Privacy Policy

1. Introduction

At Pawey, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Pawey mobile application (“App”), website at pawey.co (“Website”), and all related services (collectively, the “Service”). Pawey is operated by Trendspark Ltd, a company registered in England and Wales, with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service. We encourage you to read this policy in full and to contact us at hello@pawey.co if you have any questions.

2. Information We Collect

We collect different types of information to provide and improve the Service. Below is a detailed breakdown of the data we collect:

2.1 Account Information

When you create an account, we collect your email address, full name, phone number (optional), and mailing address (optional). This information is used to identify your account, provide customer support, and communicate with you about the Service.

2.2 Pet Data

To provide the core functionality of the Service, we collect and store data about your pets, including: pet name, species, breed, date of birth, gender, weight measurements, health records (vaccinations, medications, vet visits, allergies, conditions), photographs, microchip ID, and any notes you add. This data is provided by you and is essential to delivering the Service.

2.3 Location Data

We collect your device’s location data only when you actively use the vet finder feature and only with your explicit permission. Location data is used solely to display nearby veterinary clinics on the map. We do not track your location in the background, and we do not store location history on our servers.

2.4 Device Information

We collect basic device information including device type, operating system version, unique device identifiers, and push notification tokens. This information is used to deliver push notifications (such as care reminders), ensure compatibility, and diagnose technical issues.

2.5 Usage Data

We collect anonymized and aggregated usage data about how you interact with the Service, such as features used, screens visited, and actions taken. This data does not personally identify you and is used solely to understand usage patterns and improve the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Store and display your pet profiles, health records, and related data
• Send reminders and notifications: Deliver push notifications for care reminders, vet appointments, and other alerts you configure
• Improve the Service: Analyze anonymized usage patterns to enhance features, fix bugs, and develop new functionality
• Customer support: Respond to your questions, troubleshoot issues, and provide assistance
• Manage subscriptions: Process Premium subscription status and ensure access to the appropriate features
• Generate exports: Create PDF health timelines and other data exports you request
• Communicate with you: Send important updates about the Service, policy changes, or security notices

4. Data Storage & Security

Your data is stored securely using Firebase, a cloud platform operated by Google. Firebase provides enterprise-grade security including:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
• Encryption at rest: Your data is encrypted when stored on Google Cloud servers
• Access controls: Strict authentication and authorization rules ensure only you can access your data
• Regular security audits: Firebase infrastructure undergoes regular security assessments and certifications (SOC 1, SOC 2, SOC 3, ISO 27001)

While we implement commercially reasonable security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data and will notify affected users promptly in the unlikely event of a data breach.

5. Third-Party Services

We use the following third-party services to operate and improve the Service. Each service provider has its own privacy policy governing their use of data:

5.1 Firebase (Google)

We use Firebase for user authentication (Firebase Auth), database storage (Cloud Firestore), and file storage (Firebase Storage). Firebase processes your account information, pet data, and uploaded photos. Google’s privacy policy applies: policies.google.com/privacy.

5.2 RevenueCat

We use RevenueCat to manage subscription billing and entitlements. RevenueCat processes an anonymized user identifier and subscription status. It does not have access to your pet data, health records, or personal information beyond what is necessary for subscription management. RevenueCat’s privacy policy: revenuecat.com/privacy.

5.3 OpenStreetMap (Overpass API)

We use the OpenStreetMap Overpass API to discover nearby veterinary clinics for the vet finder feature. Queries are made using geographic coordinates only; no personal data, account information, or pet data is shared with OpenStreetMap.

5.4 Firebase Crashlytics (Google)

We use Firebase Crashlytics to collect crash reports and diagnostic information from the App. Crashlytics collects device state, crash stack traces, and device identifiers to help us identify and fix bugs. No personal data, pet data, or health records are included in crash reports. Google’s privacy policy applies: policies.google.com/privacy.

5.5 Email Communications

We may send you transactional and service-related emails (such as account verification, password resets, and important updates) using our own email infrastructure. These emails are sent from our domain and processed through our private mail servers. We do not share your email address with third-party email marketing platforms.

5.6 Apple & Google (App Stores)

The App is distributed through the Apple App Store and Google Play Store. In-app purchases and subscription payments are processed by Apple and Google, respectively. Pawey does not have access to your full payment information (e.g., credit card numbers). Apple’s and Google’s respective privacy policies apply to transactions processed through their platforms.

6. Data Sharing

We do not sell, rent, or trade your personal information or pet data to third parties. We only share data in the following limited circumstances:

• Service providers: With the third-party services listed in Section 5, strictly as necessary to operate the Service
• Legal compliance: When required to comply with applicable law, regulation, legal process, or governmental request
• Safety and security: When we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Pawey, our users, or the public
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would remain subject to this Privacy Policy or a policy at least as protective
• With your consent: When you explicitly request or authorize us to share your data (for example, when you export a PDF health timeline to share with your veterinarian)

7. Your Rights

We respect your rights over your personal data. Depending on your location, you may have the following rights:

7.1 General Rights (All Users)

• Access your data: View all personal and pet data stored in your account at any time through the App
• Export your data: Use the PDF export feature to download your pet’s complete health timeline
• Delete your data: Delete your account and all associated data through the App’s account settings
• Opt out of notifications: Disable push notifications at any time through your device settings or within the App
• Update your data: Edit or correct your personal information and pet data at any time within the App

7.2 Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to erasure: Request the deletion of your personal data. You can exercise this right by deleting your account in the App, or by contacting us at hello@pawey.co
• Right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format
• Right to restrict processing: Request that we limit how we process your personal data in certain circumstances
• Right to object: Object to processing of your personal data for certain purposes, including direct marketing
• Right to lodge a complaint: File a complaint with your local data protection authority if you believe your rights have been violated

Our legal basis for processing personal data under the GDPR includes: performance of a contract (providing the Service), legitimate interests (improving the Service, ensuring security), and consent (where applicable, such as for push notifications and location access).

7.3 Rights for California Users (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request information about the categories and specific pieces of personal information we have collected about you
• Right to delete: Request deletion of your personal information, subject to certain exceptions
• Right to opt-out of sale: We do not sell your personal information. As such, there is no need to opt out, but we affirm this commitment
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights

8. Children’s Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at hello@pawey.co so we can take appropriate action. This practice is in compliance with the Children’s Online Privacy Protection Act (COPPA).

9. Data Retention

We retain your personal information and pet data for as long as your account is active and as needed to provide the Service. Our data retention practices are as follows:

• Active accounts: Your data is retained for the duration of your account’s existence
• Account deletion: When you delete your account, all personal information, pet data, and uploaded photos are permanently deleted from our systems within 30 days
• Backup systems: Data may persist in encrypted backup systems for up to an additional 30 days after deletion, after which it is permanently purged
• Anonymized data: Aggregated, anonymized usage data that cannot identify you may be retained indefinitely for analytical purposes
• Legal obligations: We may retain certain data as required by applicable law, such as transaction records for tax or regulatory purposes

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including in the United States and the European Union, through Google Cloud infrastructure (which powers Firebase).

Google Cloud maintains compliance with international data transfer frameworks, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure adequate protection for data transferred internationally. By using the Service, you acknowledge and consent to the transfer of your data to these locations, subject to the safeguards described in this Privacy Policy.

11. Cookies & Tracking Technologies

11.1 Website

Our Website uses a privacy-focused, cookie-free analytics solution to understand how visitors interact with the site (e.g., pages visited, referral sources, device type). This analytics tool does not use cookies, does not collect personal data, and does not track individual visitors across websites. All data collected is aggregated and anonymous.

Our Website does not set any tracking cookies. The only cookies that may be used are those strictly necessary for the Website to function (e.g., session management). No consent banner is required as we do not use any non-essential cookies.

11.2 Mobile App

The Pawey mobile App does not use cookies. We use device identifiers solely for delivering push notifications and ensuring service functionality, as described in Section 2.4.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Post a notice within the App or on the Website
• Send you an email or push notification for significant changes that affect how we use your data

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, including exercising any of your rights described in Section 7, please contact us at: