← Back to Pawpy

Privacy Policy

Effective June 2, 2026

Overview

Pawpy ("we", "our", "the app") is a dog care tracking application operated by Ascent Labs. This policy explains what data Pawpy collects, why it is collected, who processes it, and how you control it.

Pawpy is structured around four data-collection purposes. You control each one independently from the in-app consent screen (Settings → Privacy on Android and iOS) or, on the web, from the consent banner shown on your first visit.

What We Collect

We group what we collect by the purpose it serves, not by the specific vendor. The current vendors that process each purpose are listed in our Subprocessors document, which we update whenever a vendor is added, swapped, or removed.

1. Analytics - anonymous usage data

Helps us understand which features matter to you. Includes anonymous device identifiers, screen visits, session length, app version, country, and named in-app interactions (for example: completing an onboarding step, adding a dog, logging a potty event, tapping a reminder, opening a widget). All interaction events are typed and bucketed; we do not send free-text fields (dog names, notes, photos) to the analytics provider. On the website, this is Google Analytics 4 (see Website Analytics below). On Android, this purpose is served by Firebase Analytics. On iOS, this purpose is not currently collected. Off by default; opt-in via the consent screen.

2. Crash reporting - diagnostic data

Helps us fix bugs faster. Includes anonymized device identifiers, OS version, app version, stack traces from crashes, and non-fatal errors the app catches itself (for example: a failed sync attempt, a token refresh that timed out, a deletion request that returned an HTTP error). Non-fatal reports never crash the app; they are diagnostic breadcrumbs only. On Android, this is Firebase Crashlytics. On iOS, this purpose is not currently collected. Off by default; opt-in via the consent screen.

3. Product telemetry - pet activity records

Sends a log of your pet's activity (potty events, sleep windows, food and water intake) to our own servers so we can debug the potty-training calculator and reminder system. Each event contains the calculator's inputs and outputs at a point in time, tagged with your account and dog identifiers. No names, notes, photos, or free-text content are included. This data is not shared with third parties beyond our hosting provider. Pre-selected on the first-run consent screen; you can opt out before tapping Accept, or change your choice anytime in Settings > Privacy & data.

4. Marketing - re-engagement push notifications

Lets us send occasional product reminders if you stop using the app for a while (for example: a nudge after seven days of inactivity, or a tip if you have not yet added a dog). These would be separate from the transactional reminders you set up yourself (potty alarms, leap notifications, time-away check-ins), which are always on regardless of this purpose. Any marketing push would be delivered via Firebase Cloud Messaging.

What would get sent. Your anonymous Firebase device token, the audience signal that triggered the push (for example "no_first_log_24h"), and the campaign identifier. No dog data, notes, photos, or free-text content would be sent.

Frequency caps. If we send marketing pushes, we self-limit to at most three per device per week across all campaigns. Activation reminders would cap at two per week for the first two weeks after signup; retention reminders at one per week thereafter.

Your control. Off by default; opt-in via Settings → Privacy & data. When you turn it off we delete the dedicated re-engagement notification channel from your device, so any future marketing push could no longer surface, and we would drop any audience membership signal tied to your device. Transactional reminders are unaffected.

Account and core service data

Independent of the four purposes above, Pawpy collects the information necessary to operate the service itself: your name, email, and profile photo from Google or Apple Sign-In; the dog profiles, activity logs, and notes you create; push notification tokens used to deliver reminders; and authentication tokens stored securely on your device. This data is required for the app to function and is processed under contract, not consent.

Website Analytics

Our website at pawpy.app uses Google Analytics 4 to measure how visitors interact with the site, which pages are read, how quickly they load, and where traffic comes from. We use this to decide what to build next.

What gets collected. A random identifier stored in your browser (_cid, in localStorage), a per-tab session identifier (_sid, in sessionStorage), the URL and title of the page you visit, and standard Core Web Vitals metrics. No name, email, or account data is sent to Google.

Lawful basis. Consent, given or withheld via the banner shown on your first visit. You can change your decision at any time using the control at the top of this section.

Lawful Basis

For the four purpose-based data flows above, our lawful basis is your consent under GDPR Article 6(1)(a). Each purpose is opt-in via the in-app consent screen (mobile) or the consent banner (web). All toggles default to off. You can withdraw consent at any time from Settings → Privacy on mobile, or by reopening the website consent control above.

Withdrawal stops further collection for that purpose. For the product telemetry purpose, withdrawal also drops any pending events queued on your device that have not yet been uploaded.

