CareSheet ("we," "us," or "our") operates the caresheet.app website and service. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information: When you create an account, we collect your email address for authentication via magic link or Google sign-in.

Pet Information: You may provide pet care details such as feeding schedules, medications, veterinary contacts, emergency contacts, and house rules. This information is stored so you can share it with anyone caring for your pets.

Photos: You may upload pet photos that are stored securely in our cloud storage.

Usage Data: We collect basic analytics on Care Sheet views, including hashed IP addresses (for privacy) and view timestamps, to provide you with view statistics.

Payment Information: If you subscribe to Premium, payment is processed by Stripe. We do not store your credit card number or full payment details. Stripe handles all payment data in accordance with PCI-DSS standards. We receive and store only your Stripe customer ID and subscription status to manage your account.

Local Device Data: CareSheet is a Progressive Web App (PWA). When you visit a Care Sheet, our service worker may cache the page content and pet photos on your device for offline access. Cached pages expire after 24 hours and cached photos after 30 days. This data stays on your device and is not sent back to us. You can clear it at any time through your browser settings.

How We Use Your Information

• To provide and maintain the CareSheet service
• To authenticate your identity and secure your account
• To display your pet's Care Sheet to people you share it with
• To provide Care Sheet view analytics
• To send transactional emails (magic links, collaborator invites)

Data Sharing

We do not sell your personal information. Your pet care information is only visible to:

• You and any collaborators you invite
• Anyone who has access to your Care Sheet link (and password, if set)

We use the following third-party services to operate CareSheet:

• Supabase - authentication, database, and file storage
• Stripe - payment processing for Premium subscriptions
• Vercel - hosting and serverless infrastructure
• Upstash - rate limiting via temporary, hashed IP storage
• Google Play Store - app distribution (Google may collect usage data through the Play Store; see Google's privacy policy)

Each provider processes data in accordance with their own privacy practices. We only share the minimum information required for each service to function.

Data Security

We implement appropriate security measures including SSL encryption for all database connections, row-level security policies, rate limiting on public routes, and scoped storage access. IP addresses in view analytics are hashed and cannot be reversed to identify individuals.

Your Rights

You can access, update, or delete your pet information at any time through My Pets. You can delete your account and all associated data by contacting us. You can revoke Care Sheet access by deactivating or deleting share links.

Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page.

Contact

If you have questions about this Privacy Policy, please contact us at privacy@caresheet.app.