Privacy Policy

1. Definitions

“TankForge,” “we,” “us,” and “our” refer to the operator of the TankForge Service. “You” and “your” refer to the individual using the Service. “Service” means the TankForge iOS app, web app, website, and any related APIs.

2. Information we collect

Account data. When you create an account we collect your email address, username, and authentication metadata. If you sign in with Apple or Google, we receive a provider-specific user identifier and, if you authorize it, your email address. We do not receive or store your Apple or Google password.

Subscription and billing data. If you subscribe to TankForge Pro, your payment is processed by Apple (App Store In-App Purchase), Google (Google Play), or Stripe (web). We store a transaction identifier, subscription status, plan type, and expiration date. We do not receive or store full credit card numbers, bank account numbers, or billing addresses. Stripe may store a customer identifier on our behalf; Apple and Google process payments entirely within their own systems.

App data. Tanks, species preferences, water parameters, livestock records, maintenance logs, journal entries, equipment, treatment plans, settings, and shared tank snapshots you create within the Service.

Device and security data. App version, device model, operating system version, push notification tokens, device registration identifiers, and basic request metadata (IP address, user agent, request path, and timestamp). On iOS we use Apple DeviceCheck and device attestation to verify that requests come from a genuine device. This process transmits a device-generated public key and a signed challenge to our server; it does not fingerprint or track you across apps.

Operational telemetry. We log API request metadata (method, path, status code, response time, and truncated IP address) for security monitoring, abuse prevention, and reliability.

Website attribution and product-improvement telemetry. When you visit TankForge public website pages, we may collect first-party attribution and interaction data such as tagged campaign parameters (for example utm_source, utm_medium, and utm_campaign), referrer host, landing page, public-site click paths, checkout-start metadata, truncated IP address, user agent, and inferred browser, operating system, device class, and country. We use this data to understand which campaigns and pages drive visits, sign-ups, Pro checkout creation, and App Store, Google Play, or web-app handoffs. We do not use third-party advertising pixels, cross-site tracking scripts, or data broker enrichment.

3. Device-local features and optional feedback

Certain optional features access device capabilities locally. TankAI answers are generated on your device using bundled TankForge aquarium logic, curated care content, local catalog retrieval, and supported on-device model features.

• Location (Weather Alerts). If you enable Weather Alerts, TankForge requests your approximate (non-precise) location to query Apple WeatherKit for local weather conditions that could affect your aquariums. Your coordinates are sent only to Apple WeatherKit on your device and are never sent to TankForge servers. Location data is not stored, logged, or tracked. You can revoke location access at any time in iOS Settings.
• Calendar (Calendar Sync). If you enable Calendar Sync, TankForge reads and writes maintenance schedule events to your on-device calendar using Apple EventKit. Calendar data stays entirely on your device and is managed by iOS. TankForge does not upload, log, or transmit any calendar data to our servers.
• TankAI. TankAI questions and responses are not sent to TankForge servers for answer generation. If you tap thumbs up or thumbs down on a TankAI response, TankForge may receive your feedback value, a limited query and response preview, platform and app version, response type/source metadata, matched article identifiers, and optional correction text so we can improve answer quality.
• Camera (Test Strip Scanner). If you use the Test Strip Scanner, TankForge accesses your device camera or photo library to capture an image of your test strip and optionally your bottle color chart. All color analysis happens entirely on your device. Camera images are processed in memory only and are not stored by the app after the scan completes. Images are never transmitted to TankForge servers or any third party. Photos selected from your library are accessed in-memory only and are not re-saved or modified.
• Line-item photo attachments. If you attach a cover photo to supported tank line items such as filters, heaters, lighting, livestock, plants, coral, macroalgae, or equipment, TankForge stores the imported photo on your device and, when iCloud Drive is enabled, in your personal iCloud Drive app container. These line-item photos are not uploaded to TankForge servers. TankForge re-encodes imported line-item photos before saving them, which strips location metadata from the stored copy. If iCloud Drive is unavailable, the photo stays on that device until iCloud Drive is enabled.

These features are optional, device-dependent, or require you to actively initiate them. Location and Calendar require your explicit opt-in. Test Strip Scanner and line-item photo attachments require you to deliberately select or capture an image. Disabling a feature stops future related data access.

