PetTag
← Back to home

Privacy Policy

Last updated: 26 May 2025

Your privacy matters. This policy explains what data we collect, why, who we share it with, and your rights. We've tried to write it in plain English.

In short: we collect only what we need to run the service, we don't sell your data, and you can ask for a copy or delete your account at any time.

1. Who we are (the data controller)

PetTag (Arthur Both) is the data controller for personal data collected through this site. You can contact us at:

Flat 3, 5 Woodfield Road, London, W9 2BA
support@pet-tag.app

2. What data we collect

We collect the following data:

From you, when you sign up:

  • Your email address
  • A password (stored securely, hashed — we can't see it)
  • Optional: your full name and phone number

From you, when you add a pet:

  • The pet's name, breed and similar details
  • An optional photo
  • Medical notes, behaviour notes (you decide what to add)
  • Privacy preferences (whether your phone/email show on the public page)

From you, when you buy a tag:

  • Billing email
  • Shipping address (so we can post the tag to you)
  • Payment is processed by Stripe — we never see or store your card details

Automatically, when someone scans a tag:

  • The time and date of the scan
  • The user-agent of the scanning device (basic browser info)
  • We do not store the finder's precise location, IP address, or identity

From finders, when they message you:

  • The message text they write
  • The contact details they choose to share (email or phone)

3. Why we use it (legal basis)

Under UK GDPR, we need a legal basis for using your data. Here's ours:

Performance of a contract:

To run your account, host your pet's profile, deliver tags you've ordered, and process payments. Without this data, we can't provide the service you signed up for.

Legitimate interest:

To improve the service, prevent abuse, fix bugs, and contact you with important service updates (e.g. if there's a security issue with your account). We've balanced this against your privacy rights.

Legal obligation:

To comply with tax, accounting, fraud-prevention, and similar legal requirements.

Consent:

For optional things like marketing emails, if we ever offer them — you'd need to opt in first and can opt out any time.

4. Who we share it with

We don't sell your data. We only share it with services we use to run PetTag:

  • Supabase — our database and authentication provider (data stored in the EU)
  • Vercel — hosts our website (data may be processed globally for performance)
  • Stripe — processes your payments. They have their own privacy policy: stripe.com/privacy
  • Resend — sends transactional emails (order confirmations, finder messages, etc.)
  • Cloudflare — provides our domain and email routing

Each of these providers is contractually required to protect your data. We use them because they're reliable and respect privacy laws.

We may also share data if legally required (court order, fraud investigation, etc.). We'll resist disclosure requests that aren't legally valid.

5. What's public, and what's not

The whole point of a pet tag is for finders to see your pet's profile when they scan. So your pet's public profile is public by design. Anyone who scans the QR code, or visits the tag URL, can see what you've chosen to display.

By default, your public profile shows:

  • Your pet's name, breed, photo
  • Medical and behaviour notes you wrote
  • A message form to contact you (but not your email or phone)

You can enable "reveal phone" or "reveal email" from your pet's edit page if you want finders to see your direct contact info. Otherwise, finders message you through a form, and we email you. Your details stay private unless you choose to share them.

Your account email is never shown publicly.

6. How long we keep it

  • Account data — for as long as you have an account. Delete your account and we delete it.
  • Pet data — same as your account, plus any photos you upload.
  • Order data — kept for 6 years to comply with UK tax and accounting rules.
  • Scan event metadata — kept for as long as the associated tag is active.
  • Server logs — typically kept for 30 days for security and debugging.

7. Your rights

Under UK GDPR you have the right to:

  • Access — ask for a copy of the data we hold about you
  • Rectification — ask us to correct mistakes
  • Deletion — ask us to delete your data (and you can do this yourself from your account settings)
  • Restriction — ask us to limit how we use it
  • Portability — ask for a copy in a portable format
  • Object — object to certain types of processing
  • Complain— complain to the Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email support@pet-tag.app. We'll respond within 30 days.

8. Cookies and analytics

We use only essential cookies needed to keep you logged in and the site working (session cookies, CSRF protection). We don't use tracking cookies or third-party advertising cookies.

If we add analytics in future, we'll update this policy and ask for your consent first if required.

9. International transfers

Some of our service providers may process data outside the UK and EU (e.g. Vercel uses servers globally). When data goes outside the UK/EU, we rely on protections like the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

10. Children

PetTag is not aimed at children under 18. We don't knowingly collect data from children. If you believe a child has signed up, please email us and we'll delete the account.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top shows when. For significant changes, we'll email account holders.

12. Contact

Questions, concerns, or requests about your data? Email support@pet-tag.app.