ReefIQ

Privacy Policy

Effective date: April 14, 2026

BayTech Software ("we", "us", "our") operates the ReefIQ mobile application and related cloud services. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address and password (email/password sign-in)
• Name and email address from your Google account (Google Sign-In)
• Name and email address from your Apple ID (Sign in with Apple)
• Email verification status

Account credentials are managed by Firebase Authentication (Google). We do not store your raw password — Firebase handles hashing and credential storage.

1.2 Tank Profile Data

When you create a tank profile, we store the following in Firebase Firestore:

• Tank name, volume, type, salinity target, and other configuration details
• Selected dashboard metrics and display preferences
• Associated device IDs and integration settings

1.3 Water Parameter Data

We store water chemistry parameters (pH, alkalinity, calcium, magnesium, nitrate, phosphate, salinity, temperature, ORP, and others) that you enter manually, import from a Neptune Apex controller, or receive from ReefIQ devices. All parameter data is stored in Firebase Firestore under your user account.

1.4 ICP Report Data

When you upload an ICP (Inductively Coupled Plasma) water analysis report:

• The PDF file is uploaded to Firebase Storage under your user account
• The PDF content is sent to OpenAI's GPT API for extraction and analysis
• The extracted parameter values and AI-generated analysis are stored in Firebase Firestore

1.5 Health Reports

When you generate a health report:

• Your tank parameters, livestock inventory, and journal entries are sent to OpenAI's GPT API
• The AI-generated health assessment is stored in Firebase Firestore under your user account

1.6 ReefIQ Assistant (Text)

When you use the text-based ReefIQ Assistant:

• Your messages and the AI responses are stored in Firebase Firestore under your user account
• Your messages, along with your tank context (parameters, livestock, journal entries), are sent to OpenAI's GPT API to generate responses
• A daily limit of 100 messages applies
• Conversation history is retained in Firestore until you delete your account

1.7 ReefIQ Assistant (Voice)

When you use the voice-based ReefIQ Assistant:

• Audio from your device microphone is transmitted in real time to OpenAI's Realtime API via a secure WebSocket connection
• OpenAI processes the audio to generate spoken responses streamed back to your device
• Voice sessions are ephemeral — audio is not stored on our servers or in your account
• Text transcripts of voice conversations may be stored in Firebase Firestore under your user account

1.8 Livestock Tracking

When you track livestock (coral, fish, invertebrates):

• Species, name, date added, and notes are stored in Firebase Firestore under your user account

1.9 Journal Entries

When you create journal entries:

• Entry text, date, tags, and associated parameters are stored in Firebase Firestore
• Journal data may be sent to OpenAI's GPT API when generating AI-powered correlations and health reports

1.10 Maintenance Scheduler

When you create maintenance tasks:

• Task name, schedule, and completion history are stored in Firebase Firestore
• Push notifications for due tasks are delivered via Firebase Cloud Messaging (FCM)

1.11 Parameter Alerts

When you configure parameter alerts:

• Alert thresholds and notification preferences are stored in Firebase Firestore
• Push notifications for triggered alerts are delivered via Firebase Cloud Messaging (FCM)

1.12 Push Notifications

• We use Firebase Cloud Messaging (FCM) to deliver push notifications for maintenance reminders and parameter alerts
• Your FCM device token is stored in Firebase to route notifications to your device
• You can disable notifications at any time through your device settings or within the app

1.13 Neptune Apex Integration

When you connect a Neptune Apex controller:

• Your Apex IP address and credentials are stored locally on your device only using encrypted storage
• The app communicates with your Apex controller over your local network — Apex data does not pass through our servers
• Parameter readings retrieved from the Apex are stored in Firebase Firestore as part of your tank data

1.14 ReefIQ Devices

When you pair a ReefIQ hardware device (Flo, Specto, Cora, or other devices):

• Bluetooth Low Energy (BLE) is used during initial device provisioning
• After provisioning, the app communicates with devices over your local network via HTTP
• Device telemetry (sensor readings, operational status) is stored in Firebase Realtime Database under your user account

1.15 Local Storage

The app stores the following data locally on your device using encrypted storage:

• Dark mode preference
• Neptune Apex credentials and IP address
• Device connection history and cached data
• App configuration and preferences

This local data is not transmitted to our servers unless explicitly stated otherwise in this policy.

