Name: ReefBot
Price: 4.99 USD
Rating: 5 (1 reviews)
Author: Expi AB

Plain-English summary. ReefBot is built privacy-first. We do not sell your data. The only personal data we touch is what you actively send us: photos you ask us to analyse, parameter readings you log, and posts you make to the optional Community feed. Everything else stays on your device.

1. Who we are

ReefBot is operated by Expi AB, Sweden ("we", "us"). Contact: hello@expi.se.

2. What data we collect

Tank data you create — tanks, parameter readings, photos, maintenance logs, dosing plans, schedule rules, hardware connections, livestock entries. Stored on your device by default. If you enable iCloud sync, Apple syncs it to your private iCloud database (we never see it).
Photos and readings sent to AI — when you tap "Photo diagnosis", the photo and your most recent parameter readings are sent to OpenAI's API for analysis. We don't keep a copy on our servers.
Community posts — when you publish to the Community feed, the photo, caption, tank info (volume, sump, system type), display name and optional location are stored on our backend so other ReefBot users can see them.
Device identifier — a randomly generated UUID stored locally on your device. We use it only to know which Community posts and likes belong to you so you can delete or unlike them. It is not tied to an email, name or password.
Subscription state — Apple tells us whether your ReefBot Pro subscription is active. We never see card numbers.

We do not collect: name (unless you type it into a Community post), email, location (unless you type it into a Community post), contacts, browsing history, advertising IDs, IP-address-based fingerprints.

3. How we use it

To run the app: store your readings, render charts, generate dosing plans.
To analyse photos via AI when you ask for diagnosis.
To show your Community posts to other ReefBot users.
To verify your ReefBot Pro entitlement (via Apple, not us).

We do not use your data for advertising, profiling, or third-party analytics. We do not sell or rent personal data.

4. Third parties

Apple — handles iCloud sync (if enabled), App Store payments and subscription management. See Apple's privacy policy.
OpenAI — receives the photo and parameters you submit for AI diagnosis when you opt in. OpenAI states they don't train models on API requests by default. See OpenAI's API data usage policy.
Cloudflare — hosts our backend (Workers + D1 + KV). Standard request logs are kept by Cloudflare for security; we don't read them.
Vercel — hosts this website. Vercel keeps standard access logs for security.

5. Where data lives

Tank data: on your device (and optionally in your private iCloud). Community posts and photos: in Cloudflare D1 + KV in the EU (Western Europe region). AI analysis: ephemeral; OpenAI receives it during the request and we don't persist it.

6. How long we keep it

Tank data on your device: as long as the app is installed.
Community posts: until you delete them. Deleted posts are soft-deleted for 30 days then purged.
Photos in Community: same lifecycle as the post.

7. Your rights

You can:

Export all your tank data as JSON or CSV from Settings → Data.
Delete any Community post you made directly in the app.
Erase everything by uninstalling the app (local data) and emailing hello@expi.se from the device that posted (we'll purge anything tied to your device ID).
Revoke AI consent in Settings → AI features.

Under GDPR you also have the right to access, correct, and lodge a complaint with your supervisory authority (in Sweden: IMY).

8. Children

ReefBot is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Security

HTTPS for all network traffic. Subscription receipts validated through Apple. Backend secrets stored in Cloudflare's secret store. No credit card data ever touches our servers.

10. Changes

If we update this policy materially, we'll show an in-app notice before the change takes effect.

Looking for the rules? See our Terms of service.

Privacy policy