4. How we use information

• Provide, operate, and sync core app functionality across your devices.
• Authenticate your identity and protect account and platform security.
• Process and manage subscriptions and communicate with payment processors.
• Send transactional communications such as email verification and optional push notifications you enable.
• Detect and prevent abuse, fraud, and unauthorized access.
• Diagnose bugs, monitor performance, and improve the Service.
• Measure the performance of first-party marketing campaigns, landing pages, and public-site conversion paths.

5. Product guidance and no professional advice

TankForge provides informational guidance only. We strive for accuracy, but we do not guarantee that recommendations, alerts, compatibility outputs, medication guidance, care plans, TankAI responses, or other content are complete, current, or 100% accurate. TankForge does not provide veterinary, medical, emergency, or life-safety services. Always verify care, treatment, and dosing information against reliable sources and manufacturer labels before acting.

6. Legal bases for processing

Depending on your location, we process personal data based on: (a) performance of the contract between you and TankForge (providing the Service); (b) legitimate interests such as security, fraud prevention, and reliability; (c) your consent where required by law; and (d) compliance with legal obligations.

7. Cookies and local storage

The TankForge web app uses a small number of strictly functional cookies to maintain your authenticated session and protect against cross-site request forgery (CSRF). These are:

• tf_web_access — short-lived access token cookie (HttpOnly, Secure, SameSite=Lax).
• tf_web_refresh — longer-lived refresh token cookie (HttpOnly, Secure, SameSite=Lax, 30-day expiry).
• tf_web_csrf — CSRF protection token (HttpOnly, Secure, SameSite=Lax).

We also use limited first-party browser storage on public website pages to avoid double-logging the same tagged visit and to associate follow-on clicks with the same short-lived browsing session. This storage is used only within TankForge-owned pages and is not shared across unrelated websites.

We do not use advertising cookies, third-party analytics cookies, third-party pixels, or cross-site tracking cookies. We do not participate in ad networks or cross-context behavioral advertising.

8. Data sharing

We do not sell, rent, or trade your personal data. We do not share personal data for advertising purposes.

We may share data with the following categories of service providers, subject to contractual data-processing safeguards:

• Infrastructure providers — hosting, database, and content delivery services that store and process data on our behalf.
• Payment processors — Apple, Google, and Stripe process subscription payments. Each processor receives only the data required to complete the transaction and is subject to its own privacy policy.
• Communication providers — Apple Push Notification service (APNs) for push notifications, and email delivery providers for transactional email.

We may also disclose data when required by law, regulation, legal process, or enforceable government request, or to protect the rights, property, or safety of TankForge, our users, or the public.

9. Shared links and public visibility

If you create a share link, anyone with that link may view the shared tank snapshot until the link expires or is deleted. Share links should be treated as public URLs. You control when to create and revoke them.

10. Data retention

We retain account and app data for as long as your account is active. Operational security logs and first-party website attribution events are automatically deleted after their configured retention period, typically no longer than 90 days depending on event type. Endpoint performance metrics are retained for 14 days. Limited billing, subscription, or payment-related records may be retained where needed to support disputes, compliance obligations, or processor requirements.

When you request account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law, necessary to resolve disputes, or needed for fraud prevention. For step-by-step deletion instructions, see Delete Your TankForge Account.

11. Security

We use technical and organizational safeguards to protect your information, including encrypted connections (TLS), hashed credentials, HTTP security headers, rate limiting, CSRF protection, and access controls. No system can guarantee absolute security.

12. Your choices and rights

Depending on your jurisdiction you may have rights to access, correct, delete, port, or restrict processing of your personal data. To exercise any right, email [email protected] from your account email address. We will respond within 30 days (or the shorter period required by your local law).

• Access and correction. View and update account information in the app, or request a copy of your data by contacting support.
• Deletion. Request account deletion through the app when available or by contacting support. We will delete or anonymize your data within 30 days, subject to legal retention requirements. See Delete Your TankForge Account for the current deletion steps.
• Data portability. You may export tank data from within the app.
• Push notifications. Disable push notifications at any time in iOS Settings.
• Do Not Sell or Share. We do not sell or share personal data for cross-context behavioral advertising. No opt-out action is required because no such sharing occurs.

13. Children

The Service is not directed to children under 13 (or a higher age where required by local law, such as 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it promptly.

14. International transfers

Your data may be processed in countries other than your own, including the United States. We apply safeguards as required by applicable law, including standard contractual clauses where applicable.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the revised policy with a new effective date and, where required by law, notify you by email or in-app notice before the changes take effect. Your continued use of the Service after the updated policy becomes effective constitutes acceptance.

16. Contact

Privacy questions or data requests: [email protected]