may contain links to third-party websites (such as AKC.org, UKCdogs.com, superintendent websites, or Stripe's payment portal). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the version number and "Last Updated" date at the top of this page
- For material changes, we will provide at least 30 days' notice via in-app notification or email before the changes take effect
- If changes require re-consent under applicable law, we will ask for your explicit agreement before continuing to process your data under the new terms
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes become effective constitutes acceptance of the updated policy.
13. Google API Services Disclosure
Gaitkeeper's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request access to Google user data that is necessary for the App (basic profile information for authentication)
- We do not use Google user data for serving advertisements
- We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or for our internal operations (and the data is aggregated and anonymized)
- We do not transfer Google user data to third parties except as necessary to provide or improve the App, to comply with applicable laws, or as part of a merger/acquisition with at least 30 days' prior notice
14. Apple App Store & Google Play Disclosures
Apple App Store Privacy Labels
Data linked to your identity:
- Contact Info: Email address, name
- User Content: Photos, videos, other user content
- Identifiers: User ID
Data NOT collected:
- Location, contacts, browsing history, search history, diagnostics linked to identity, advertising data, health/fitness data
Google Play Data Safety
- Data collected: Email, name, photos/videos, app activity, crash logs
- Data shared: Not shared with third parties for advertising or marketing
- Security: Data encrypted in transit and at rest
- Deletion: Users can request data deletion through the App
15. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, contact us:
Studio Apricity
Email: gaitkeeper.app@gmail.com
For GDPR-related inquiries, you may also contact your local data protection authority.
Disclaimer
Gaitkeeper is an independent application and is not affiliated with, endorsed by, or officially connected to the American Kennel Club (AKC) or United Kennel Club (UKC).
AKC® and United Kennel Club® are registered trademarks of their respective organizations.
We built Gaitkeeper for exhibitors like you, and protecting your data is core to earning and keeping your trust.