Privacy Policy

1. Introduction

This Privacy Policy explains how Reef Dev, LLC ("we," "us," or "our") collects, uses, and protects your information when you use the Coralline application and website (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

Effective Date: February 19, 2026

2. Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign up through a third-party provider (such as Google), we receive your name and email from that provider.

Aquarium Data

You may voluntarily enter aquarium-related data including tank configurations, water test parameters, livestock records, and photos. This data is yours and is stored to provide the Service.

Usage Analytics

We collect pseudonymous usage analytics through PostHog to understand how the Service is used and to improve it. User identifiers are hashed before transmission. We do not build advertising profiles from this data.

Device and Browser Information

We automatically collect standard technical information such as browser type, operating system, device type, and general geographic region. This is used for compatibility, performance optimization, and error diagnosis.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your account registration and authentication
• Send transactional emails (account verification, password resets, subscription confirmations)
• Analyze usage patterns to improve features and user experience (pseudonymous analytics only)
• Diagnose technical issues and errors
• Enforce our Terms of Service and protect against misuse

We do not sell your personal information. We do not use your data for targeted advertising.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase, with the application hosted on Vercel. All data is encrypted in transit (TLS) and at rest. Row Level Security (RLS) policies ensure that each user can only access their own data.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

The Service integrates with the following third-party providers, each with their own privacy policies:

• Supabase - Database hosting, authentication, and file storage
• Stripe - Payment processing for subscriptions. We do not store your full credit card number; Stripe handles all payment data securely.
• PostHog - Pseudonymous product analytics (hashed user IDs, no PII)
• Sentry - Error tracking and performance monitoring (no personally identifiable information is collected)
• Resend - Transactional email delivery (account verification, password resets)

6. Cookies and Local Storage

The Service uses:

• Session cookies - Required for authentication via Supabase Auth. These keep you logged in and are essential for the Service to function.
• Local storage - Used to cache data for offline access and to store your theme preference (light/dark mode).

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

7. Your Rights

You have the right to:

• Access your data - You can view all your aquarium data, test logs, and account information within the app at any time.
• Export your data - You can export your data in CSV or JSON format for portability.
• Delete your account - You can request account deletion through the app settings. Your data will be soft-deleted and permanently removed after 30 days.
• Opt out of analytics - You can opt out of pseudonymous usage analytics in your account settings.

To exercise any of these rights, contact us at support@coralline.app.

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information. If you believe a child under 13 has provided us with personal data, please contact us at support@coralline.app.

9. Data Retention

• Active accounts - Your data is retained for as long as your account is active and you continue to use the Service.
• Account deletion - When you delete your account, your data enters a 30-day soft-delete period during which it can be recovered if you change your mind. After 30 days, your data is permanently deleted.
• Individual item deletion - Deleted items (tanks, test logs, livestock records) are recoverable for 7 days, then permanently removed.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at the address associated with your account. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: support@coralline.app
• Company: Reef Dev, LLC
• Location: Florida, United States