Aspen Studio ("we", "us", "our") operates the MewGuard mobile application (the "App") and this website. This Privacy Policy explains what information we handle, why, and the choices and rights you have. It applies globally and includes specific sections for users in the European Economic Area / United Kingdom, the United States, and Taiwan.
Controller: Aspen Studio, Copenhagen, Denmark · [email protected].
1. Summary
You can use MewGuard without creating an account, providing an email address, or otherwise identifying yourself. To support features like saving a cat profile, the App automatically receives an anonymous identifier from our backend when you first launch it; this identifier is not connected to your real-world identity unless you later choose to link an Apple or Google account. We do not use the App to target advertising, build behavioral profiles, or sell personal information.
2. Information We Handle
a) Default use (no account linked)
The first time you open the App, our backend (Firebase Authentication) automatically issues an anonymous user identifier. No personally identifying information is collected at this step. Anything you add yourself — a cat profile, a photo, saved plants or foods, or feedback — is stored against this anonymous identifier and is only readable by your device.
When the App connects to our backend, our service providers automatically log standard technical data such as IP address, request time, App version, device model, and operating system. This is used to operate the service, prevent abuse, and diagnose errors.
b) Optional account linking
The App offers optional sign-in with Apple or Google. Linking an account is not required to use any feature of the App; its purpose is to let you keep your saved data when you change devices. If you choose to link, we receive a Firebase authentication identifier and — depending on what Apple or Google share with us — your name and an email address (which, for Apple, may be a private relay address). You can use the App indefinitely without linking an account.
c) Cat profile and saved items
If you create a cat profile, we store the fields you enter (display name, cat name, cat breed, cat age) and a photo if you upload one. If you save plants or foods, we store the item name, severity, category, and timestamp. This data is associated with your anonymous (or, if you linked one, your Apple/Google-linked) identifier and is only readable by you.
d) Photo library access
Adding a cat photo uses your device's image picker. We only receive the specific image you choose. We never read the rest of your photo library, and we do not access your camera, location, contacts, or microphone.
e) Feedback and missing-plant reports
If you submit feedback or report a missing plant, we receive the message you write and a timestamp. If you have linked an Apple or Google account, the email address from that account is also submitted with the report; if you have not linked an account, no email is submitted. We use this information to fix issues and expand the database.
f) In-app purchases
Premium subscriptions are processed by Apple's App Store. We do not receive your payment details. RevenueCat, our subscription management partner, receives an anonymous device-level identifier and your entitlement status so the App knows whether your subscription is active.
g) Diagnostics
We may receive aggregated, non-identifying diagnostic information such as crash reports and counts of basic actions to improve stability. The App does not currently include third-party advertising or cross-app tracking SDKs, and it does not use Apple's Advertising Identifier (IDFA).
3. Why We Use This Information (Legal Bases for EEA/UK Users)
- Performance of a contract — providing accounts, syncing saved data, and processing purchases (GDPR Art. 6(1)(b)).
- Legitimate interests — securing the service, preventing abuse, and improving stability (GDPR Art. 6(1)(f)).
- Consent — where we ask before enabling optional features such as analytics on this website (GDPR Art. 6(1)(a)).
- Legal obligation — meeting tax, accounting, and lawful-request obligations (GDPR Art. 6(1)(c)).
4. Sharing and Service Providers
We do not sell personal information. We share information only with the service providers we need to operate MewGuard:
- Google (Firebase) — authentication, Firestore database, Cloud Storage, Cloud Functions. Servers are located in the United States (us-central1).
- Apple — Sign in with Apple, App Store purchases.
- RevenueCat — subscription entitlement management.
- Google Analytics (website only) — only when you opt in via the cookie banner on this site.
Each provider acts as our processor or, where they determine purposes of their own, as an independent controller. We may also disclose information when required by law or to protect rights, safety, or our service.
5. International Transfers
Our backend is hosted in the United States. If you are in the EEA or the UK, your information is transferred outside your country. We rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework with our providers, together with technical safeguards such as encryption in transit.
6. Retention
Account-linked data is kept while your account is active. If you delete your account or ask us to delete your data, we will remove it from active systems and from routine backups within a reasonable period. Anonymous diagnostic logs are kept only as long as needed to investigate issues.
7. Your Rights
EEA / UK
You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your supervisory authority. In Denmark this is Datatilsynet (datatilsynet.dk).
United States
Depending on your state, you may have the right to know, access, delete, correct, port, opt out of "sale" or "sharing" for targeted advertising, and to limit use of sensitive personal information. MewGuard does not sell or share personal information for cross-context behavioral advertising. On this website, we treat a browser Global Privacy Control signal as a request to keep analytics off.
Taiwan
Under the Personal Data Protection Act, you may request to review, obtain copies, supplement or correct, stop collection/processing/use, and delete your personal data. See the Taiwan-specific notice in Section 11.
To exercise any right, email [email protected]. We will respond within the period required by applicable law.
8. Security
We use industry-standard safeguards including TLS in transit, encrypted storage at rest provided by our backend vendor, and least-privilege access controls. No system is perfectly secure, and we cannot guarantee absolute security.
9. Children
MewGuard is not directed to children under 13 (or under 16 in jurisdictions where that is the relevant age). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.
10. Cookies and the Website
This website uses a small set of cookies and similar technologies. Analytics are off by default and only loaded after you accept on the banner. See our Cookie Policy for details.
11. Taiwan Notice (個人資料保護法第 8 條告知事項)
- Collecting entity / 機關名稱: Aspen Studio.
- Purpose / 蒐集目的: operating the MewGuard App and website, providing account and subscription features, handling user enquiries, and improving the service.
- Categories of personal data / 個資類別: identifiers (an anonymous Firebase UID issued by default; an Apple or Google identifier and email address only if you choose to link an account), profile data you enter (display name, cat profile fields, optional cat photo), service-use records (saved items, feedback, plant reports), purchase status, and technical data (IP, device, app version).
- Period of use / 利用期間: for the duration of the App or account relationship, plus any period required by law.
- Region of use / 利用地區: Taiwan and any other jurisdiction in which our service providers operate, including the United States and the European Union.
- Recipients / 利用對象: Aspen Studio and the processors listed in Section 4.
- Method of use / 利用方式: automated processing through our App, website, and backend providers.
- Your rights / 當事人權利: to inquire, request review, request copies, request correction or supplement, request cessation of collection/processing/use, and request deletion. Email [email protected].
- Consequence of not providing data / 不提供之影響: you can use the App without an account. If you decline to provide data needed for sign-in, purchase verification, or feedback, those specific features may not be available.
12. Changes
We may update this Privacy Policy. The "Effective date" above will change accordingly. Material changes will be communicated in the App or on this website.
13. Contact
Aspen Studio, Copenhagen, Denmark · [email protected].