Summary of Key Points
Before you read the full policy, here are the most important things to know:
| Topic | What we do |
|---|---|
| Lost & Found reports | Your contact email and phone number are published publicly on any lost or found report you create β so that finders or owners can reach you. You can close or resolve a report at any time to remove it from public view. |
| Booking a clinic | When you book an appointment and a clinic accepts it, your contact details and the relevant pet's profile and health records are shared with that clinic. |
| Google Maps | PetMaps and Find-a-Vet use Google Maps, which may set its own cookies and receives your IP address and map interactions. Your device location is only sent to Google if you grant browser permission on the Find-a-Vet page. |
| Where your data is stored | All Connect-a-Pet data is stored in the European Union (Sweden, AWS eu-north-1). |
| Ads, analytics, data sales | We run none. No advertising, no analytics trackers, no sale of your data β ever. |
Our Cookie Policy explains the cookies and technologies we use.
1. Who We Are
Connect-a-Pet is operated by:
[LEGAL ENTITY NAME + legal form] [REGISTERED ADDRESS] [SIREN/SIRET: β if applicable]
(We'll refer to ourselves as "Connect-a-Pet", "we", "us", or "our" throughout this policy.)
We act as the data controller for all personal data processed through https://www.connect-a-pet.com.
Data Protection Officer: We have not appointed a DPO at this time. [If you appoint one, add: Our DPO is [NAME], reachable at [DPO EMAIL].]
Privacy contact: [CONTACT EMAIL for privacy requests]
2. What Data We Collect and Why
Connect-a-Pet is a free platform β there are no subscriptions and we collect no payment information.
2.1 Account and Profile Data
When you register and set up your account, you provide:
- Email address and password β used to identify you and keep your account secure. Passwords are managed by our authentication provider (Supabase Auth) and are stored as secure hashes; we never have access to your password in plaintext.
- First and last name, postal address, city, country β used to personalise your account and, for clinic accounts, to display your location to pet owners searching for a vet.
- Phone number (optional) β used for contact purposes, including publishing on Lost & Found reports if you choose to create one.
- Profile photo (optional) β displayed on your public profile.
- Account type (pet owner or veterinary clinic) β used to route you to the correct features.
Sign-in via Google or Facebook (optional): If you choose to sign in using a third-party identity provider, we receive your name, email address, and profile avatar from that provider. We do not receive your password from them.
2.2 Pet Data
If you are a pet owner, you can create digital pet profiles containing:
- Pet name, species, breed, colour, sex, date of birth, microchip number, photo, and free-text notes.
- Health records: vaccinations, medications, allergies, and clinic visit history. These records relate to your pet, not to you personally, but we treat them as private. A veterinary clinic with whom you have an active booking may also add or update health records for your pet.
2.3 Lost & Found Reports
This is the most important disclosure in this policy β please read it.
When you create a Lost or Found report, certain information is published publicly on the Connect-a-Pet website so that members of the public can contact you:
- Details and photo of the pet
- The town, city, or region and approximate map coordinates where the pet was lost or found
- The date of the report
- A description
- Your email address
- Your phone number (if you have added one to your account)
This public disclosure is the core purpose of the Lost & Found feature β it enables finders and owners to make contact. By creating a report, you consent to this publication.
You can edit, resolve, or close your report at any time. Closing a report removes it from public view. Reports do not expire automatically.
2.4 Appointments and Clinic Data
When you book an appointment through Connect-a-Pet:
- We collect the chosen pet, clinic, preferred date/time, and a reason or notes.
- If the clinic accepts your booking, a client record is created at that clinic containing your name, email address, phone number, city, and country. The pet you booked for β including its full profile and health records β also becomes visible to that clinic.
See Section 5 for more detail.
2.5 Veterinary Clinic Data
If you register as a veterinary clinic, we collect:
- Clinic name, address, phone number, and professional licence number.
