Privacy Policy

1. Introduction

At Pawey, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Pawey mobile application (“App”), website at pawey.co (“Website”), and all related services (collectively, the “Service”). Pawey is operated by Trendspark Ltd, a company registered in England and Wales, with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service. We encourage you to read this policy in full and to contact us at hello@pawey.co if you have any questions.

2. Information We Collect

We collect different types of information to provide and improve the Service. Below is a detailed breakdown of the data we collect:

2.1 Account Information

When you create an account, we collect your email address, full name, phone number (optional), and mailing address (optional). You can sign up and sign in using an email address and password, or with Sign in with Apple or Sign in with Google. When you use Apple or Google sign-in, we receive an identity token and basic profile information (such as your name and email address) from that provider to create and authenticate your account. This information is used to identify your account, provide customer support, and communicate with you about the Service.

2.2 Pet Data

To provide the core functionality of the Service, we collect and store data about your pets, including: pet name, species, breed, date of birth, gender, weight measurements, health records (vaccinations, medications, vet visits, allergies, conditions), photographs, microchip ID, and any notes you add. This data is provided by you and is essential to delivering the Service.

2.3 Location Data

We collect your device’s location data only when you actively use the vet finder feature and only with your explicit permission. Location data is used solely to display nearby veterinary clinics on the map. We do not track your location in the background, and we do not store location history on our servers.

2.4 Device Information

We collect basic device information including device type, operating system version, unique device identifiers, and push notification tokens. This information is used to deliver push notifications (such as care reminders), ensure compatibility, and diagnose technical issues.

2.5 Diagnostic & Crash Data

To keep the App stable and reliable, we collect crash reports and error diagnostics through Sentry (see Section 5.5). These reports include error and crash details, device and operating-system information, and an internal account identifier so we can correlate an issue with the affected account. They do not include your pet data or health records, and we do not use this data for advertising. It is used solely to detect, diagnose, and fix technical issues.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Store and display your pet profiles, health records, and related data
• Send reminders and notifications: Deliver push notifications for care reminders, vet appointments, and other alerts you configure
• Improve the Service: Use crash and error diagnostics to fix bugs, improve stability, and develop new functionality
• Customer support: Respond to your questions, troubleshoot issues, and provide assistance
• Manage subscriptions: Process Pawey Plus subscription status and ensure access to the appropriate features
• Generate exports: Create PDF health timelines and other data exports you request
• Communicate with you: Send important updates about the Service, policy changes, or security notices

4. Data Storage & Security

Your data is stored securely using Firebase, a cloud platform operated by Google. Firebase provides enterprise-grade security including:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
• Encryption at rest: Your data is encrypted when stored on Google Cloud servers
• Access controls: Strict authentication and authorization rules ensure only you can access your data
• Regular security audits: Firebase infrastructure undergoes regular security assessments and certifications (SOC 1, SOC 2, SOC 3, ISO 27001)

While we implement commercially reasonable security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data and will notify affected users promptly in the unlikely event of a data breach.

5. Third-Party Services

We use the following third-party services to operate and improve the Service. Each service provider has its own privacy policy governing their use of data:

5.1 Firebase (Google)

We use Firebase for user authentication (Firebase Auth), database storage (Cloud Firestore), and file storage (Firebase Storage). Firebase processes your account information, pet data, and uploaded photos. Google’s privacy policy applies: policies.google.com/privacy.

5.2 RevenueCat

We use RevenueCat to manage subscription entitlements for Pawey Plus (Pawey Plus Monthly at $4.99/month and Pawey Plus Annual at $29.99/year). RevenueCat processes a user identifier, the purchase tokens issued by the app stores, and your subscription status. Actual payment is handled by the Apple App Store or Google Play (see Section 5.7) — neither RevenueCat nor Pawey receives or stores your card details. RevenueCat does not have access to your pet data, health records, or other personal information beyond what is necessary for subscription management. RevenueCat’s privacy policy: revenuecat.com/privacy.

5.3 OpenStreetMap (Overpass API)

We use the OpenStreetMap Overpass API to discover nearby veterinary clinics for the vet finder feature. Queries are made using geographic coordinates only; no personal data, account information, or pet data is shared with OpenStreetMap.

5.4 Google Maps (Google)

The vet finder map is rendered using Google Maps. When you open the map, your device communicates with Google to load map tiles and other map data; this request may include your device’s approximate or precise location when you have granted location permission for the vet finder. We do not send your account information or pet data to Google Maps. Google’s privacy policy applies: policies.google.com/privacy.

