โ† Home
๐Ÿ”’ Your privacy matters

Privacy Policy

Last updated: May 2026

๐Ÿพ

At PawPact, your identity is always protected. We never sell your data. Your name is never stored alongside your pet's data. Anonymity isn't a feature โ€” it's the foundation.

What we collect (owners)

When you create an owner account: your email address (for authentication only, never displayed in the community) and a PAW-ID. When you use PawPact: pet health symptoms and observations you post, your pet's name and photo (if you choose to add one), your pet's profile (species, breed, age, size, weight, sex, health conditions, medications, allergies โ€” all optional except species), vaccinations / weight logs / photos / vet visits / caregiver hires you add, your ZIP code (optional, used for local service matching), PAW UP reactions and community replies you submit, direct messages you send (including any pet photos attached), and the date/time of each entry. If you grant push notification permission on iOS or Android, we also store an anonymized device push token so we can deliver booking, payment, payout, and reminder notifications.

What we collect (caregivers & vets)

If you sign up as a caregiver or vet: your real display name, bio, photo (optional), services, hourly rate, ZIP / service area, weekly availability, and โ€” for caregivers using payouts โ€” a Stripe Connect account (Stripe holds your tax identification, bank info, and identity verification โ€” PawPact never sees or stores this directly). We also store completed job counts and paw ratings that owners leave about your service.

What we do NOT collect

For owners: we never collect your real name, phone number, physical address, government ID, or financial information. We do not collect human health data of any kind. We do not track you across other websites or apps. For everyone: we do not sell your data to advertisers.

How we use your data

To show community patterns relevant to pets like yours. To power the PAW UP feature. To match your pet's ZIP code with nearby caregivers and services. To process bookings, fundraiser donations, and payouts through Stripe (Stripe sends its own donation/payment receipts directly to the email you used at checkout). To allow you to optionally share your pet's profile with a connected veterinarian through the Care Thread. To send you account-related emails (auth, password reset, booking confirmations) through our email partner Resend, and โ€” only if you opt in โ€” occasional broadcasts from the team.

Who sees your pet's data

Your pet's name and photo are visible to the community (your real identity is never attached). Symptoms and PAW UP counts are shown under your anonymous PAW-ID. Medications and conditions are private โ€” only visible to you and any vet you explicitly connect with via the Care Thread (vet access is OPT-IN per pet; you can revoke it at any time from your pet profile). DMs (including pet photos attached) are visible only to the recipient. Caregivers you hire see only the pet details you share with them for the job. We never sell your data to advertisers or third parties.

Third-party processors

We use Supabase (PostgreSQL + auth) for data storage, Vercel for hosting, Resend for transactional email, and Stripe Connect for payments and payouts. Each processes only the minimum data needed for its role and is bound by its own privacy policy. All are SOC 2 compliant.

Data storage and security

All data is stored in Supabase with row-level security (RLS) policies โ€” every table enforces that you can only read/write your own data. Data is encrypted at rest and in transit (TLS). We apply the minimum-necessary-access principle to all internal systems.

Data retention

We keep your data only as long as your account is active, unless we're required to keep it longer for legal, tax, or fraud-prevention reasons. On account deletion, your active records (profile, posts, PAW UPs, replies, messages, pet profile, journal, bookings history where regulation allows) are permanently removed within 30 days. Aggregated, de-identified analytics that cannot be linked back to you may be retained. Stripe retains certain payment records independently, per its own policies. Server logs are kept up to 90 days for security and debugging.

Your rights

You can view and edit most of your data directly in the app (pet profile, journal, messages, bookings). You can delete your account and all associated data from Settings โ†’ Delete Account โ€” this is permanent and irreversible. You can disconnect from a veterinarian at any time. If you live in California, the EEA, the UK, or another region with data-privacy laws (CCPA, GDPR, etc.), you also have the right to access, correct, port, and restrict processing of your personal data, and to file a complaint with your local data protection authority. Email contact@pawpact.app to exercise these rights โ€” we respond within 30 days. Caregivers with pending bookings must complete or formally cancel them before deletion.

How to delete your account

Open the app โ†’ Settings โ†’ scroll to the bottom โ†’ Delete Account โ†’ confirm. No email to us is required. After you confirm, your data is queued for permanent removal within 30 days. If you signed up with Apple/Google sign-in, also remove the authorization in your Apple or Google account settings.

Push notifications

PawPact uses push notifications for time-sensitive booking events only โ€” new requests, accept/decline, payment confirmations, 24-hour and 2-hour pre-booking reminders, job completion, payouts, tips, and cancellations. Push tokens are stored in our database keyed to your user ID and rotated whenever your device's OS issues a new one. We never include sensitive content (full medical history, message body, payment card numbers) in the notification payload itself โ€” only short reference strings (e.g. pet name + service + time). You can revoke push permission from your device settings (Settings โ†’ PawPact โ†’ Notifications on iOS; App info โ†’ Notifications on Android) at any time. Revoking the OS permission stops delivery; deleting your account also deletes the stored tokens.

Children's privacy

PawPact is for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe someone under 18 has created an account or submitted data, contact us at contact@pawpact.app and we will delete it promptly.

Geographic scope

PawPact is currently available only to residents of the United States, and all financial transactions (bookings, donations, tips, payouts) are processed in US dollars (USD) only.

International transfers

Our servers are operated through Supabase and Vercel (both primarily in the United States). If you access PawPact from outside the US, your data will be transferred to and processed in the US. By using PawPact you consent to this transfer.

Apple App Store & Google Play disclosures

Per Apple's App Privacy nutrition labels and Google Play's Data Safety form, the only categories of data PawPact links to your identity are: email address (for authentication), user-generated pet content (profile, symptoms, photos), device push token (if you opted into notifications), and Stripe Connect account info (only for users receiving payouts โ€” Stripe is the data controller here, not PawPact). We do not use any data for advertising tracking, do not share data with data brokers, and do not collect human health data. Apple's IDFA and Google's advertising ID are not requested or used.

Changes to this policy

We may update this policy. We'll notify you of material changes via email or in-app notice. Continued use after changes means you accept the updated policy.

Contact

Privacy questions or to exercise any rights above? Email contact@pawpact.app. General support: support@pawpact.app. We aim to respond within 5 business days, always within 30 days for formal rights requests.