Privacy Policy

1. Introduction

Everkin ("we," "our," or "us") is operated by Ghost Labs LLC, a New York limited liability company. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use the Everkin mobile application, the everkin.io website, and all related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

This Privacy Policy should be read together with our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address
• Display name
• Password (stored as a salted hash; we never store plaintext passwords)
• Profile photo/avatar (optional)

Pet Health Data:

• Pet profiles (name, species, breed, date of birth, sex, microchip number)
• Weight measurements and history
• Glucose readings
• Symptom logs (type, severity, notes)
• Medication records (name, dosage, frequency, start/end dates)
• Allergy and medical condition records
• Seizure logs
• Bathroom/elimination logs
• Feeding records (food type, amount, schedule)
• Grooming records
• Activity logs and notes
• Veterinary visit records
• Pet photos and note-attached images

Household and Social Data:

• Household membership and roles
• Household invitations (inviter, invitee email, status)
• Caregiver access grants and permissions

Veterinary Clinic Data:

• Clinic name, address, phone number, and website (when you manually add a clinic)

2.2 Information Collected Automatically

Device and Usage Information:

• IP address (logged during authentication events and email verification)
• User-Agent string (browser/device identifier, logged during authentication events)
• App version and operating system version

Authentication Audit Logs:

• Timestamps of login events
• IP address and User-Agent string at time of authentication
• Authentication method used (email/password, Google, Apple)

2.3 Information from Third-Party Authentication

If you sign in using Google or Apple Sign-In, we receive your name (as configured in your Google/Apple account), your email address, and a unique account identifier from the provider. We do not receive or store your Google or Apple password.

2.4 Information We Do NOT Collect Server-Side

Voice and Microphone Data: The Service may offer optional voice input for notes using Apple's on-device speech recognition. Audio is processed entirely on your device and is never transmitted to our servers. Only the resulting transcribed text is stored if you choose to save it.

Precise Location Data: The Service may request "when in use" location access solely to help you search for nearby veterinary clinics (via Apple Maps). We do not transmit, store, or log your location on our servers. Location processing occurs on-device through Apple's MapKit framework.

3. How We Collect Information

• Direct Input: Information you enter into the app (pet records, account details, notes).
• Automatic Collection: Technical data collected automatically when you interact with the Service (IP addresses, User-Agent strings during authentication).
• Third-Party Authentication: Profile data provided by Google or Apple when you use their sign-in services.
• Marketing Site: The everkin.io website may collect analytics data through cookies and similar technologies (see Section 15).

4. How We Use Your Information

We use the information we collect to:

• Operate the Service: Create and manage your account, store and display your pet health data, enable Household sharing and Caregiver access.
• Provide Features: Generate health timelines, track weight trends, display medication schedules, and support all core app functionality.
• Communicate with You: Send transactional emails (account verification, password resets, Household invitations), and optional product updates or newsletters (which you can unsubscribe from at any time).
• Ensure Safety and Security: Detect and prevent fraud, abuse, and unauthorized access; enforce our Terms of Service; comply with legal obligations.
• Improve the Service: Analyze aggregated usage patterns to fix bugs, improve features, and develop new functionality.
• AI/ML Improvement: Use anonymized, aggregated data to train and improve machine learning models (see Section 5 for details and opt-out).

5. AI and Machine Learning Data Usage

5.1 Anonymization Process

Before any data is used for AI/ML purposes, we apply an irreversible anonymization process that removes all personally identifiable information (names, email addresses, account IDs) and all pet-identifying information (pet names, microchip numbers). The resulting anonymized dataset cannot be linked back to any individual user or pet.

5.2 Aggregated Data Use

We may use anonymized, aggregated data to:

• Train machine learning models that improve health insight features;
• Identify general trends in pet health (e.g., common symptom patterns across breeds);
• Develop new features and improve existing ones;
• Conduct internal research.

5.3 No Personal Data in Model Training

We will not use your personal data, or individually identifiable pet data, to train AI/ML models without your explicit opt-in consent. Only anonymized, aggregated data is used.

5.4 Opt-Out

You may opt out of having your anonymized data used for AI/ML training at any time through your account settings in the app or by emailing privacy@everkin.io. If you opt out, we will exclude your data from future anonymization and model training processes within 30 days. Data that has already been anonymized and incorporated into trained models cannot be retroactively removed (because it is no longer identifiable).

6. How We Share Your Information

6.1 We Never Sell Your Data

We do not sell, rent, or trade your personal information or pet data to third parties. Period.

6.2 Household Members and Caregivers

Your pet data is shared with other members of your Household and any Caregivers you authorize, in accordance with the permissions you set.

6.3 Third-Party Service Providers (Processors)

We share information with third-party service providers who process data on our behalf to operate the Service. These providers are contractually obligated to use your data only as directed by us and to maintain appropriate security measures. See Section 14 for a complete list of processors.

6.4 Law Enforcement and Legal Obligations

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to:

• Comply with applicable law or legal obligations;
• Protect the rights, property, or safety of Ghost Labs, our Users, or the public;
• Detect, prevent, or address fraud, security, or technical issues;
• Report child sexual abuse material (CSAM) to NCMEC as required by 18 U.S.C. 2258A.

6.5 Business Transfers

If Ghost Labs is involved in a merger, acquisition, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or prominent in-app notice before your information becomes subject to a different privacy policy.

7. Data Storage and Security

7.1 Where We Store Your Data

• Application Database: Google Cloud Platform (GCP) Cloud SQL (PostgreSQL), located in the United States.
• File Storage: Amazon Web Services (AWS) S3, located in the United States. Used for pet photos, note images, and user avatars.
• Application Hosting: GCP Cloud Run, located in the United States.

