Lifer
Join waitlist

Privacy

Lifer Privacy Policy

Effective date: 27 May 2026  ·  Data controller: Sam Lewis  ·  privacy@getlifer.app

This Privacy Policy applies to the Lifer mobile application, the Lifer website at getlifer.app, and all related services — including the beta waitlist, account system, Audio Catch, Camera Catch, catches, regional species packs, Cloud Vault, map, social features, bird alerts, and support.

1. Information we collect

Information you provide directly

  • Account details: email address, username, display name, and optional bio.
  • Waitlist signup: email address submitted via the website form.
  • User content: catches/sightings, optional catch photos, optional saved audio clips, custom species/card photos, optional location attached to a catch, Bird Walks, social posts, comments, reactions, milestone activity, and content you submit through appeals or support requests.
  • Preferences: notification settings, visibility/privacy toggles, and similar account choices.

We do not require a phone number to use Lifer.

Information collected automatically

  • Device and app information: operating system, platform (iOS or Android), app version, device model, and crash/error diagnostics. Sensitive fields such as coordinates and tokens are redacted before any error report is transmitted.
  • Location data (foreground): precise GPS coordinates when you actively record a catch, use the map, set a Bird Alert area, choose regional species/image packs, or open location-based features. Collected only with your explicit permission.
  • Location data (background): when you start a Bird Walk, the app tracks your GPS route continuously in the background until you end the walk. This enables the route trace on the map. Background location is used only for this feature and stops the moment the walk ends. You grant this permission separately.
  • Push notification token: generated if you enable notifications; used only to deliver alerts you have opted into.
  • Usage and event data: feature interactions needed to operate service features.
  • Website metadata: IP address and standard request logs from our hosting infrastructure when you visit getlifer.app.

Audio Catch

Audio Catch uses an on-device machine learning model for bird identification. Audio detection can work offline. If you choose to save catch audio clips and use Cloud Vault, those saved clips may be uploaded to Lifer storage as private media backups.

Camera Catch

Camera Catch is an online feature. When you use it, the captured in-app camera photo is sent to Lifer's backend and OpenAI so Lifer AI can identify the likely bird species and score the photo/card quality. The result is shown for review before a catch is added to your collection.

Information from third parties

  • Google Sign-In: if you choose to sign in with Google, we receive your Google account email address and a unique identifier from Google.
  • Subscription providers: RevenueCat provides your current entitlement and subscription status.
  • Imported birding records: if you manually import records from eBird, Birda, BirdTrack, or iNaturalist, we receive the sighting data from your export file. We do not pull data from those services without your action.

2. How we use your information

PurposeExamplesLegal basis
Service delivery Running your account, storing catches, rendering the map, sending alerts, processing subscription entitlements Contract
Bird Walk route tracking Recording GPS route during an active walk Contract; explicit permission for background location
Notifications Sending bird alert and service notifications you have opted into Consent
Crash and error monitoring Diagnosing app failures to maintain reliability Legitimate interests
Security and abuse prevention Detecting fraudulent submissions, enforcing community rules Legitimate interests; legal obligation where applicable
Product improvement Understanding feature usage to improve Lifer Legitimate interests
Legal compliance Meeting obligations under applicable law Legal obligation
Billing and subscriptions Processing and validating in-app purchases Contract; legal obligation
Waitlist management Sending beta access and launch communications Consent
Lifer AI and photo moderation Identifying birds in Camera Catch photos, scoring photo quality, and checking public Aviary card photos against safety guidelines Legitimate interests

We do not use your data for advertising or profiling unrelated to the service.

3. Third-party service providers

We share personal data only with the providers needed to run Lifer. Each is contractually restricted to processing data only for the stated purpose.

ProviderPurposeData shared
Supabase Database, authentication, and storage Account data, catches, content, location data
Cloudflare R2 Media storage Private catch audio, private catch photos, private species/card photos, and public/shared images where you choose to share them
OpenAI Lifer AI Camera Catch and content moderation Camera Catch photos for species identification and photo quality scoring; uploaded image and claimed species name for public Aviary card moderation. Private-only Aviary images are not sent to OpenAI for public-card moderation.
Sentry Crash and error reporting App error events, device/OS/version, user ID, user email. Coordinates and credential-related fields are redacted before transmission.
RevenueCat Subscription and entitlement management App user ID, purchase receipts, entitlement status
Mapbox Map rendering and tile delivery IP address, approximate location from tile requests, device info
Google Sign-in authentication Email address, Google account identifier
Resend Transactional email (waitlist, notifications) Email address
Netlify Website hosting IP address, standard request logs
Wikipedia (Wikimedia) Species description text fetched live on the species detail screen Species scientific name; device IP address as part of the HTTP request
iNaturalist Species taxonomy and conservation status fetched live on the species detail screen Species scientific name; device IP address as part of the HTTP request
Apple / Google Play App distribution and in-app purchase processing Per their platform policies

Website asset providers: Google Fonts and Ionicons (via unpkg CDN) are loaded from third-party servers when you visit getlifer.app. These are asset delivery requests — not tracking cookies — but they may result in your IP address and browser information being received by those providers.

