Privacy Policy

Pawpy ("we", "our", "the app") is a dog care tracking application operated by Ascent Labs. This policy explains what data Pawpy collects, why it is collected, who processes it, and how you control it.

Pawpy is structured around four data-collection purposes. You control each one independently from the in-app consent screen (Settings → Privacy on Android and iOS) or, on the web, from the consent banner shown on your first visit.

We group what we collect by the purpose it serves, not by the specific vendor. The current vendors that process each purpose are listed in our Subprocessors document, which we update whenever a vendor is added, swapped, or removed.

1. Analytics - anonymous usage data

Helps us understand which features matter to you. Includes anonymous device identifiers, screen visits, session length, app version, and country. On the website, this is Google Analytics 4 (see Website Analytics below). On Android, this purpose is served by Firebase Analytics. On iOS, this purpose is not currently collected. Off by default; opt-in via the consent screen.

2. Crash reporting - diagnostic data

Helps us fix bugs faster. Includes anonymized device identifiers, OS version, app version, and stack traces from crashes. On Android, this is Firebase Crashlytics. On iOS, this purpose is not currently collected. Off by default; opt-in via the consent screen.

3. Product telemetry - pet activity records

Sends a log of your pet's activity (potty events, sleep windows, food and water intake) to our own servers so we can debug the potty-training calculator and reminder system. Each event contains the calculator's inputs and outputs at a point in time, tagged with your account and dog identifiers. No names, notes, photos, or free-text content are included. This data is not shared with third parties beyond our hosting provider. Pre-selected on the first-run consent screen; you can opt out before tapping Accept, or change your choice anytime in Settings > Privacy & data.

4. Marketing (reserved)

We do not currently use marketing data. This purpose is listed here for transparency: if we ever add marketing data collection, we will update this policy and ask for your consent before collecting any. The consent screen will not show a marketing toggle until that happens.

Account and core service data

Independent of the four purposes above, Pawpy collects the information necessary to operate the service itself: your name, email, and profile photo from Google or Apple Sign-In; the dog profiles, activity logs, and notes you create; push notification tokens used to deliver reminders; and authentication tokens stored securely on your device. This data is required for the app to function and is processed under contract, not consent.

Our website at pawpy.app uses Google Analytics 4 to measure how visitors interact with the site, which pages are read, how quickly they load, and where traffic comes from. We use this to decide what to build next.

What gets collected. A random identifier stored in your browser (_cid, in localStorage), a per-tab session identifier (_sid, in sessionStorage), the URL and title of the page you visit, and standard Core Web Vitals metrics. No name, email, or account data is sent to Google.

Lawful basis. Consent, given or withheld via the banner shown on your first visit. You can change your decision at any time using the control at the top of this section.

For the four purpose-based data flows above, our lawful basis is your consent under GDPR Article 6(1)(a). Each purpose is opt-in via the in-app consent screen (mobile) or the consent banner (web). All toggles default to off. You can withdraw consent at any time from Settings → Privacy on mobile, or by reopening the website consent control above.

Withdrawal stops further collection for that purpose. For the product telemetry purpose, withdrawal also drops any pending events queued on your device that have not yet been uploaded.

For account and core service data, our lawful basis is performance of a contract under GDPR Article 6(1)(b): we cannot run the app for you without it. Deleting your account is the way to stop this processing.

The current list of third-party vendors that process data on our behalf is at pawpy.app/subprocessors. That document lists each vendor's purpose, data categories, jurisdiction, and data processing agreement. We update it whenever the list of vendors changes.

Pawpy is designed for shared care. When you join a pack, all members of that pack can see dog profiles, activity logs, reminders, and statistics for dogs in the pack. Only pack administrators can invite or remove members. This is sharing between you and the people you invite, not third-party sharing.

Under GDPR and equivalent laws, you have the right to:

• Access a copy of all data we hold about you. Email ascentlabs.dev@gmail.com and we will reply within 30 days.
• Delete your account and all associated data from Settings → Account → Delete Account in the app, or from the web at pawpy.app/delete-account.
• Withdraw consent for any purpose at any time from Settings → Privacy (mobile) or the website consent control.
• Object to processing, restrict processing, or request portability of your data. Email us at the address above.
• Lodge a complaint with your local data protection authority if you believe we have mishandled your data.

Account deletion details

Grace period. Your account is permanently deleted seven days after you request deletion. Signing in to Pawpy on any device before then cancels the request automatically.

What gets deleted. Your profile (name, email, avatar), solo packs you own with their dogs and activities, push tokens, all feedback you have submitted, and all telemetry events tied to your account.

What may be retained. Activities and reminders you logged in packs you share with other people are kept for those people, with your name removed and replaced by "Deleted Account". This anonymized historical data is no longer associated with you and is retained so the surviving caregivers do not lose their record of your shared dog's care.

Pawpy+ subscription. If you have a Pawpy+ subscription, you must cancel it separately in the App Store or Play Store. Deleting your Pawpy account does not cancel your subscription.

Sign-in identity. Account deletion only affects the account you signed in with. If you have used both Google and Apple sign-in (or "Hide my Email" with Apple) you may have separate accounts; each must be deleted individually.

If you cannot reach the in-app or web flows, email us at ascentlabs.dev@gmail.com and we will delete your account manually within 30 days.

• Product telemetry: 14 days, then deleted automatically by a nightly cron job on our backend.
• Analytics and crash reporting: per the retention period of the providers listed in Subprocessors. Currently up to 14 months for analytics and 90 days for crash reports.
• Account data: retained for as long as your account is active, then removed per the account-deletion section above.
• Local device cache: activity data is also cached on your device for offline access. Uninstalling the app clears it.

Your account data and product telemetry are stored on our backend, hosted by Hetzner Online GmbH in Helsinki, Finland (EU). All communication between the app and our servers is encrypted using TLS. Authentication tokens are stored securely on your device using platform-provided encrypted storage.

International transfers to subprocessors located outside the EU/EEA (where applicable) are covered by the Standard Contractual Clauses listed in our Subprocessors document.

Pawpy is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will remove it.

We may update this privacy policy from time to time. Material changes (a new purpose, a new data category, or a new lawful basis) will be communicated in-app before they take effect. Non-material changes (a new vendor inside an already-disclosed purpose, or a clarification) are reflected by bumping the effective date at the top of this page and updating the Subprocessors document.

For data subject requests or privacy questions, contact us at ascentlabs.dev@gmail.com.