Privacy Policy
Effective date: May 2, 2026 | Last updated: May 2, 2026
PetTally is built to help pet owners track and share their pet's health history. Your data — and your pet's data — belongs to you. We collect only what's needed to run the app, never sell it, and give you full control including the ability to delete everything permanently.
1. Who We Are
PetTally ("we", "us", "our") is operated by Albert Kyei-Mensah, based in the United States, reachable at [email protected]. Our website is mypettally.com.
2. What Data We Collect
2a. Account Information
- Email address (used to create and identify your account)
- Password (hashed and stored securely — we never see it in plain text)
2b. Pet Profile Data
- Pet name, species, breed, date of birth, sex, weight
- Lifestyle preferences and personality tags (entered during onboarding)
- Profile photo (optional)
2c. Health Records
- Vet visit notes, symptoms, surgeries, diagnoses
- Medication names, doses, schedules, and dose logs
- Vaccine records and due dates
- Weight logs over time
- Documents and photos uploaded to the Document Vault (stored as files)
- Daily check-in wellness scores
2d. Family Access Data
- Email addresses of caregivers or family members you invite
- Role and permission settings you configure
2e. Device and Usage Data
- Push notification token (to deliver reminders to your device)
- Basic usage events (e.g. feature used, screen viewed) via PostHog analytics — anonymised
- Device type and OS version (for crash reporting and compatibility)
2f. Location (Weather Feature)
With your permission, the app reads your approximate location to fetch local weather conditions via Open-Meteo. Location data is sent directly to Open-Meteo's servers for the weather lookup only — we do not store your location on our servers.
2g. Scanned Documents (OCR)
When you use the in-app scanner to capture vet records, OCR (text recognition) runs entirely on your device using Google ML Kit. No image or document content is sent to our servers during scanning.
3. How We Use Your Data
- To provide core app functionality (health records, reminders, care score)
- To generate your Pet Passport QR code and allow vets to view it securely
- To send push reminders (vaccine due dates, vet checkups, medication schedules)
- To generate AI health insights (Premium feature — your pet's health data is sent server-side to Google Gemini; it is not used to train Gemini models under our API agreement)
- To process subscription payments via RevenueCat
- To analyse anonymous usage patterns so we can improve the app
- To send transactional emails (account confirmation, password reset)
We do not track you across other companies' apps or websites. PetTally does not use your data for advertising, cross-app tracking, or any purpose unrelated to providing the service to you. Our analytics (PostHog) are first-party only — we do not share usage data with ad networks or data brokers.
4. Third-Party Services
| Service | Purpose | Data shared | Location |
|---|
| Supabase | Database, auth, file storage | All app data | US (AWS us-west-2, Oregon) |
| Expo / EAS | App builds and push notifications | Push token | US |
| RevenueCat | Subscription management | User ID, purchase events | US |
| PostHog | Anonymous usage analytics | Anonymised events | US / EU |
| Google Gemini | AI health insights (Premium) | Pet health summary | US |
| Open-Meteo | Local weather | Approximate location | EU (Germany) |
| Cloudflare | Pet Passport web page | Passport token, pet data | Global CDN |
We do not sell your data to any third party. We do not use your data for advertising.
5. Pet Passport & QR Sharing
When you generate a Pet Passport QR code, a time-limited secure link is created. Anyone who scans the QR code can view your pet's vaccination records, active medications, and (optionally) your email address if you choose to share it. You control:
- When the link expires (from 1 hour to 7 days)
- Whether your email address is shown to the vet (off by default)
The QR link automatically expires after the chosen period. You can regenerate a new one at any time.
6. Data Retention
We keep your data for as long as your account is active. If you delete your account through the app, all data — including pet profiles, health records, documents, and files — is permanently and immediately deleted from our servers. This action is irreversible.
7. Your Rights
Depending on where you live, you may have the following rights:
- Access: Request a copy of your data (use the "Download My Records" feature in the app)
- Correction: Edit your pet's profile or health records at any time within the app
- Deletion: Delete your account and all associated data permanently via Settings → Delete Account
- Portability: Export your records in a readable format using the Download My Records feature
- Opt-out of analytics: Contact us to opt out of PostHog usage tracking
To exercise any right or make a privacy request, email [email protected].
8. EU & UK Users — GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data.
Legal Basis for Processing
- Contract performance: We process your account information and pet health records to provide the service you signed up for.
- Legitimate interests: We process anonymised usage analytics and security logs to improve the app and protect against abuse.
- Consent: We access your approximate location only with your explicit permission, which you can withdraw at any time in your device settings.
- Legal obligation: We may process data where required by applicable law.
Additional Rights for EEA / UK Users
In addition to the rights listed in Section 7, you have the right to:
- Object to processing based on legitimate interests — contact us and we will assess your request
- Restrict processing in certain circumstances (e.g. while a dispute is resolved)
- Lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national supervisory authority in the EU)
International Data Transfers
Some of our third-party providers (listed in Section 4) are based in the United States. When data is transferred outside the EEA or UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) adopted by the European Commission, or the UK International Data Transfer Agreement where applicable. Supabase, our primary data processor, is certified under applicable frameworks and provides SCCs.
9. Children's Privacy
PetTally is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
10. Security
We take security seriously. Measures include:
- All data in transit is encrypted via HTTPS/TLS
- Passwords are hashed using bcrypt — never stored in plain text
- Authentication tokens are stored in encrypted device storage (not plain AsyncStorage)
- File uploads are validated for file type and content before being stored
- Row-level security policies on the database ensure users can only access their own data
- Edge Functions are rate-limited to prevent abuse
No system is 100% secure. If you discover a security issue, please report it to [email protected] before disclosing it publicly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you via in-app notice or email. Continued use of the app after changes take effect constitutes your acceptance of the updated policy.
12. Contact
Questions about this Privacy Policy? Reach us at: