Privacy Policy

Vari (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Vari mobile application and website (collectively, the “Service”).

1. Information We Collect

Essential Data (Required for App Function)

• Account information: Email address for account creation and login
• Profile information: Weight and activity level for goal calculation
• Hydration data: Water intake logs, beverage types, and timestamps
• Device information: OS version, device type, and app version for support
• Usage analytics: Feature usage and crash reports (anonymized)

Optional Data (Only If You Choose)

• Calendar access: Event titles and times for Work Mode (read-only)
• Health data: Apple HealthKit or Google Health Connect integration (user-controlled)
• Location: For weather-based goal adjustments (optional)
• Health profile: Self-selected health conditions (CKD, diabetes, pregnancy, heart failure)

What We Do NOT Collect

• Camera or microphone access
• Contact list or phone numbers
• Browsing history outside the app
• Advertising identifiers for ad targeting

2. How We Use Your Information

Your Data Is Used For:

• Personalizing your hydration goals and reminders
• Showing insights, trends, and progress
• Improving app features and reliability
• Anonymized analytics (no personally identifiable information)
• Customer support

Your Data Is NOT Used For:

• Selling to third parties
• Targeted advertising
• Health research (without separate consent)
• Any purpose beyond app functionality

3. Calendar Integration (Work Mode)

When you enable Work Mode, we request read-only access to your Google Calendar or Outlook calendar. This data is:

• Read-only: We only read event titles and times
• Processed locally: Calendar data is processed on your device, not stored on our servers
• Revocable: You can disable calendar access anytime in app settings
• Optional: The app is fully functional without calendar access

4. Health Data

If you choose to connect Apple HealthKit or Google Health Connect:

• Health data is synced only with your explicit permission
• Data is encrypted in transit and at rest
• You control what data is shared and can revoke access anytime
• Health profile selections (e.g., CKD, pregnancy) are user-configured and used solely to customize tracking

5. Data Security

• All data transmitted using TLS 1.3 encryption
• Database encrypted at rest
• No personally identifiable health information (PHI) in analytics
• Regular security audits
• Access controls for internal team members

6. Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication (GDPR compliant)
• Firebase Cloud Messaging: Push notifications
• RevenueCat: Subscription management
• Google Calendar API / Microsoft Graph API: Calendar integration (read-only)
• Apple HealthKit / Google Health Connect: Health data sync
• Vercel Analytics: Website performance monitoring

Each third-party service has its own privacy policy. We are not responsible for their data handling practices.

7. Your Rights

GDPR Rights (EU Users)

• Right to access: Request a copy of your data
• Right to rectification: Correct inaccurate data
• Right to erasure: Request deletion of your data
• Right to portability: Export your data
• Right to object: Opt out of certain processing

CCPA Rights (California Users)

• Right to know what data we collect
• Right to delete your data
• Right to opt-out of data sales (we do not sell your data)
• Right to non-discrimination

8. Data Retention

• Active accounts: Data retained while your account is active
• Inactive accounts: Data retained for 12 months, then deleted
• Deletion requests: All data deleted within 30 days
• Analytics: Aggregated, anonymized data retained indefinitely
• Backups: Automatic backups deleted after 90 days

9. Children's Privacy

Vari is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal data, please contact us immediately at privacy@getvari.app and we will delete the information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us