SpaSyncDownload

Privacy Policy

Effective Date: 22 March 2026

At SpaSync ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://spasync.app) or use the SpaSync mobile application.

We are committed to complying with applicable data protection laws, including the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect information that you voluntarily provide to us, as well as specific technical data required to diagnose issues and provide customer support.

Personal Information (PII)

When you submit a bug report or feature request via our website or mobile app, we collect:

  • Email Address: To communicate with you regarding your support ticket.
  • User Content: The title, description, and any screenshots or images you choose to upload. Please ensure you do not include sensitive personal information in your screenshots.
  • Account ID: If you are logged into the iOS app, we securely collect your SpaSync/Firebase User ID to associate the ticket with your account.

Location Data (Opt-In Only)

If you explicitly choose to enable the "Enhance Time to Heat Estimate" feature, we collect your precise device location (Latitude and Longitude) a single time. We immediately reverse-geocode this to store your City/Locality name. We do not track your location in the background.

Device & Telemetry Data (iOS App Only)

To help us diagnose bugs and improve the app, submitting a support ticket via the iOS app automatically includes temporary diagnostic data:

  • Device Hardware: Device model (e.g., iPhone), screen resolution, and operating system version.
  • App Status: App version, build number, and local timezone.
  • Device State: Connection type (Wi-Fi/Cellular), low power mode status, UI appearance (light/dark mode), and accessibility settings.
  • App Preferences: Your configured SpaSync settings (e.g., temperature units, notification alerts, connection mode).

Subscription Data

When you subscribe to SpaSync Premium, we collect subscription-related information to deliver and improve the app experience:

  • Subscription Status: Whether you have an active Premium subscription.
  • Plan Type: The subscription tier you selected (e.g., monthly or annual).
  • Conversion Source: The specific feature or screen within the app where you initiated the subscription (e.g., paywall, settings, or a particular tab). This helps us understand how users discover Premium and improve the app experience.

Security & Network Data

  • IP Addresses: We temporarily process your IP address in-memory solely for rate-limiting and preventing abuse. IP addresses are not permanently stored in our database.

2. How and Why We Use Your Data

Under the GDPR, we must have a "legal basis" for processing your data. We process your information under the bases of contractual necessity (to provide you with the support you requested) and legitimate interests (to secure our platform and fix app bugs).

We use your data exclusively to:

  • Receive, track, and respond to your bug reports and feature requests.
  • Diagnose technical issues using device telemetry.
  • Prevent spam, bots, and abuse of our support systems.
  • Deliver and restore Premium access across your devices, and use subscription analytics to improve the app experience.
  • To fetch local ambient weather conditions via Apple WeatherKit, allowing us to accurately predict your spa's heating time.

3. How We Store and Secure Your Data

We employ a strict privacy-by-design architecture to keep your data secure. We utilize a "Zero-Footprint" cloud methodology:

  1. Temporary Cloud Storage: When you submit a ticket, your data and images are temporarily encrypted and stored on secure cloud infrastructure hosted by Vercel and Neon (primarily located in the United States).
  2. Permanent Local Storage: Our self-hosted, private servers (located in Australia) periodically retrieve your support tickets from the cloud.
  3. Cloud Data Purge: The moment your ticket is successfully transferred to our private, self-hosted servers, the temporary records in our cloud databases and image storage buckets are permanently and completely deleted.

4. Data Retention

Subscription history is retained for as long as your account is active. This allows us to restore your Premium access across devices and ensure uninterrupted access to Premium features. If you delete your account, we will delete your subscription records in accordance with our data retention policies and applicable law.

5. Third-Party Service Providers

We do not sell, rent, or trade your personal information. We only share necessary data with trusted third-party infrastructure providers to operate the app:

  • RevenueCat: To process in-app subscriptions and manage your Premium entitlement. RevenueCat processes subscription status, plan type, and conversion source data to facilitate subscription verification and analytics.
  • Firebase (by Google): To securely authenticate users, verify API requests, and store data in Firestore. When you enable the "Enhance Time to Heat Estimate" feature, we securely store your saved City and location coordinates in your encrypted Firestore user profile. Subscription data synced from RevenueCat is also stored in Firestore to ensure Premium access across your devices.
  • Vercel & Neon (US): For temporary cloud hosting, serverless execution, and transient database storage.
  • Cloudflare Turnstile: To verify that web form submissions are made by humans. Turnstile does not use tracking cookies.
  • Apple WeatherKit: We securely pass your location coordinates to Apple's native weather service to retrieve current ambient temperatures. Apple does not tie this weather request to your personal Apple ID.

6. International Data Transfers

SpaSync operates primarily out of Australia. By using our app or website, your data may be transferred to, and temporarily processed in, the United States (via our cloud providers) before being permanently stored on our private servers in Australia. We ensure all third-party providers comply with strict global data protection standards.

7. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

  • Right to Access & Portability: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request that we completely delete your support tickets and personal data from our private servers.
  • Notice to California Residents (CCPA): We do not sell your personal information. You have the right to request what data we collect and request its deletion.

To exercise any of these rights, please contact us using the information below.

8. Children's Privacy

SpaSync is not intended for use by children under the age of 13 (or 16 in certain European jurisdictions). We do not knowingly collect personal information from children. If we discover we have inadvertently collected such data, we will delete it immediately.

9. Contact Us

If you have any questions about this Privacy Policy, your data rights, or how we handle your information, please contact us at: