Privacy Policy

1. Introduction

PawGroom (“we”, “our”, or “us”) is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using PawGroom, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please discontinue use immediately.

2. Information We Collect

2.1 Information You Provide

• Account data: Name, email address, and password when you register
• Profile data: Optional information you add to your profile
• Communications: Messages you send us via support

2.2 Information Automatically Collected

• Log data: IP address, browser type, pages visited, and access times
• Device data: Device identifiers and operating system
• Usage data: How you interact with our service

2.3 Information from Our Mobile App

When you use the PawGroom iOS or Android app:

• Push notification tokens: An anonymous device token issued by Apple Push Notification service or Firebase Cloud Messaging, used solely to deliver alerts you have opted in to receive. Tokens are deleted when you uninstall the app or delete your account.
• App version & platform: Reported with your device token to help us roll out updates and diagnose issues.

We do not collect advertising identifiers (IDFA), location data, contacts, photos, or any data for tracking purposes across other apps or websites.

2A. Third-Party Services

The following third parties process your data on our behalf, under data processing agreements:

• Stripe, Inc. — payment processing for subscription billing (web only). See Stripe's privacy policy.
• Apple Inc., Google LLC, GitHub Inc. — optional sign-in providers. We receive only your name, email, and a stable user ID. We never receive your password.
• Apple Push Notification service / Firebase Cloud Messaging — push notification delivery to your device.
• Vercel Inc. — application hosting and content delivery.
• Email provider (Resend or SMTP) — transactional email delivery (verification, password resets, alerts).

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account
• Provide, operate, and maintain our service
• Send transactional emails (account verification, password resets)
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with legal obligations
• Analyze usage to improve our service

We do not sell your personal information to third parties.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract performance: To provide the services you requested
• Legitimate interests: Security, fraud prevention, and service improvement
• Legal obligation: To comply with applicable laws
• Consent: For optional marketing communications (you may withdraw at any time)

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Account data is deleted within 30 days of account deletion requests. Audit logs and security records may be retained for up to 2 years as required by law and for fraud prevention.

6. Data Sharing

We may share your data with:

• Service providers: Hosting, email delivery, and analytics providers under data processing agreements
• Legal requirements: When required by law, court order, or government authority
• Business transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights

Depending on your location, you may have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data (“right to be forgotten”)
• Portability — receive your data in a machine-readable format
• Object — object to certain processing activities
• Restriction — request we restrict processing of your data
• Withdraw consent — withdraw consent at any time where we rely on it

To exercise these rights, contact us at stizzyraxx@gmail.com . We will respond within 30 days. You can also delete your account directly from within the app: Settings → Security → Danger zone → Delete my account.

8. Security

We implement industry-standard security measures including encryption in transit (TLS), password hashing (bcrypt), rate limiting, audit logging, and access controls. However, no method of transmission over the Internet is 100% secure. We encourage you to use a strong, unique password.

9. Cookies

We use strictly necessary session cookies to maintain your authentication state. We do not use tracking or advertising cookies. You may disable cookies in your browser, but this will prevent you from logging in.

10. Children's Privacy

Our service is not directed to individuals under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately.

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or a prominent notice on our website at least 30 days before they take effect. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related inquiries: