Toxic Kitty LogoToxic Kitty

Privacy Policy – Toxic Kitty (v2)

Last updated: January 14, 2026

1. Who we are

This Privacy Policy explains how Toxic Kitty (“Toxic Kitty”, “we”, “us”, “our”) collects, uses, and protects your information when you use our mobile application and website (the “Service”).

If you are in the UK or EU, Toxic Kitty is the data controller of your personal data for the purposes of applicable data protection law (including UK GDPR / EU GDPR).

You can contact us at: support@toxickitty.app

By using the Service, you agree to the practices described in this Privacy Policy and our Terms of Service.

2. What this policy covers

This policy applies to:

  • The Toxic Kitty iOS app
  • Any websites or landing pages we operate for Toxic Kitty
  • Email and support interactions related to Toxic Kitty

It does not apply to third-party websites, app stores, vet services, or partners that you may access via links from our Service. Their own privacy policies will apply.

3. Information we collect

We only collect information that we need to operate, improve, and protect the Service.

3.1 User information

  • Name
  • Email address
  • Login credentials (handled via Firebase Authentication)
  • Location (approximate or precise, depending on your device settings)
  • IP address
  • Device identifiers and OS information
  • Usage analytics (for example, which features are used and how often)
  • Crash logs and diagnostics

3.2 Cat and scan information

  • Cat name, age, breed and other profile details
  • Medical notes and history you choose to add
  • Symptom notes (for example, vomiting, lethargy, behaviour changes)
  • Photos and images you upload for scans
  • Scan history and AI toxicity reports associated with your account

3.3 Technical and inference data

  • Metadata generated during image uploads and scans
  • AI-generated outputs and toxicity assessments
  • Data returned from third-party providers such as Google Vision, OpenAI, Gemini and Firebase Cloud Functions
  • Subscription status and entitlements (via RevenueCat)

We do not intentionally collect financial data ourselves. Purchases are handled by the Apple App Store and RevenueCat; they process payment information on our behalf.

4. How we use your information

We use your information to:

  • Provide and operate the Service
  • Generate toxicity reports and risk assessments for items you scan
  • Store and display your cat profiles and scan history
  • Personalise reports based on your cat’s details and medical notes
  • Improve the accuracy, safety and coverage of our AI models
  • Build and refine our underlying toxicity and ingredients database (in anonymised form)
  • Suggest nearby vets based on location (where enabled)
  • Provide customer support and respond to enquiries
  • Send service-related communications (for example, safety alerts, feature updates)
  • Send marketing communications where permitted (for example, tips, partner offers, promotions)
  • Manage subscriptions and entitlements
  • Monitor for abuse or excessive automated use of “unlimited” scanning features
  • Protect our rights, enforce our Terms, and comply with legal obligations

We do not sell your personal data to third parties.

We may show sponsored content or partner offers within the app or emails, but we do not give your personal details to partners so they can market directly to you without your consent.

5. Legal bases for processing (UK/EU users)

Where UK/EU data protection law applies, we process your personal data under one or more of the following legal bases:

  • Performance of a contract
    • To create and manage your account
    • To provide the core app features you have chosen to use
  • Legitimate interests
    • To operate, maintain and improve the Service
    • To prevent abuse and secure our systems
    • To respond to your enquiries and support requests
    • To understand how the app is used and develop new features
    • To show you relevant (non-intrusive) partner offers and product updates
  • Consent
    • To send certain marketing communications (where required by law)
    • To access your precise location for vet suggestions (if you grant permission)
  • Legal obligations
    • To comply with laws, regulations or lawful requests from authorities

You can object to certain uses of your data based on our legitimate interests – see section 11 (Your rights).

6. How we share your information

We share data only with:

  • Service providers and processors, including:
    • Firebase (Authentication, Firestore/Realtime Database, Storage, Cloud Functions, Analytics)
    • Google Vision API (image recognition)
    • OpenAI / Gemini API (AI assessments and text generation)
    • RevenueCat (subscription and purchase management)
  • Analytics and diagnostics providers to improve app performance
  • Authorities or regulators, if required by law or to protect our rights, users, or others (for example, to respond to lawful requests, court orders, or legal processes)
  • Potential buyers or investors, in the context of a business transaction (for example, a merger or sale), under appropriate confidentiality safeguards

We do not sell your personal data for third-parties’ own marketing purposes.

We may use anonymised and aggregated data (which does not identify you) to:

  • Train and improve our AI models
  • Expand and refine the toxicity and ingredient database
  • Understand common risks and usage patterns
  • Support research and product insights

Once data is anonymised and aggregated, it can no longer be linked to you and is not treated as personal data.

7. Cookies, tracking and advertising

If you visit our website or web-based landing pages, we may use:

  • Cookies and similar technologies to remember preferences, secure the site and understand usage
  • Analytics tools to see which pages are visited and how often

In the app, we may use SDKs from vendors (such as Firebase or RevenueCat) that collect similar information about usage and performance.

If we introduce advertising or sponsored content, we may use in-app identifiers and analytics to ensure any ads are relevant and to measure effectiveness. We do not allow third parties to directly collect your name, email or cat medical notes for their own independent use.

Most browsers and devices allow you to control cookies and tracking technologies via settings. Disabling certain cookies may affect the functionality of our website.

At this time, our website and app do not respond to “Do Not Track” signals.

8. International transfers

Our service providers may process data in different countries, including outside the UK and European Economic Area (EEA).

Where we transfer personal data internationally, we take appropriate steps to ensure it is protected, for example:

  • Using standard contractual clauses approved by the European Commission or UK authorities
  • Ensuring providers are subject to adequate data protection safeguards

By using the Service, you understand that your data may be processed in countries with different data protection standards, but we will always protect it as described in this policy.

9. Retention: how long we keep your data

We keep your personal data only for as long as necessary to:

  • Provide the Service and maintain your account
  • Meet our legal, accounting and reporting obligations
  • Resolve disputes or enforce our agreements

In general:

  • Your account and cat profiles are retained while your account is active
  • Scans and associated data are retained while connected to your account
  • Support communications are kept for a reasonable period to assist with follow-up and records

When you delete your account or request deletion:

  • Your account details are removed
  • Cat profiles are deleted
  • Scans and personal data in our active systems are deleted or anonymised

However:

  • Anonymised and aggregated data already derived from your scans (for example, item/ingredient-level toxicity patterns with no user identifiers) may be retained, as it cannot be linked back to you.

10. Children’s privacy

The Service is intended for users aged 16 and over.

We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it as soon as reasonably possible.

If you believe a child has provided us with personal data, please contact support@toxickitty.app.

11. Your rights (especially UK/EU users)

Depending on where you live, you may have some or all of the following rights:

  • Access – to request a copy of the personal data we hold about you
  • Rectification – to correct inaccurate or incomplete personal data
  • Erasure – to ask us to delete your personal data in certain circumstances
  • Restriction – to ask us to restrict processing in certain circumstances
  • Portability – to receive certain data in a structured, commonly used format or have it transferred to another controller
  • Object – to object to processing based on our legitimate interests, including profiling
  • Withdraw consent – where we rely on consent, you can withdraw it at any time

To exercise your rights, contact us at support@toxickitty.app from the email address linked to your account and clearly describe your request.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

12. Security

We use a range of technical and organisational measures to protect your data, including:

  • Encryption in transit and at rest where appropriate
  • Access controls and authentication
  • Logging and monitoring for suspicious activity

No system is completely secure, and we cannot guarantee absolute security of your data. However, we work to keep our systems and your information as safe as reasonably possible.

You are responsible for keeping your device secure and your account credentials confidential.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to the Service
  • Legal or regulatory developments
  • Improvements in how we explain our practices

When we make significant changes, we may notify you via the app, by email, or on our website. The “Last updated” date at the top of this page shows when it was last revised.

14. Contact us

For questions, requests or concerns about this Privacy Policy or your personal data, you can contact us at:

Email: support@toxickitty.app
Subject line: “Privacy enquiry”