- Verification documents (e.g. a copy of your veterinary licence or registration certificate), uploaded to verify your clinic's legitimacy. These documents are stored in a private, access-restricted storage area and are only accessible by you and Connect-a-Pet administrators.
2.6 PetMaps Community Content
When you use the PetMaps feature, we collect:
- Venue reviews and star ratings (your first name and last initial are shown publicly alongside your review).
- Venue photos you upload (published publicly).
- Check-ins, saved/bookmarked venues, and votes on venue attributes (water availability, shade, off-lead areas, etc.).
2.7 Notifications
We store in-app notifications linked to your account β for example, appointment confirmations, clinic verification updates, and other service messages.
2.8 Technical and Log Data
Our hosting provider ([HOSTING PROVIDER β confirm: Vercel]) processes standard web server logs that include your IP address and browser user-agent string. These are used for security and platform stability. We do not run any analytics tools or tracking pixels.
3. Lawful Bases for Processing
We process your personal data only where we have a valid legal basis under GDPR Article 6. The table below sets out what we do and why.
| Processing activity | Lawful basis |
|---|---|
| Creating and managing your account | Contract performance (Art. 6(1)(b)) β necessary to provide the service |
| Authenticating your identity and keeping your session active | Contract performance |
| Displaying your name and profile photo on the platform | Contract performance |
| Storing and displaying your pet's profile and health records | Contract performance |
| Creating and publishing a Lost & Found report, including your contact details | Consent (Art. 6(1)(a)) β you actively submit the report knowing your contact details will be public |
| Sharing your contact details and pet data with a clinic when you book | Contract performance β necessary to fulfil the booking |
| Storing clinic verification documents and running the review process | Legitimate interests (Art. 6(1)(f)) β protecting users by ensuring clinics are genuine |
| Sending in-app notifications about your bookings and account | Contract performance |
| Moderating content and banning accounts that violate our rules | Legitimate interests β maintaining a safe platform |
| Retaining a ban flag on a banned account after closure | Legitimate interests β preventing re-registration and maintaining audit records |
| Processing geolocation coordinates (Find-a-Vet, with browser permission) | Consent (Art. 6(1)(a)) β via the browser permission prompt |
| Standard server and security logs | Legitimate interests β platform security and abuse prevention |
| Responding to legal claims or regulatory requests | Legal obligation (Art. 6(1)(c)) or legitimate interests |
Withdrawing consent: Where we rely on your consent (Lost & Found report publication, geolocation), you can withdraw it at any time. Withdrawing consent for a report means closing it, which removes it from public view. Withdrawing browser geolocation permission can be done via your browser settings.
4. Lost & Found Reports β A Special Note
We want to be very clear: the contact information you publish on a Lost & Found report goes onto the public internet. Anyone who visits Connect-a-Pet β logged in or not β can see your email address and phone number on an open report.
We do this because it is the most effective way to reunite pets with their families. But you should be aware that:
- Once published, your contact details may be indexed by search engines or copied by third parties before you close the report.
- We cannot guarantee that closing a report will remove it from search engine caches or any third-party copies.
- If you prefer not to share your personal contact details publicly, consider creating a dedicated email address for this purpose.
5. Booking Appointments and Sharing Data with Clinics
Booking an appointment on Connect-a-Pet is a two-step process: you send a request, and the clinic either accepts or declines. Data sharing with the clinic only happens when the clinic accepts your booking.
At that point, the clinic receives:
- Your name, email address, phone number, city, and country.
- The full profile and health records of the pet you booked for.
Each veterinary clinic on Connect-a-Pet is an independent data controller in respect of the client and pet data they receive. Their own privacy practices govern how they store and use that data. We encourage you to review the privacy information of any clinic you book with.
6. Photos and Files
Connect-a-Pet uses cloud storage with two levels of access:
- Public storage: Profile photos, pet photos, Lost & Found report photos, and venue photos are stored in publicly accessible locations. Anyone with the URL can view them. This is necessary for the features to work as intended.
