Privacy Policy
Effective date: 2026-07-04 · This is the same policy shown inside the AquaVita app.
Overview
This policy explains how AquaVita handles data in the current app. AquaVita tracks hydration, profile, food, tasks, sleep, digestion, subscription, diagnostics, and feedback information so the app can provide its features.
Local encrypted storage
AquaVita stores app data on your device in an encrypted sqflite_sqlcipher database. This includes water events, task entries, task reminder logs, water schedules, active digestion, event journal entries, water metadata, sleep records, user profile data, daily snapshots, food logs, and food correction history. AquaVita may store your optional Today's Activity hydration boost as water metadata in the encrypted local database. This boost is owner-scoped, same-day only, and is cleared on daily rollover. AquaVita does not collect detailed workout notes for this feature and does not sync the boost as a separate Firestore field. The database key is generated on first launch and stored with flutter_secure_storage. AquaVita also stores local legal acceptance metadata on your device (such as accepted Terms and Privacy versions, acceptance time, locale, and app version) while you use the app so it can determine whether updated Terms or Privacy need to be shown again. This metadata stays on your device and is not synced to AquaVita servers. In-app account deletion clears this metadata along with other local app state on the device.
Local reminders and notifications
AquaVita schedules hydration and task reminders as local notifications on your device. AquaVita does not use push notifications or Firebase Cloud Messaging for these reminders. Reminder times, enabled settings, and related scheduling data are stored locally in app preferences and your encrypted database; the operating system stores the scheduled notification requests. Notification text is generic and does not include your task entry names, schedules, or other personal details in the alert.
Authentication and data storage
AquaVita uses Firebase Authentication for anonymous sign-in, Google Sign-In, and Apple Sign-In. Your health and profile data — including profile details, water events, and daily summaries — are stored only on your device in an encrypted database and are not uploaded to our servers or synced to the cloud. An account is optional; you can use AquaVita as a guest.
Firebase App Check
AquaVita uses Firebase App Check with platform integrity providers where available (such as Apple App Attest and Google Play Integrity) to help protect Firebase requests. These providers may send app and device integrity signals to Firebase.
Account deletion
You can delete your account in the app: Profile → About AquaVita → Delete account. Deleting your account removes your on-device encrypted data and other local app state — including profile, water history, daily summaries, onboarding progress, legal acceptance, reminders, and preferences — and deletes your Firebase Authentication account. Because your health and profile data never leave your device, there is no cloud copy to remove. Feedback or support messages you submitted may be retained separately for support, security, abuse prevention, or legal/compliance purposes.
Gemini AI processing
Optional Pro AI meal estimates may use Google Gemini when available in this build. When you use AI food scanning, food photos and image content leave your device and are processed by Google Gemini to estimate meal details. Photos processed for AI food scanning have location and device metadata removed on your device before they leave the app. Your task reminder entries are not sent to Gemini.
Food lookups
Manual food search uses local food results. Barcode lookup can send the barcode to Open Food Facts. Task reminders use only the information you enter manually in the app.
Subscriptions
AquaVita uses RevenueCat through purchases_flutter to load offerings, start purchases, restore purchases, and check customer subscription information. The app uses the returned entitlements to determine Free or Pro access.
Diagnostics
AquaVita uses Firebase Crashlytics to record Flutter, platform, service, provider, API, notification, and subscription errors. These reports help diagnose crashes and failures. Reports contain technical error information only and never include your health records, personal details, or free-text content.
Feedback and support
When you send feedback, AquaVita stores pending feedback locally in encrypted secure storage. AquaVita may also submit the feedback text, category, rating, platform, app version, and timestamp to a write-only Firebase feedback collection. Submitted feedback or support messages may be retained separately for support, security, abuse prevention, or legal/compliance purposes.
Google and Apple sign-in
Google Sign-In and Apple Sign-In are used to authenticate or upgrade an anonymous account. Apple Sign-In requests email and full name scopes. Authentication state is managed through Firebase Auth.
Contact
For privacy or support questions, contact support@aquavita.app.