2. How We Use Your Information

We use your information to:

• Provide and operate the ReefIQ app and its features
• Authenticate your identity and secure your account
• Store and display your tank data, parameters, livestock, and journal entries
• Generate AI-powered analysis, health reports, and assistant responses via OpenAI
• Deliver push notifications for maintenance reminders and parameter alerts
• Communicate with your ReefIQ devices and Neptune Apex controller
• Improve the app and diagnose technical issues

3. Third-Party Services

ReefIQ relies on the following third-party services:

Each third-party service is governed by its own privacy policy:

• Google Privacy Policy
• Firebase Privacy and Security
• OpenAI Privacy Policy
• Apple Privacy Policy

4. Data Consent

ReefIQ provides a data consent toggle in Settings. When enabled, the ReefIQ Assistant may use your saved tank history, parameter data, livestock, journal entries, and connected device information to provide personalized guidance. You can disable this at any time. When disabled, the assistant provides general reef-keeping advice without access to your tank data.

5. Data Sharing

We do not sell, rent, or trade your personal information.

Your data may be shared with third parties only in the following circumstances:

• Service providers: Data is transmitted to Firebase (Google) and OpenAI as described in Section 3, solely to provide app functionality
• Legal requirements: If required by law, regulation, or legal process
• Your direction: When you explicitly choose to export or share data (e.g., configuration files)

6. Data Retention

• Account data and Firestore content are retained as long as your account exists
• Voice audio is ephemeral and not retained after the session ends
• ICP report PDFs are retained in Firebase Storage until you delete them or your account
• Local data remains on your device until you uninstall the app or clear app data
• FCM tokens are retained as long as your account is active

7. Account Deletion and Your Rights

You can delete your account at any time from within the app (Settings > Delete Account). When you delete your account:

• Your Firebase Authentication account is permanently deleted
• All data in Firebase Firestore associated with your account (tank profiles, parameters, livestock, journal entries, assistant history, health reports, ICP reports, maintenance tasks, alerts) is permanently deleted via a GDPR-compliant cascade deletion
• All files in Firebase Storage associated with your account (ICP report PDFs) are permanently deleted
• Device telemetry data in Firebase Realtime Database associated with your account is permanently deleted
• Local data on your device remains until you uninstall the app

Under applicable data protection laws (including GDPR), you may also have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data
• Object to or restrict processing of your personal data
• Data portability — receive your data in a structured, machine-readable format

To exercise these rights, contact us at the address below.

8. Children's Privacy

ReefIQ is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

9. Permissions

ReefIQ may request the following device permissions:

• Local network access: To discover and communicate with ReefIQ devices and Apex controllers on your Wi-Fi network
• Bluetooth: To discover and provision new ReefIQ devices during setup
• Microphone: To capture voice audio for the ReefIQ Assistant voice conversation feature
• Notifications: To deliver device alerts, parameter alerts, and maintenance reminders
• Location (Android only): Required by Android for Bluetooth scanning; ReefIQ does not track or store your location

You can deny any permission, but related features may not work correctly.

10. Security

We use industry-standard security measures to protect your data, including:

• Encrypted local storage for sensitive credentials
• HTTPS/TLS for all cloud communications
• Firebase Security Rules to restrict data access to authenticated users
• Firebase App Check to prevent unauthorized API access

The security of your local network, device, and account credentials is your responsibility.

11. Changes to This Policy

We may update this Privacy Policy as the app evolves. The effective date at the top of this page indicates the latest revision. Continued use of the app after changes constitutes acceptance of the updated policy. If we make material changes, we will make reasonable efforts to notify you.

12. Contact

For questions about this Privacy Policy or your data:

• Email: reefiq.tech@gmail.com
• Web: reefiq.tech