PRIVACY POLICY

Privacy Policy

**Last updated:** September 17, 2025

This Privacy Policy explains how **Thirsty (also known as “WaterTrack”)** (“we,” “us,” or “our”) collects, uses, and protects information when you use our mobile application (the “App”).

---

## 1) What We Collect

- **Account & Identity**: Apple UID (for login). No access to your Apple password.

- **Email for Rewards**: Required if you redeem rewards or enter giveaways; used only for prize delivery and winner contact.

- **Usage Data**: Hydration logs, streaks, scores, timestamps, reminder times.

- **Giveaway Entries**: Records of entries to enforce limits and fairness.

- **Country/Region**: Stored as a code (e.g., “US”, “TR”) from device locale and/or geo-IP for reward tiers. No precise GPS. No full IP retention.

- **Ads/SDKs**: Google AdMob may show contextual ads. No cross-app tracking without permission.

---

## 2) How We Use Information

- Operate core features (hydration tracking, streaks, cooldowns).

- Calculate reward requirements (tiers vary by country).

- Deliver rewards and contact winners.

- Fraud prevention (e.g., country lock, abuse detection).

- Service reliability and analytics (aggregated counts).

---

## 3) Reward Fulfillment & Email

- Rewards (e.g., e-gift cards) are delivered **by e-mail** to the address you provide at redemption.  

- We keep minimal fulfillment logs (proof of delivery) as required for audit or fraud prevention.  

- Apple is **not** a sponsor or involved in reward delivery.

---

## 4) Data Retention

- Kept while your account is active.

- Deleted or de-identified upon account deletion, unless minimal retention is required for compliance or fraud review.

- Backups/logs purge within ~30 days.

---

## 5) Your Rights

- **In-App Deletion**: Settings → Account → Delete Account. Permanently removes your UID, usage data, and reward records.  

- **Email Requests**: support@thirstyapp.org for access, correction, or deletion.  

- **Consent Controls**: Manage notifications in device settings.  

- **Locked Country Code**: Generally not changeable, review requests allowed.

---

## 6) Security

Firebase encryption, access controls, and server-side validation. No method is 100% secure; protect your Apple ID and device.

---

## 7) Children

Not intended for under 13 (or local minimum age). We do not knowingly collect such data.

---

## 8) Health Disclaimer

Supports general wellness tracking, not medical advice.

---

## 9) Regional Disclosures

- **EEA/UK**: GDPR rights (access, rectification, erasure, etc.) apply.  

- **California (CPRA)**: We do not “sell” or “share” data. You may request access or deletion via e-mail or the in-app deletion tool.