Legal

Privacy Policy — Aquary

Learn what data the Aquary mobile application collects, how it is used, and how it is protected.

Effective date: July 6, 2026

This Privacy Policy describes how the Aquary mobile application (the "App"), published by Deruvish Labs, LLC ("we", "our", "us"), collects, uses, and protects personal information.

In short: Aquary requires no account, email, password, or phone number. It contains no ads, no third-party analytics, and no tracking. We do not sell your data or share it for marketing.

Data Controller

Data Stored Only on Your Device

Your game progress (fish, decorations, in-game currencies, care values), settings, and sound preferences are stored only on your device. If you never use the social features, no data is sent to our servers at all.

Data Stored on Our Servers If You Use Social Features

When you first open the "Friends" feature, an anonymous record is created on our server to operate the social features:

  • Random device key: An anonymous identifier generated on your device. It is not linked to your name, email address, or any other account.
  • Aquarium name and #TAG: The display name you choose and a randomly generated short tag.
  • Aquarium status summary: Fish species and the nicknames you give them, placed decorations, and care values (such as water and fullness) — so that your friends can visit your aquarium.
  • Friend connections: Connections you establish with one-time invite codes, caretaking permissions, and care journal entries.
  • Block records: A record kept when you block an aquarium.

This data is hosted on Supabase infrastructure on servers in the European region (AWS eu-west-2, London). The App has no search, no discovery, and no matching with strangers; connections are made only through invite codes you share yourself. There is no free-text chat.

Purchase Data

In-app purchases and the Aquary+ subscription are processed by the Apple App Store or Google Play Store. We never have access to your payment details (such as card numbers). We use RevenueCat to validate purchases; RevenueCat processes an anonymous app user ID, product identifiers, transaction records, and subscription status.

Notifications

Notifications are scheduled locally on your device (at most one gentle reminder per day). We do not collect push notification tokens; notification permission is entirely optional and can be turned off in system settings at any time.

What We Do Not Use

  • No ad networks; no advertising identifiers (IDFA/GAID) are collected.
  • No third-party analytics or tracking SDKs.
  • No access to location, contacts, camera, microphone, or photos.
  • Your data is never sold, rented, or shared for marketing.

If this ever changes (for example, optional rewarded ads are added), this policy will be updated and the effective date renewed.

Third-Party Services

  • Apple App Store / Google Play Store — Distribution and payment processing
  • RevenueCat — Purchase validation and subscription management
  • Supabase — Social feature database hosting (EU region)

Legal Bases (GDPR)

  • Performance of a contract: Providing the social features at your request.
  • Legitimate interests: Preventing abuse (e.g., block records) and keeping the service secure.
  • Consent: Where required for hosting data on servers abroad.

Data Retention

  • Social data: Retained until you delete it. You can delete it instantly and permanently in the app via Friends → Delete my data.
  • Purchase records: Retained by the stores and RevenueCat for legally required periods.
  • On-device data: Deleted from your device when you uninstall the App.

Children's Privacy

The App does not knowingly collect personal information from children under 13. By design, the social layer has no matching with strangers, no search, and no chat. If you are a parent or guardian and believe your child has provided us with data, contact us at the address below and we will delete it promptly.

Your Rights

Under applicable data protection laws (including the GDPR), you have the right to access, correct, delete, object to the processing of, and port your data. Use the in-app deletion path, or email contact@deruvishlabs.com with the subject "Aquary Privacy Request." You also have the right to lodge a complaint with your local data protection authority.

Security

Data is encrypted in transit (HTTPS/TLS) and stored on access-restricted infrastructure. No method is 100% secure; we apply reasonable technical and organizational measures.

Changes

We may update this policy from time to time. For material changes, we will update the effective date and provide notice through appropriate means.

Contact

Deruvish Labs, LLC, Sheridan, Wyoming, USA.
Email: contact@deruvishlabs.com

    Privacy Policy — Aquary | Deruvish Labs