Privacy & Cookie Policy
Last updated:
This Privacy & Cookie Policy ("Policy") explains how PawTap Limited ("PawTap", "we", "us", "our") collects, uses, discloses and protects personal information when you visit our websites and use our apps and services, including our pet tags (NFC/QR), lost-pet workflows and "Memory Lane" features (the "Services").
PawTap Limited acts as a Data Controller for personal data we process about our users under the UK GDPR and the Data Protection Act 2018.
Privacy by design: We've built granular consent controls directly into your profile settings. You control analytics, diagnostics, and marketing separately. Your consent choices are respected immediately across all platforms (web, mobile, and backend), and you can withdraw consent or delete your data at any time.
If you have questions, contact us at [email protected].
Registered office: [Add registered office address]
Company number: [Add company number]
ICO registration: [Add registration number, if available]
This Policy is designed for general information and isn't legal advice.
1) What we mean by "personal data"
"Personal data" means any information that identifies or can reasonably identify a living person (for example, name, email, phone, precise location, device identifiers, IP address). Information about pets isn't personal data by itself, but pet profiles can include owner contact details or other data that relate to a person and therefore become personal data.
We also create aggregated or de-identified analytics. Where data is irreversibly de-identified, it is no longer personal data.
2) What we collect
We collect data in three ways: (A) you provide it, (B) we collect it automatically, or (C) we receive it from third parties.
A. Data you provide
Account & profile – name, email, passwordless/OTP details, optional display name, language/timezone preferences.
Consent preferences – Your granular consent choices for analytics, diagnostics, and marketing. These preferences are stored separately with full audit trail (consent date, IP address, user agent, consent version). You control these in your profile settings and can withdraw at any time.
Pet profiles – pet name, breed, photo(s), date of birth/age and optional pet medical information (e.g., vet name/contact, medications, allergies, conditions, last vet visit). Visibility controls: your platform has field-level visibility settings for pet contact/medical fields; you decide what is shown to a finder.
Owner contact & address for a pet – primary/secondary phone numbers; address (street, city, county, postcode, country). Coordinates may be stored for map features.
Finder (scanner) details – when someone scans a tag/NFC, we may collect the finder’s first name, message, optional phone number, optional address, and (if shared) approximate map location.
Orders & shipping – email, first/last name, shipping address, chosen shipping method, and order metadata for tag purchases.
Support – messages, attachments you send to us.
B. Data we collect automatically
Device & usage – IP address, browser/OS type, timestamps, error logs.
Analytics (consent required) – When you grant analytics consent, we collect event data (page views, button clicks, feature usage) linked to your user ID. We use internal analytics (stored in our database) and Google Analytics on web, Firebase Analytics on mobile. No analytics tracking occurs without your explicit consent. If you deny or withdraw consent, we track only anonymous aggregated data (counts, no user identification). Analytics data for users who withdraw consent is automatically deleted within 24 hours via daily cleanup jobs.
Diagnostics (consent required) – When you grant diagnostics consent, we collect error reports and performance metrics via Sentry to improve service reliability. This may include device information, stack traces (PII minimized), and error context. No diagnostic data is collected without your consent.
Security/session – CSRF cookie for web, session state, login events, refresh-token rotation metadata, and fraud/abuse signals. These are essential for security and fraud prevention (legitimate interest basis) and do not require consent.
Maps & location – if you or a finder choose to share it, pet scan pages can capture the finder's device-reported location; maps and address lookup use Google Places/Maps APIs and/or Mapbox on web and mobile.
C. Data from third parties
Payments – via Stripe (card, payments, subscription, Checkout session/intent IDs, refunds). We receive non-card transaction metadata (e.g., last4 is not stored by us; card data is kept by Stripe).
Email delivery – via AWS SES (deliverability metadata).
Push notifications – Firebase Cloud Messaging (FCM) device tokens (mobile).
Media storage – uploads (photos/videos) are stored on S3-compatible storage (AWS S3 or DigitalOcean Spaces), referenced by signed URLs.
Diagnostics – Sentry (error traces; we minimize PII in error reports). Only used when you grant diagnostics consent.
Analytics – Google Analytics (web), Firebase Analytics (mobile), internal database analytics. Only tracks user-identified data when you grant analytics consent. Anonymous aggregated analytics may be collected based on legitimate business interests (no user identification).