Consent audit log. Each time you grant or withdraw a purpose, the app sends a small record to our server (your account identifier, the purpose name, the new state, the policy version, and the timestamp) so we can demonstrate compliance with GDPR Article 7(1). The log contains no event data. We retain entries for as long as your account exists; when you delete your account, the identifier in the audit log is anonymized so the audit shape survives without identifying you.

For account and core service data, our lawful basis is performance of a contract under GDPR Article 6(1)(b): we cannot run the app for you without it. Deleting your account is the way to stop this processing.

Subprocessors

The current list of third-party vendors that process data on our behalf is at pawpy.app/subprocessors. That document lists each vendor's purpose, data categories, jurisdiction, and data processing agreement. We update it whenever the list of vendors changes.

Pawpy+ subscriptions (RevenueCat)

Pawpy+ subscription state is managed by RevenueCat, Inc. across Google Play and the App Store. Data shared: a pseudonymous user identifier, device IDs, country, language, and purchase events. RevenueCat receives this data only when you interact with paid features (subscribe, restore, or view your subscription). See the RevenueCat privacy policy.

For data-subject requests (deletion, access) targeting subscription purchase data processed by RevenueCat, email ascentlabs.dev@gmail.com; we forward to RevenueCat via their deletion API.

Data Sharing Within Packs

Pawpy is designed for shared care. When you join a pack, all members of that pack can see dog profiles, activity logs, reminders, and statistics for dogs in the pack. Only pack administrators can invite or remove members. This is sharing between you and the people you invite, not third-party sharing.

Your Rights

Under GDPR and equivalent laws, you have the right to:

  • Access a copy of all data we hold about you. Email ascentlabs.dev@gmail.com and we will reply within 30 days.
  • Delete your account and all associated data from Settings → Account → Delete Account in the app, or from the web at pawpy.app/delete-account.
  • Withdraw consent for any purpose at any time from Settings → Privacy (mobile) or the website consent control.
  • Object to processing, restrict processing, or request portability of your data. Email us at the address above.
  • Lodge a complaint with your local data protection authority if you believe we have mishandled your data.

Account deletion details

Grace period. Your account is permanently deleted seven days after you request deletion. Signing in to Pawpy on any device before then cancels the request automatically.

What gets deleted. Your profile (name, email, avatar), solo packs you own with their dogs and activities, push tokens, all feedback you have submitted, and all telemetry events tied to your account.

What may be retained. Activities and reminders you logged in packs you share with other people are kept for those people, with your name removed and replaced by "Deleted Account". This anonymized historical data is no longer associated with you and is retained so the surviving caregivers do not lose their record of your shared dog's care.

Pawpy+ subscription. If you have a Pawpy+ subscription, you must cancel it separately in the App Store or Play Store. Deleting your Pawpy account does not cancel your subscription.

Sign-in identity. Account deletion only affects the account you signed in with. If you have used both Google and Apple sign-in (or "Hide my Email" with Apple) you may have separate accounts; each must be deleted individually.

If you cannot reach the in-app or web flows, email us at ascentlabs.dev@gmail.com and we will delete your account manually within 30 days.

Retention

  • Product telemetry: 14 days, then deleted automatically by a nightly cron job on our backend.
  • Analytics and crash reporting: per the retention period of the providers listed in Subprocessors. Currently up to 14 months for analytics and 90 days for crash reports.
  • Account data: retained for as long as your account is active, then removed per the account-deletion section above.
  • Consent audit log: retained while your account is active; on account deletion, the identifier is anonymized so the audit shape persists without identifying you.
  • Local device cache: activity data is also cached on your device for offline access. Uninstalling the app clears it.

Data Storage and Security

Your account data and product telemetry are stored on our backend, hosted by Hetzner Online GmbH in Helsinki, Finland (EU). All communication between the app and our servers is encrypted using TLS. Authentication tokens are stored securely on your device using platform-provided encrypted storage.

International transfers to subprocessors located outside the EU/EEA (where applicable) are covered by the Standard Contractual Clauses listed in our Subprocessors document.

Children's Privacy

Pawpy is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will remove it.

Changes to This Policy

We may update this privacy policy from time to time. Material changes (a new purpose, a new data category, or a new lawful basis) will be communicated in-app before they take effect. Non-material changes (a new vendor inside an already-disclosed purpose, or a clarification) are reflected by bumping the effective date at the top of this page and updating the Subprocessors document.

Contact

For data subject requests or privacy questions, contact us at ascentlabs.dev@gmail.com.