Data & Safety
HeelHub is a closed, private space: one trainer and their own clients. This page explains, in plain words, who can see what and how your data is protected. For the legal details, see the Privacy Policy.
Who sees what
| Data | Owner | Trainer |
|---|---|---|
| Your dog's profile, sessions & progress | Yes (own dogs) | Yes (own clients) |
| Trainer's private session notes | No | Yes |
| AI theory drafts (before approval) | No | Yes |
| Published (approved) theory | Yes | Yes |
| Questions & messages in your thread | Yes | Yes |
| Other clients' dogs and conversations | No | Only their own clients |
| Trainer's credits, balance & billing | No — never shown to owners | Yes (own) |
These boundaries are enforced server-side by Firebase security rules — not just hidden in the interface. A draft the trainer hasn't approved is unreadable to the owner's account, full stop.
How your data is protected
- Encryption. Everything travels over TLS and is encrypted at rest on Google Firebase infrastructure.
- Per-user access rules. Every read and write is checked against your signed-in identity; there are no shared passwords or public links to your content.
- Media. Photos and videos you attach are stored in Firebase Cloud Storage with the same per-user rules (uploads are size- and type-limited).
- Billing. Card details never touch HeelHub — purchases run through Apple's App Store or Google Play. We keep only a transaction id and a credit ledger.
- No ads, no trackers. The app and the website contain no advertising or third-party analytics SDKs.
Account recovery
Owner accounts start tied to your phone. Securing your account with Google or Apple (Profile → Secure your account) means you can sign back in on any device and find everything intact. If you lose an unsecured device, ask your trainer for a fresh invite and contact us to clean up the old data.
Offline by design
HeelHub works in the field: data you've seen is cached on your device, and actions you take offline sync when you're back in range. The cache lives inside the app's protected storage and is removed when you sign out or uninstall.
Deleting your data
Email contact@fluttech.com from the address linked to your account (or include your trainer's name and your dog's name for anonymous accounts) and we'll delete your account and associated data within 30 days.
Found a security issue?
Please report it to contact@fluttech.com. We appreciate responsible disclosure and respond quickly.