3) Why we use your data (lawful bases)
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide the Services | Account management, pet profiles, lost-pet workflows, showing chosen contact details, Memory Lane, alerts | Contract |
| Process orders & subscriptions | Stripe Checkout, payments, refunds | Contract; Legal obligation |
| Security & fraud prevention | CSRF cookie; token rotation; suspicious activity checks | Legitimate interests; Legal obligation |
| Communicate with you | Service emails, support | Contract; Legitimate interests |
| Marketing (optional) | Email marketing, in-product prompts | Consent |
| Analytics (optional) | User-identified event tracking (Google Analytics, Firebase Analytics, internal database); feature usage, conversion tracking | Consent (required for user-level tracking); Legitimate interests (anonymous aggregates only) |
| Diagnostics (optional) | Error tracking, crash reports, performance monitoring via Sentry | Consent |
| Service improvement | Anonymous aggregated analytics, A/B testing (no user identification) | Legitimate interests |
| Maps & geolocation | Address autocomplete, scan location | Legitimate interests; Consent |
| Compliance | Tax/records, lawful requests | Legal obligation |
You can change analytics, diagnostics, and marketing consent anytime in your profile settings (Privacy & Consents section) on web or mobile. Changes take effect immediately across all platforms. Withdrawing consent won't affect prior lawful processing, but historical analytics data will be automatically deleted within 24 hours. You can also manually delete all your analytics data instantly using the "Delete My Analytics" button in your profile.
4) How we manage your consent
We've built comprehensive consent management directly into PawTap, giving you granular control over how your data is used.
Granular consent types
Analytics: Controls whether we can track your usage with your user ID for product analytics. When disabled, only anonymous aggregated data is collected.
Diagnostics: Controls error tracking and crash reporting via Sentry. Helps us fix bugs and improve reliability.
Marketing: Controls whether you receive promotional emails, feature announcements, and marketing communications.
Where to manage consent
Cookie banner (first visit): Choose your initial preferences when you first visit our website.
Profile settings: Access "Privacy & Consents" in your profile on web or mobile to toggle each consent type individually or withdraw all consents at once.
Email links: Marketing emails include unsubscribe links for immediate opt-out.
How consent works technically
Immediate effect: When you change a consent setting, it takes effect instantly across all platforms (web, mobile, backend) within seconds.
Cross-platform sync: Your consent choices are synced across all your devices automatically. Grant consent on mobile, and it applies to web (and vice versa).
Audit trail: Every consent change is logged with timestamp, IP address, user agent, and consent version for legal compliance.
Fail-safe design: If there's any doubt about your consent status, we default to not tracking you (privacy-protecting behavior).
Anonymous users
If you interact with PawTap before creating an account (e.g., via cookie banner), we create an anonymous consent record linked to your session. When you register or log in, this consent is automatically linked to your account.
Withdrawing consent
You can withdraw any consent at any time. For analytics, historical data is automatically deleted within 24 hours via automated cleanup jobs running daily at 3 AM. Alternatively, use the "Delete My Analytics" button in your profile for instant deletion.
5) What others can see when they scan your tag
When a finder scans your pet's tag or NFC, we show the public pet profile and owner contact fields you have allowed via your visibility settings. If a finder submits their name, message, contact number, address or location to reach you, we store that submission with the scan event.
6) Payments
We use Stripe as our payment processor. Card data is handled by Stripe; PawTap never stores full card PANs. We keep non-card transaction metadata to operate subscriptions, refunds and fulfilment.
7) Communications & notifications
Email: Service and (if consented) marketing emails via AWS SES.
Push: Mobile push via FCM.
SMS: Not enabled by default. If added, we will update this Policy and obtain appropriate consent.
You can manage marketing preferences in your profile; critical service messages will still be sent.
8) Cookies & similar technologies
What we set
Strictly necessary (no consent required): CSRF cookie for security; basic session indicators. These are essential for the service to function and do not track you across websites.
Analytics cookies (requires consent): Google Analytics cookies (_ga, _gid, etc.) are only set if you accept analytics tracking via our cookie banner or profile settings. We use Google's Consent Mode v2 API to control cookie behavior based on your preferences. If you deny analytics consent, no analytics cookies are set.
Diagnostics (requires consent): Sentry may set minimal identifiers for error tracking. Only active if you grant diagnostics consent.