- Private storage: Clinic verification documents are stored in a restricted area accessible only to the clinic that uploaded them and Connect-a-Pet administrators. These are never shared publicly.
7. Location Data
PetMaps and Lost & Found coordinates: Lost & Found reports store the approximate coordinates of the town or city you select. This is a generalised location (city-level), not your precise GPS position. It is used to power radius-based searches and is published as part of the report.
Find-a-Vet geolocation: On the Find-a-Vet page, we ask for permission to access your device's location via the standard browser permission prompt. If you grant permission, your coordinates are sent to the Google Places API to identify nearby clinics. These coordinates are not stored in the Connect-a-Pet database. If you decline, you can search by typing a town or city name instead.
Geocoding API: When you type a place name, it is sent through our own server to the Open-Meteo geocoding service to retrieve coordinates. Your IP address is not exposed to Open-Meteo in this process.
8. Who We Share Your Data With
We do not sell your data. We do not share it for advertising purposes. Below is a complete list of the parties who may receive your data.
| Recipient | Their role | Data shared | Location |
|---|---|---|---|
| Supabase (database, authentication, file storage) | Processor β acts on our instructions | All account, pet, report, appointment, and clinic data; uploaded files | EU β AWS eu-north-1 (Stockholm, Sweden) |
| Google Maps Platform (Maps, Places, Geocoding APIs) | Independent controller for their services | IP address, map interactions, search queries; device coordinates (with your permission, Find-a-Vet only) | Google global infrastructure β see international transfers below |
| Google / Facebook (optional OAuth sign-in) | Identity providers | Your name, email, and avatar at the moment of sign-in | Per their own policies |
| Open-Meteo (geocoding) | Processor-like service | Only the town/city name you type (your IP is not passed β we proxy the request server-side) | EU |
| Public reference APIs (dog.ceo, TheCatAPI, REST Countries) | Third-party content providers | Your IP address only, as with any browser request to an external server | Various |
| [HOSTING PROVIDER β confirm: Vercel] | Processor (hosting and CDN) | Standard server logs (IP, user agent) | [Confirm location] |
| Verified veterinary clinics | Independent controllers | Your contact details and your booked pet's profile and health records β only when a clinic accepts your appointment request | As per each clinic |
| The public | β | Lost & Found report contents including your contact email and phone; public photos; venue reviews showing your first name and last initial | β |
| Law enforcement or regulators | β | Data required by valid legal process or to protect rights and safety | As required |
9. International Transfers
Your data is primarily stored within the EU (Sweden). Where data is transferred outside the EU/EEA, we rely on the following safeguards:
- Google: Google LLC participates in the EUβUS Data Privacy Framework (DPF), which provides an adequacy basis for transfers to the United States. Google also relies on Standard Contractual Clauses (SCCs) as an additional safeguard. See Google's Privacy Policy for details.
- Google / Facebook (OAuth): Governed by their respective policies and transfer mechanisms.
- Other processors: We select processors that store data within the EU where possible.
10. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account and profile data | Held for the life of your account. Following a verified deletion request, we will delete or anonymise your data within [30 days β confirm period], except where retention is required for legal or legitimate-interest reasons (see below). |
| Pet profiles and health records | Deleted or anonymised when you delete the pet or close your account. |
| Lost & Found reports | Retained until you resolve or close the report. Closed reports are removed from public view but may be retained in our database for a short period for moderation and audit purposes before permanent deletion. |
| Appointment records | Retained for [X months/years β confirm period] after the appointment, in line with legitimate interests in resolving disputes. |
| Clinic verification documents | Retained while the clinic is registered. Deleted within a reasonable period after clinic account closure or deregistration. |
| Ban flags | Retained indefinitely after account closure to prevent re-registration and maintain our moderation audit trail (legitimate interests). |
| Server logs | Retained in accordance with our hosting provider's standard log rotation policy. |
| Supabase authentication logs | Retained in accordance with Supabase's default policies. |
Where exact retention periods are marked [confirm], we will update this policy with specific dates once finalised.
11. Security
We take reasonable and appropriate measures to protect your data, including:
- Row-level security (RLS) on every database table, so that each user can only access their own records.
- Private storage for sensitive documents (clinic verification files), restricted to the uploader and administrators.
- Hashed passwords managed by our authentication provider β we never store or access your password in plaintext.
- Role-gated admin access β only designated administrators can access user management tools and sensitive data.
- EU data residency β your data lives within the EU under GDPR protection.
No system is perfectly secure. If you believe your account has been compromised, please contact us immediately at [CONTACT EMAIL].
12. Children
Connect-a-Pet is not directed at children. The minimum age to use this service is 16 years (in line with GDPR Article 8 and French implementation, which sets the digital-consent age at 15). We do not knowingly collect personal data from anyone under this age. If we become aware that a child below the applicable age has registered, we will delete their account and associated data promptly.
If you believe a child has provided us with personal data, please contact us at [CONTACT EMAIL].
13. Your Rights
Under the GDPR, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Ask us to correct inaccurate or incomplete data. |
| Erasure (Art. 17) | Ask us to delete your personal data ("right to be forgotten"), subject to legal exceptions. |
| Restriction (Art. 18) | Ask us to limit how we use your data while a dispute is resolved. |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format, or have it transferred to another service. |
| Objection (Art. 21) | Object to processing based on legitimate interests. |
| Withdraw consent (Art. 7(3)) | Withdraw any previously given consent at any time (e.g. close a Lost & Found report, revoke browser geolocation). |
Self-service controls: You can already edit your profile, edit or close your reports, delete your pets, cancel appointments, remove saved venues, and delete your venue reviews directly within the platform.
Account deletion: We do not yet offer self-service account deletion. To request full account deletion or a data export, please email us at [CONTACT EMAIL]. We will respond within 30 days (as required by GDPR Art. 12) and complete the deletion or provide the data within one month of verifying your identity, extendable by up to two further months for complex requests.
Right to lodge a complaint: If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national supervisory authority. As Connect-a-Pet is operated from France, the lead supervisory authority is:
Commission Nationale de l'Informatique et des LibertΓ©s (CNIL) 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France https://www.cnil.fr
If you are based in another EU/EEA country, you may also contact your local supervisory authority.
For users outside the EU
UK: We comply with the UK GDPR. The UK Information Commissioner's Office (ICO) is the relevant supervisory authority for UK residents.
California (CCPA/CPRA): California residents have rights under the California Consumer Privacy Act, including the right to know, delete, and opt out of sale of personal information. We do not sell personal information. To exercise your rights, contact us at [CONTACT EMAIL].
Other jurisdictions: We handle all data in accordance with GDPR standards, which generally meets or exceeds the requirements of other data protection regimes.
14. Cookies
We use cookies and similar technologies as described in our Cookie Policy. The only non-essential technology we use is Google Maps (on PetMaps and Find-a-Vet pages). We do not use any advertising, analytics, or social media tracking cookies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via a notice on the Connect-a-Pet website and, where appropriate, by email. The "Last updated" date at the top of this document will always reflect the current version. Continued use of the platform after the effective date of any change constitutes acceptance of the updated policy.
16. Contact Us
For any privacy-related questions, data rights requests, or concerns, please contact us:
Email: [CONTACT EMAIL for privacy requests] Post: [LEGAL ENTITY NAME], [REGISTERED ADDRESS]
We aim to respond to all privacy enquiries within 30 days.
See also our Cookie Policy.
β οΈ Disclaimer: This document is a draft prepared for informational purposes. It has not been reviewed by a lawyer. Before publishing, please have it reviewed by qualified legal counsel admitted to practise in France and familiar with GDPR, French ePrivacy rules, and CNIL guidance. In particular, legal counsel should verify: the choice of lawful bases, the adequacy of the children's age threshold, retention periods, international transfer mechanisms, and whether a Data Protection Officer is required.