4. Information sharing

Beyond the providers above, we may share information in these circumstances:

  • Business transfers: in the event of a merger, acquisition, or asset sale, personal data may transfer to the successor entity subject to equivalent privacy protections.
  • Legal reasons: when required by law, court order, or governmental authority; or to protect the rights, safety, or property of users or others.
  • When you share publicly: catches marked public, your public profile, and leaderboard data are visible to other Lifer users. You control visibility through your privacy settings.
  • Social sharing: if you choose to share a catch photo with a social feed post, that shared copy is visible according to the post's visibility settings and is separate from your private Cloud Vault copy.
We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

5. Data security

  • Row-level security policies ensure users can only access their own data.
  • Data is encrypted in transit (TLS) and at rest by our infrastructure providers.
  • New private Cloud Vault media — including private catch audio, private catch photos, and private species/card photos — is encrypted by Lifer before storage using standard AES-GCM encryption. Public/shared media is not treated as private encrypted Cloud Vault media because it needs to be displayed to other users.
  • Some older legacy private media may remain in its original storage format until migrated or replaced by newer encrypted uploads.
  • Authentication tokens and credentials are never logged or included in error reports — redacted at source in our Sentry integration.
  • Access to production systems is restricted to authorised personnel.

No method of transmission over the internet is 100% secure. We take reasonable steps to protect your data, but cannot guarantee absolute security.

6. Data retention

DataRetention period
Account and profile data While your account is active; deleted or anonymised on account deletion, subject to legal retention requirements.
Catches, sightings, and social content Until you delete the item or your account, subject to abuse-prevention and legal exceptions.
Private Cloud Vault media Until you delete the item, delete cloud media, turn off/remove the relevant backup, or delete your account, subject to legal and abuse-prevention exceptions.
Pending Camera Catch photos Saved locally on your device for retry when you choose "save for later"; normally removed after upload, discard, or expiry.
Bird Walk route data Stored as part of your walk record; deleted when you delete the walk or your account.
Location data attached to catches Retained as part of the catch record for as long as the catch exists.
Waitlist email addresses Until you request removal, the beta process concludes, or the operational need ends.
Push notification tokens While active and valid; removed when revoked or superseded.
Crash and diagnostic data (Sentry) Typically 90 days per Sentry's data retention settings.
Billing and transaction records Per applicable tax, accounting, and legal requirements (typically 7 years).
Website infrastructure logs Typically 30–90 days per provider policy.

7. Your rights

Depending on where you live, you may have the following rights over your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Deletion: ask us to delete your data, subject to legal retention obligations.
  • Restriction: ask us to limit processing while a dispute is resolved.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Consent withdrawal: withdraw consent at any time where processing is consent-based.

To exercise any right, email privacy@getlifer.app. We may verify your identity before processing the request.

Response timelines

  • GDPR / UK GDPR: within 1 month (extendable by 2 months for complex requests).
  • CCPA / CPRA (California): within 45 days (extendable by a further 45 days with notice).
  • PIPEDA (Canada): within 30 days.

Right to complain

If you are in the UK or EEA, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the EEA, contact your national data protection authority.

8. Children's data

Lifer is not directed at children. You must be at least 13 years old (or the minimum age required in your country, whichever is higher) to create an account. In EEA member states where the minimum is 16, you must be at least 16 or have verifiable parental consent.

We do not knowingly collect personal data from children below the applicable minimum age. If you believe a child has provided us with personal data, contact us at privacy@getlifer.app and we will delete it.

9. Automated decision-making

Lifer uses automated systems to suggest bird species, assign quality scores, classify regional rarity tiers (Common, Uncommon, Rare, or Legendary), calculate points, and power social/ranking features. Audio Catch runs on-device; Camera Catch uses Lifer's backend and OpenAI to analyse the captured photo. These systems are automated but do not produce legal or similarly significant effects on you. You can contest a rarity or scoring issue by contacting support.

No other automated decision-making with significant effects is applied to your account.

10. Cross-border data transfers

Because we use global infrastructure providers, your data may be processed outside your country of residence, including outside the UK and EEA. Where transfers from the UK or EEA to third countries take place, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors.

You can request more information about specific safeguards by contacting privacy@getlifer.app.

11. Cookies and local storage

Mobile app

The app does not use cookies. Preferences and session data are stored locally on your device using standard iOS/Android secure storage.

Website (getlifer.app)

Strictly necessary storage only. We use browser localStorage to remember your light/dark theme preference. No advertising cookies or tracking cookies are used.

When you visit the website, your browser loads fonts from Google Fonts and icons from unpkg.com (Ionicons). These are asset delivery requests and may result in your IP address and browser information being received by those providers.

If non-essential cookies are added in future, we will implement a consent mechanism where required by law. You can manage cookies and local storage through your browser settings at any time.

12. Policy updates

This policy may be updated periodically. The effective date at the top will always reflect the most recent version. For material changes — to what data we collect, who we share it with, or how we use it — we will provide notice through the app, the website, or by email where required by law.

13. Contact

For privacy questions, rights requests, or removal of waitlist data:

privacy@getlifer.app

We aim to acknowledge all privacy enquiries within 5 business days.

Back to getlifer.app