The web app primarily uses localStorage for access tokens and consent preferences; HTTP-only cookies for refresh tokens and CSRF protection. Essential cookies do not track across sites.
Third-party scripts
Google Maps/Places and Mapbox for maps; Stripe Checkout for payments; these may collect IP/device data under their own policies. Google Analytics and Firebase Analytics (mobile) are controlled by your consent choices.
Managing cookies & consent
Cookie banner: On your first visit, we present a cookie banner with granular controls to accept or reject analytics, diagnostics, and marketing cookies. Your choices are saved and synced across all your devices.
Profile settings: Change your consent preferences anytime in Profile → Privacy & Consents. Toggles take effect immediately. You can also withdraw all consents with one click.
Browser controls: You can clear/block cookies in your browser settings, though this may affect site functionality.
Do Not Track: We honor the Google Analytics opt-out browser plugin. Standard DNT signals are not yet acted upon due to lack of industry standards.
9) Where we store data & international transfers
Primary storage: PostgreSQL and S3-compatible object storage (AWS S3 and/or DigitalOcean Spaces). Regions: [confirm regions]. Vendors may process data outside the UK/EEA; we use appropriate safeguards (SCCs, UK Addendum, adequacy decisions). Contact [email protected] for details.
10) How long we keep data
Account & profile: While active. Deletion processed within 30 days of account deletion request.
Orders/payment records: Up to 6 years for tax and legal compliance.
Analytics data: Retained while you maintain analytics consent. If you withdraw consent or delete your account, analytics events are automatically deleted within 24 hours via automated cleanup jobs. You can also instantly delete all your analytics data using the self-service deletion feature in your profile.
Consent records: We maintain a complete audit trail of your consent choices (date, preferences, IP, user agent) for compliance purposes. When you update consent, previous records are superseded but archived for legal accountability.
Logs & diagnostics: Retained for reasonable security and debugging periods (typically 90 days), then aggregated or deleted. Diagnostic data deleted immediately if you withdraw diagnostics consent.
Push tokens: Expire/purge when inactive or device unregistered.
Media uploads: Retained until deleted by you or account removal. Media marked for deletion is purged by automated cleanup jobs.
Signed URLs: Temporary (typically 5 minutes for images, configurable), then expire automatically.
11) How we protect data
- Encryption in transit (HTTPS/TLS)
- S3/Spaces secured with signed URLs
- Hashed refresh tokens, rotation, CSRF protection
- Role-based admin access & audit logs
- Consent-based analytics (no tracking without explicit permission)
- Automated data deletion for withdrawn consents
No system is perfectly secure; we continuously improve controls and limit data collection. We follow privacy-by-design principles, defaulting to the most privacy-protective behavior.
12) How we share data
Shared only as needed: service providers (processors), finders (as you configure), business transfers, legal requirements. We do not sell personal data.
13) Your rights (UK & EU)
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access: Request a copy of your personal data we hold.
- Right to rectification: Correct inaccurate or incomplete data in your profile settings.
- Right to erasure ("right to be forgotten"): Request deletion of your data. You can delete your account and all associated data in privacy and consents settings. Analytics data is automatically deleted within 24 hours, or instantly via the "Delete My Analytics" button.
- Right to restrict processing: Limit how we use your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests, including marketing (opt-out links in emails and profile settings).
- Right to withdraw consent: Withdraw analytics, diagnostics, or marketing consent anytime in your profile. Changes take effect immediately across all platforms.
- Rights related to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.
How to exercise your rights: Most rights can be exercised directly in your profile settings (Privacy & Consents section). For other requests, contact [email protected]. We'll respond within one month.
Right to complain: You may lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local supervisory authority. We welcome the opportunity to resolve concerns directly first.
14) Children
Not intended for children under 16; contact us to remove any such data.
15) State/International notices (summary)
Non-UK/EU users may have local rights (e.g., US states). You may opt out of non-essential cookies and avoid optional analytics via our granular consent controls.
16) Changes to this Policy
We may update this Policy. Material changes will be notified via app/website or email where feasible. See the "Last updated" date above. Your continued use of PawTap after changes constitutes acceptance, but you can always review and update your consent preferences in your profile.
17) Contact
PawTap Limited
Email: [email protected]
Address: 23, Rustic Street, Aylesbury HP22 7DB, United Kingdom.
Company No.: [Add company number]
Report a privacy concern: [email protected]