Privacy Policy
Last updated: 1 January 2024 ยท Effective: 1 January 2024
๐ PetSage is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR). This policy explains what data we collect, why, and your rights.
1. Who we are
PetSage ("we", "us", "our") operates the website petsage.click and provides an AI-powered pet care advisory service. We are registered in England and Wales.
For data protection enquiries, contact us at: [email protected]
2. What data we collect
Account data
- Username (chosen by you โ not your real name)
- Email address
- Password (stored as a secure bcrypt hash โ we never store your plain-text password)
- Account creation date
- Email verification status
Pet profile data
- Pet name, species, breed, date of birth, weight, gender, neutering status
- Dietary preferences, allergies, and owner notes
- Pet photo (optional, uploaded by you)
AI chat data
- Messages you send and AI responses, stored to provide chat history
Payment data
- Subscription/plan details, invoice records, Stripe session IDs. We do not store card numbers โ all payments are processed by Stripe (PCI-DSS compliant).
Technical data
- IP address (for security and rate limiting)
- Browser type, device type (collected by analytics cookies, only with your consent)
- Session tokens
3. Legal basis for processing
We process your data on the following legal grounds under UK/EU GDPR:
- Contract performance (Art. 6(1)(b)): To provide the PetSage service, manage your account, and fulfil your subscription.
- Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, improving our service.
- Consent (Art. 6(1)(a)): Analytics cookies and marketing emails (where you opt in).
- Legal obligation (Art. 6(1)(c)): Financial record-keeping required by law.
4. How we use your data
- To operate and personalise the PetSage AI service
- To send transactional emails (account verification, password reset, billing receipts)
- To manage your subscription and billing via Stripe
- To prevent fraud and abuse
- To send marketing updates (only if you explicitly opted in โ you can opt out at any time)
- To comply with legal obligations
5. Data sharing and third parties
We share your data with trusted third parties only where necessary:
- Stripe: Payment processing. Your email may be shared with Stripe for billing. Stripe's privacy policy: stripe.com/privacy
- OpenAI: AI chat processing. Your messages and pet profile are sent to OpenAI's API to generate responses. Data is processed under OpenAI's API terms. We do not use it for training. OpenAI's privacy policy: openai.com/privacy
- Zoho Mail: Transactional email delivery.
- Web hosting provider: Our server infrastructure.
We do not sell your data to advertisers or any third party. PetSage does not serve advertisements.
6. International data transfers
Some of our third-party processors (OpenAI, Stripe) are based in the United States. We ensure such transfers comply with UK/EU GDPR through standard contractual clauses (SCCs) or adequacy decisions.
7. Data retention
- Account data: Retained while your account is active and for 30 days after deletion (to allow for appeals).
- Chat messages: Retained for 12 months, then deleted automatically.
- Billing records: Retained for 7 years as required by UK financial law.
- Pet photos: Deleted when you delete the pet profile or your account.
8. Your rights under UK/EU GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you.
- Right to rectification: Correct inaccurate data.
- Right to erasure ("right to be forgotten"): Request deletion of your account and personal data.
- Right to restriction: Ask us to limit how we process your data.
- Right to data portability: Receive your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests or for marketing.
- Rights related to automated decision-making: We do not make automated decisions that produce legal or similarly significant effects.
To exercise any of these rights, email [email protected]. We will respond within 30 days. You may also use the data export and deletion features in your account settings.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with:
- UK: The Information Commissioner's Office (ICO) โ ico.org.uk
- EU: Your national data protection authority.
9. Cookies
We use essential cookies (required for the service to function) and, with your consent, analytics cookies. See our Cookie Policy for full details.
10. Security
We implement appropriate technical and organisational measures to protect your data, including bcrypt password hashing, HTTPS encryption, prepared SQL statements to prevent injection, and regular security reviews. However, no system is completely secure โ please use a strong, unique password.
11. Children
PetSage is not directed at children under 13. Users in the EU/UK must be at least 16 to create an account without parental consent (or the minimum age set by national law). If you believe a child has created an account without consent, contact us at [email protected] and we will delete it promptly.
12. Changes to this policy
We may update this policy from time to time. We'll notify you of significant changes by email or by a notice in your dashboard at least 30 days before they take effect. Continued use of PetSage after changes constitutes acceptance.
13. Contact
For any privacy enquiries: [email protected]
General support: [email protected]