5.5 Sentry

We use Sentry for crash and error reporting from the App. Sentry collects error and crash details (such as stack traces), device and operating-system information, and an internal account identifier so we can correlate an issue with the affected account. We do not include your pet data or health records in error reports, and Sentry is not used for advertising. Sentry’s privacy policy applies: sentry.io/privacy/.

5.6 Email Communications

We may send you transactional and service-related emails (such as account verification, password resets, and important updates). Automated messages are sent through our app's authentication provider, Google Firebase. Direct correspondence from our @pawey.co addresses is handled by a third-party email provider. We do not share your email address with third-party email marketing platforms.

5.7 Apple & Google (App Stores)

The App is distributed through the Apple App Store and Google Play Store. In-app purchases and subscription payments are processed by Apple and Google, respectively. Pawey does not have access to your full payment information (e.g., credit card numbers). Apple’s and Google’s respective privacy policies apply to transactions processed through their platforms.

6. Data Sharing

We do not sell, rent, or trade your personal information or pet data to third parties. We only share data in the following limited circumstances:

• Service providers: With the third-party services listed in Section 5, strictly as necessary to operate the Service
• Legal compliance: When required to comply with applicable law, regulation, legal process, or governmental request
• Safety and security: When we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Pawey, our users, or the public
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data would remain subject to this Privacy Policy or a policy at least as protective
• With your consent: When you explicitly request or authorize us to share your data (for example, when you export a PDF health timeline to share with your veterinarian)

7. Your Rights

We respect your rights over your personal data. Depending on your location, you may have the following rights:

7.1 General Rights (All Users)

• Access your data: View all personal and pet data stored in your account at any time through the App
• Export your data: Use the PDF export feature to download your pet’s complete health timeline
• Delete your data: Delete your account and all associated data directly in the App’s account settings. Step-by-step instructions are also available on our account deletion page
• Opt out of notifications: Disable push notifications at any time through your device settings or within the App
• Update your data: Edit or correct your personal information and pet data at any time within the App

7.2 Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to erasure: Request the deletion of your personal data. You can exercise this right by deleting your account in the App, or by contacting us at hello@pawey.co
• Right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format
• Right to restrict processing: Request that we limit how we process your personal data in certain circumstances
• Right to object: Object to processing of your personal data for certain purposes, including direct marketing
• Right to lodge a complaint: File a complaint with your local data protection authority if you believe your rights have been violated

Our legal basis for processing personal data under the GDPR includes: performance of a contract (providing the Service), legitimate interests (improving the Service, ensuring security), and consent (where applicable, such as for push notifications and location access).

7.3 Rights for California Users (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request information about the categories and specific pieces of personal information we have collected about you
• Right to delete: Request deletion of your personal information, subject to certain exceptions
• Right to opt-out of sale: We do not sell your personal information. As such, there is no need to opt out, but we affirm this commitment
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights

8. Children’s Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at hello@pawey.co so we can take appropriate action. This practice is in compliance with the Children’s Online Privacy Protection Act (COPPA).

9. Data Retention

We retain your personal information and pet data for as long as your account is active and as needed to provide the Service. Our data retention practices are as follows:

• Active accounts: Your data is retained for the duration of your account’s existence
• Account deletion: When you delete your account, all personal information, pet data, and uploaded photos are permanently deleted from our systems within 30 days
• Backup systems: Data may persist in encrypted backup systems for up to an additional 30 days after deletion, after which it is permanently purged
• Diagnostic data: Aggregated, de-identified crash and error diagnostics (collected through Sentry, as described in Sections 2.5 and 5.5) that cannot identify you may be retained for stability, security, and reliability purposes
• Legal obligations: We may retain certain data as required by applicable law, such as transaction records for tax or regulatory purposes

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including in the United States and the European Union, through Google Cloud infrastructure (which powers Firebase).

Google Cloud maintains compliance with international data transfer frameworks, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure adequate protection for data transferred internationally. By using the Service, you acknowledge and consent to the transfer of your data to these locations, subject to the safeguards described in this Privacy Policy.

11. Cookies & Tracking Technologies

11.1 Website

Our Website uses Umami, a privacy-focused, cookie-free analytics tool, to understand how visitors interact with the site (e.g., pages visited, referral sources, device type). Umami does not use cookies, does not collect personal data, and does not track individual visitors across websites. All data collected is aggregated and anonymous.

Our Website does not set any tracking cookies. The only cookies that may be used are those strictly necessary for the Website to function (e.g., session management). No consent banner is required as we do not use any non-essential cookies.

11.2 Mobile App

The Pawey mobile App does not use cookies. We use device identifiers solely for delivering push notifications and ensuring service functionality, as described in Section 2.4.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Post a notice within the App or on the Website
• Send you an email or push notification for significant changes that affect how we use your data

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, including exercising any of your rights described in Section 7, please contact us at: