Privacy

Cinna Privacy Policy

Effective date: 2026-05-22

Last updated: 2026-06-12

Cinna is a local-first pet-care app built by Ibex Solutions LLC ("Cinna," "we," "us," or "our"). This Privacy Policy explains what data Cinna collects, how it's used, who it's shared with, and the controls you have over it. It applies to the Cinna mobile app on Android and iOS and the Cinna website at cinna.pet.

Plain-English summary, then the details. If anything below conflicts with the summary, the details win.

The short version

• • Your pet's profile, journal, photos, and care log live on your device. They don't leave it unless you opt into a specific cloud feature.
• • Sync is off by default. If you turn it on, your pet data is backed up to your Cinna account and shared with any co-owners you invite to your household. Photo backup — thumbnails for browsing, plus full-resolution originals for Cinna+ subscribers — is a separate opt-in.
• • When you sign in, we store your email and a Cinna account ID so we can recognize you across devices.
• • Optional AI features (e.g. breed-photo guess, label OCR, weight check) send the relevant photo or text to our server, which forwards it to Anthropic and returns the result. We do not retain the request body.
• • If you subscribe to Cinna+, your purchase is processed by Google Play or Apple. We use RevenueCat to know whether your subscription is active.
• • You can export everything and delete your account from inside the app at any time.

1. Who we are

Cinna is operated by Ibex Solutions LLC, a software studio registered in the United States. Cinna is one of several products we publish; this policy applies only to the Cinna app and cinna.pet.

Contact for privacy questions: contact@cinna.pet

2. Data we collect

2.1 Stays on your device — never sent to our servers by default

• • Pet profile fields (name, breed, weight, date of birth, microchip, vet contact, allergies)
• • Journal entries (meals, walks, play, observations, mood, meds, weight, bathroom logs)
• • Photos you attach to the journal or set as the pet portrait
• • Care events (vaccinations, meds, grooming, vet visits) and reminders
• • Body Condition Score (BCS) and weight log history
• • Pantry items, food products you've added
• • Tool-usage signals that drive in-app personalization

All of the above is stored in a local SQLite database, partitioned by your account so that switching accounts on one device never blends data. If you turn on Sync (Section 2.8, off by default), a copy of this data is also backed up to your Cinna account.

2.2 Account data — required for sign-in

• • Email address — used to send sign-in codes and to identify your account
• • Cinna account ID (a random UUID we assign) — used to attribute your subscription and to recognize you across devices
• • Session tokens — let you stay signed in

Authentication is handled by Supabase. See Supabase Privacy Policy.

2.3 Optional AI features — photos or text sent only when you use them

Several Cinna features ask a large-language model on your behalf. These run only when you tap the feature. The request goes to our FastAPI proxy at api.cinna.pet, which forwards it to Anthropic and returns the response.

• • Triage chat — your typed question + a sanitized summary of your pet's profile
• • Weekly insight + Daily plan — a sanitized snapshot of your pet's recent activity
• • Breed photo identification — one or two photos you choose
• • Ingredient label / vaccine record OCR — the photo you capture
• • Body Condition Score photo estimate — the photo you capture

We do not retain the full request body or the photo on our servers after the response is returned. We log only metadata necessary for rate-limiting and abuse prevention (timestamp, account ID, feature name, response status). Anthropic processes the request per Anthropic's Privacy Policy.

2.4 Subscription data

If you purchase Cinna+, Google Play (Android) or Apple (iOS) processes the payment. We do not see your card or bank details. We use RevenueCat to validate the purchase and track entitlement status. RevenueCat receives your Cinna account ID and the purchase token. See RevenueCat Privacy Policy.

2.5 Diagnostics — optional, off by default in many builds

When enabled, the app sends crash reports and performance traces to Sentry, and aggregate product-analytics events to PostHog. These do not include pet names, photos, journal text, or other personally identifying content. They include device model, OS version, app version, screen name, and the kind of event triggered.

• • Sentry Privacy Policy
• • PostHog Privacy Policy

2.6 Nearby places

The Nearby tab uses your device's location to look up vets, parks, and pet-friendly places. The search is sent to a third-party Places API (Google Places or equivalent) along with a coarse coordinate; results are cached on your device. Your precise coordinate is not stored on our servers.

2.7 Push notifications

Local reminders (care events, daily nudges) are scheduled on your device and do not touch our servers. Remote pushes — used only for account-level events such as subscription updates — are routed through Firebase Cloud Messaging (Android) or Apple Push Notification service (iOS). Payloads do not include pet names, photos, or journal content.

2.8 Optional cloud sync, photo backup & household sharing

Cinna is offline-first. Sync is off by default. If you turn it on (Settings → Sync), a copy of your pet's profile, journal, care log, weight and BCS history, and pantry is backed up to your Cinna account so you can reach it on your other devices and restore it if you reinstall. You can turn Sync off at any time.

Photo backup. Photo backup is optional and off by default. When enabled, your pet photos are stored as private objects in Cloudflare R2 and transferred only over short-lived, single-use signed URLs — thumbnail versions for quick browsing across your devices, and, for Cinna+ subscribers, full-resolution originals up to a per-account storage cap. Free accounts do not back up photos to the cloud; their photos stay on the device. A photo you delete is moved to a Trash that keeps it for 30 days — so you can restore it — before it is permanently removed from your device and our storage.

Household sharing. If you invite someone to your household as a co-owner, the pet records you share are made visible to them so you can care for the same pet together — they can view and edit those shared records. Co-owners are people you choose to invite; we never add anyone for you. You can remove a co-owner, and they lose access to the shared pet going forward.

3. What we never collect

• • Your contacts, calendar, SMS, or browsing history
• • Your precise location outside of an active Nearby search
• • Audio or video recordings
• • Financial account numbers or card data (payment is handled by the platform store)
• • Biometric data
• • Sensitive personal categories (health beyond pet-care notes, religion, sexuality, race, etc.)

4. Third-party services we use

Each service receives only what's strictly required for the function it provides:

• • Supabase — authentication and lightweight cloud sync · privacy
• • Anthropic — large-language-model responses for AI features · privacy
• • RevenueCat — subscription validation · privacy
• • Google Play Billing — Android payment processing · privacy
• • Apple App Store — iOS payment processing · privacy
• • Firebase Cloud Messaging (Android) — remote push delivery · privacy
• • Apple Push Notification service (iOS) — remote push delivery
• • Sentry — crash and performance diagnostics (optional) · privacy
• • PostHog — product analytics (optional) · privacy
• • Cloudflare — content delivery and security for cinna.pet, and private object storage (R2) for synced pet photos · privacy
• • Railway — backend hosting · privacy

If you tap an affiliate link to a retailer (e.g., Amazon, Chewy), you leave Cinna and are subject to that retailer's privacy policy. We do not transmit your account data to the retailer; the link may include a referral identifier that pays Cinna a small commission on any purchase you make there.

5. How we use your data

• • Operate the app: keep you signed in, schedule reminders, render your journal
• • Provide AI features you opt into
• • Validate your Cinna+ subscription and unlock paid features
• • Diagnose crashes and improve reliability (when diagnostics are enabled)
• • Understand which features are used (aggregate, non-identifying analytics)
• • Communicate sign-in codes and important account or service notices
• • Detect and prevent abuse, fraud, or violations of our Terms

We do not sell your personal information. We do not use your data to train AI models. We do not run advertising in the app.

6. Children

Cinna is intended for adult pet owners. It is not designed for or directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at the address above and we will delete it.

7. Your rights and controls

Cinna is built so that you control your data directly from the app:

• • Access and export — Settings → Data export downloads a ZIP containing every row you have logged and every photo on your device.
• • Correction — every screen that displays data also lets you edit it.
• • Deletion — Settings → Delete account permanently removes your account from our servers and wipes your local data. Server-side deletion completes within 30 days.
• • Withdraw consent for AI features — simply stop using those features; no data is sent unless you invoke them.
• • Object or restrict — contact us to ask us to limit how we use your data.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with your local data-protection authority. To exercise any of these rights or ask questions, email contact@cinna.pet.

8. Data retention

• • Local data — kept on your device until you delete it or uninstall the app.
• • Account data on our servers — kept while your account exists. Removed within 30 days of an account-deletion request.
• • AI feature request metadata — kept for up to 90 days for rate-limiting and abuse prevention, then deleted.
• • Subscription receipts — kept for the duration required by applicable tax and consumer-protection laws (typically up to 7 years).
• • Crash and analytics events — aggregated and retained for up to 12 months by the third-party services listed in Section 4.

9. Security

All network traffic to our servers is encrypted in transit using HTTPS/TLS. Authentication tokens are stored in encrypted Android Jetpack DataStore (Android) or Keychain (iOS) on your device. Local databases are protected by your device's standard sandboxing. No system is perfectly secure; if we ever experience a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

10. International transfers

Cinna operates from the United States. If you use Cinna from outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. We rely on standard contractual clauses and the privacy frameworks each provider participates in to protect cross-border transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when changes were made. Material changes will be announced through the app or via email to the address on your account at least 14 days before they take effect. Continued use of the app after the effective date constitutes acceptance of the updated policy.

12. Contact

Questions, requests, or complaints about this Privacy Policy:
Ibex Solutions LLC
contact@cinna.pet

Effective 2026-05-22.