7.2 Security Measures

We implement industry-standard security measures, including:

• Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher.
• Encryption at rest: Database and file storage are encrypted at rest using AES-256 or equivalent.
• Password security: User passwords are salted and hashed using bcrypt; we never store plaintext passwords.
• Access controls: Role-based access controls limit employee access to user data on a need-to-know basis.
• Authentication audit logging: We log authentication events to detect unauthorized access attempts.

7.3 No Guarantee

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

8.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

8.2 After Account Deletion

When you delete your account:

• Your personal data and pet data are marked for deletion and removed from active systems within 30 days.
• Backup copies may persist for up to 90 days before being permanently purged.
• Anonymized, aggregated data that has already been processed is retained indefinitely (because it is no longer identifiable).
• Data we are required to retain by law (e.g., financial records, legal compliance) will be retained for the legally required period.

8.3 Authentication Logs

Authentication audit logs (IP addresses, User-Agent strings) are retained for 12 months for security purposes, then permanently deleted.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 Access

You can access your pet health data at any time through the app. You may request a copy of all personal data we hold about you by emailing privacy@everkin.io.

9.2 Correction

You can update or correct your information directly in the app. For corrections you cannot make yourself, contact privacy@everkin.io.

9.3 Deletion

You can delete your account through the app settings or by contacting support@everkin.io. See Section 8.2 for retention details after deletion.

9.4 Data Export

You can export your pet health records from the app in CSV and PDF formats.

9.5 Opt-Out of AI/ML Training

You can opt out of having your anonymized data used for AI/ML model training. See Section 5.4.

9.6 Opt-Out of Marketing Communications

You can unsubscribe from marketing emails using the link in any marketing email or by updating your notification preferences in the app. Transactional emails (account security, Terms updates) are not affected.

9.7 Withdrawal of Consent

Where we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. For California, EU, and other jurisdiction-specific rights, see Sections 11, 12, and 13.

10. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in the EU/EEA/UK). We do not knowingly collect personal information from children under these age thresholds.

If we discover that we have collected personal information from a child under the applicable minimum age without verifiable parental consent, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us at privacy@everkin.io. We comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

11.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.

11.3 Right to Correct

You have the right to request correction of inaccurate personal information.

11.4 Right to Opt-Out of Sale or Sharing

We do not sell or share (as defined by CCPA/CPRA) your personal information. Therefore, there is no need to opt out. If our practices change, we will provide a "Do Not Sell or Share My Personal Information" link.

11.5 Right to Limit Use of Sensitive Personal Information

Pet health data may be considered sensitive personal information under CPRA. We use this data only to provide the Service as described in this Privacy Policy. You may request that we limit our use of sensitive personal information.

11.6 Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights.

11.7 How to Exercise Your Rights

To submit a CCPA/CPRA request, email privacy@everkin.io with the subject line "CCPA Request." We will verify your identity before processing your request. We will respond within 45 days (extendable by an additional 45 days with notice).

11.8 Authorized Agent

You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you.

12. European Users (GDPR)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or the UK GDPR.

12.1 Data Controller

Ghost Labs LLC is the data controller for information collected through the Service.

12.2 Legal Bases for Processing

12.3 Your GDPR Rights

In addition to the rights in Section 9, you have the right to:

• Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Restriction of Processing: Request that we restrict processing of your data in certain circumstances.
• Object to Processing: Object to processing based on legitimate interests, including AI/ML training.
• Lodge a Complaint: File a complaint with your local data protection authority (supervisory authority).

12.4 International Data Transfers

Your data is stored and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data from the EU/EEA/UK to the United States. You may request a copy of the applicable SCCs by contacting privacy@everkin.io.

12.5 Data Protection Contact

For GDPR-related inquiries, contact:
Data Protection Contact
Ghost Labs LLC
Email: privacy@everkin.io

13. International Users

13.1 United Kingdom

UK residents have rights equivalent to those described in Section 12 under the UK GDPR and the Data Protection Act 2018. References to GDPR in this policy apply equally to the UK GDPR where applicable.

13.2 Canada

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). You may access, correct, or delete your personal information by contacting us at privacy@everkin.io. We obtain meaningful consent for the collection, use, and disclosure of personal information.

13.3 Brazil

Brazilian residents have rights under the Lei Geral de Protecao de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing. Contact privacy@everkin.io to exercise these rights.

14. Third-Party Service Providers (Processor Inventory)

We use the following third-party service providers to operate the Service:

All processors are contractually bound to process data only on our instructions and to implement appropriate technical and organizational security measures.

15. Cookies and Tracking Technologies

15.1 Marketing Site (everkin.io)

The everkin.io marketing website may use:

• Essential cookies: Required for basic site functionality (e.g., form submission).
• Analytics cookies: To understand how visitors interact with the site (e.g., page views, referral sources).

15.2 Mobile Application

The Everkin mobile application does not use cookies or third-party tracking SDKs for advertising purposes.

15.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the marketing website but will not affect the mobile application.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by sending an email to the address associated with your account and/or displaying a prominent notice within the app.

We will provide at least 30 days' notice before material changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Ghost Labs LLC
Email: privacy@everkin.io
General inquiries: support@everkin.io

For GDPR/UK GDPR inquiries, use the same email address above.

For CCPA/CPRA requests, email privacy@everkin.io with the subject line "CCPA Request."

Copyright 2025-2026 Ghost Labs LLC. All rights reserved.