← Litterboxer

Privacy Policy

Last updated: April 16, 2026

Litterboxer (the “app”) is operated by Bradford Operations LLC (“we”, “us”), a US company. This policy explains what personal data we collect, the legal basis on which we process it, how long we keep it, and the rights you have. Contact us at any time via our contact form.

1. Data we collect

Account information

Email address, chosen username, display name, and a bcrypt-hashed password (for email sign-up). For Sign in with Apple or Sign in with Google we store an opaque subject identifier issued by those providers so we can recognize you on return visits. If you grant a profile picture, we store a URL to it.

Content you post

Cats you add, photos, reviews, ratings, tags, comments, wishlist entries, diary entries, follow relationships, likes, and reports you file.

Device and log information

iOS device token for push notifications, app version, and the IP address and user-agent of your requests (used for rate limiting, abuse detection, and the contact form). We do not use third-party analytics cookies on our website. Inside the iOS app we use PostHog product analytics, which you can disable from Settings → Privacy → Analytics at any time.

Purchase information

Pro subscriptions are processed by Apple. We receive a transaction identifier and expiration date from Apple so we can grant Pro features. We never see your payment card.

Age confirmation

We record the timestamp at which you confirmed you meet our minimum age (13). When you sign up with Apple or Google, we treat the age-gate on those accounts as sufficient confirmation.

2. Legal basis for processing (EU/UK GDPR)

  • Contract (Art. 6(1)(b)): creating your account, delivering features you requested, processing your Pro subscription.
  • Legitimate interest (Art. 6(1)(f)): rate limiting, fraud prevention, photo moderation, aggregated product analytics, keeping the service secure.
  • Consent (Art. 6(1)(a)): optional product analytics on the website and in the iOS app. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): responding to lawful requests from authorities.

3. How long we keep it

  • Account data: until you delete your account, at which point all personal data is deleted within 30 days (some data may be retained briefly in encrypted backups).
  • Photos, reviews, comments, diary entries: until you delete them or delete your account.
  • Rejected photos (failed moderation): deleted immediately, never stored.
  • Contact form messages: 90 days after resolution.
  • API usage logs (AI spend tracking): 90 days.
  • Notifications: 90 days.
  • Moderation reports: 2 years after the report is resolved, for audit purposes.
  • Rate-limiting records: ephemeral, retained no longer than operationally needed.

4. Third-party processors

We rely on the following providers. Each processes data on our behalf under a Data Processing Agreement and publishes Standard Contractual Clauses for transfers out of the EU/UK:

  • Vercel (US): web and API hosting.
  • Neon (US): managed PostgreSQL database.
  • Cloudflare R2: photo storage.
  • Upstash (US): Redis for rate limiting.
  • Apple: Sign in with Apple, push notifications, subscription billing.
  • Google: Sign in with Google; Gemini API for automated photo moderation (every uploaded photo is sent to Gemini and then discarded after the check).
  • Anthropic: Claude API for optional AI breed analysis (only when a Pro user invokes the feature).
  • PostHog: product analytics (only if you opt in).
  • Slack: internal channel where contact-form messages are mirrored to our team.

5. International data transfers

Our servers and processors are primarily located in the United States. If you are in the EEA, UK, or Switzerland, your data is transferred to the US under Standard Contractual Clauses published by the European Commission, together with supplementary safeguards (encryption in transit and at rest, access controls). Copies of the clauses are available from each provider; we’re happy to point you at them on request.

6. Your rights

You have the right to:

  • Access and portability: download all your data as JSON from Settings → Privacy → Download my data in the iOS app, or by contacting us.
  • Rectification: edit your display name, username, bio, avatar, and email from Settings at any time.
  • Erasure: delete your account from Settings → Account → Delete Account. Your data is removed within 30 days.
  • Restriction and objection: disable product analytics; make your profile private; block other users; contact us to pause processing while a request is reviewed.
  • Consent withdrawal: turn off analytics in Settings, or decline the cookie banner on the web.
  • Lodging a complaint: you may lodge a complaint with your local data protection authority. For UK users, this is the ICO.

To exercise any of these rights, use the contact form and we’ll respond within 30 days.

7. Photo moderation

Every photo you upload is automatically checked by an AI model for two things: whether it contains a cat, and whether it is appropriate for a general-audience app. Photos that fail either check are deleted immediately and never stored in our database or blob storage.

8. California residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights, regardless of whether we are subject to the CCPA:

  • Right to know what categories of personal information we collect about you. Categories: identifiers (email, username), internet activity (IP, device), commercial information (subscription status), and user-generated content.
  • Right to delete your personal information — use the delete-account flow in Settings.
  • Right to correct inaccurate information — use Settings to edit.
  • Right to opt-out of sale or sharing. We do not sell or share your personal information, as those terms are defined under California law.
  • Right to non-discrimination for exercising any of the above.

We do not use your data for cross-context behavioral advertising. To exercise these rights, contact us via the contact form.

9. Children

Litterboxer is rated 13+ and is not intended for children under 13. We do not knowingly collect personal information from children under 13. EU member states may apply a higher minimum of 16 for consent-based processing; in those jurisdictions, parental consent is required for users under that age. If you believe a child below our minimum age has created an account, reach us via the contact form and we’ll delete the account promptly.

10. Security

TLS for all data in transit, AES-at-rest via Neon and Cloudflare R2, bcrypt for passwords, TOTP-based two-factor authentication for administrators. No system is perfectly secure; we follow a documented incident response procedure and will notify affected users and regulators when required by law (within 72 hours under GDPR).

11. Changes

We may update this policy. Material changes will be announced in the app. The “Last updated” date at the top of this page always reflects the current version.

12. Contact us

All requests, questions, and data-subject rights requests go through our contact form. We aim to reply within 30 days.

Bradford Operations LLC · New York, NY, USA