1. Introduction
PawUnity ("we," "our," "us") is committed to protecting your personal information in accordance with the UAE Personal Data Protection Law (PDPL) — Federal Decree-Law No. 45 of 2021. This Privacy Policy explains how we collect, use, store, and protect information when you use our smart pet recovery platform.
By creating an account on PawUnity, you acknowledge and agree to the practices described in this Privacy Policy.
2. Data We Collect
2.1 Account Data (Personal Information / PII)
- Full name (first name, last name)
- Email address
- Phone number (optional, stored encrypted at rest)
- Password (stored as an irreversible bcrypt hash — we cannot recover it)
2.2 Pet Data (Non-PII)
- Pet name, species, breed, color
- Pet photo (publicly viewable on your pet's profile page)
- Notes about the pet
2.3 Usage & Technical Data
- Tag scan timestamps and approximate IP-based location (city-level only, no GPS)
- Browser/device user-agent string
- IP address at time of scan (not linked to a finder's identity)
2.4 Payment Data
Payments are processed exclusively through Stripe. PawUnity does not store any credit card, debit card, or banking information on our servers. We only store a Stripe Customer ID and subscription status.
3. How We Use Your Data
- Pet recovery: Connecting finders to pet owners through our tag system
- Notifications: Sending you scan alerts and contact messages from finders
- Account management: Creating and managing your account and subscription
- Platform improvement: Analyzing usage patterns to improve our service (aggregated, non-identifiable)
- Legal compliance: Meeting our obligations under UAE law
We do NOT sell, rent, or share your personal data with third parties for marketing purposes.
4. Data Protection Measures
- Phone numbers are encrypted at rest using AES-256-GCM
- Passwords are hashed with bcrypt (cost factor 12)
- All data is transmitted over HTTPS (TLS 1.2 or higher)
- Phone numbers are never exposed to finders — all contact is proxied through our backend
- Role-based access control: resellers and admins can only see appropriate data
- Access tokens expire after 15 minutes; refresh tokens after 7 days
5. Your Rights Under UAE PDPL
As a data subject under UAE PDPL, you have the right to:
- Access: Request a copy of your personal data we hold
- Correction: Update or correct inaccurate information in your account settings
- Deletion: Delete your account and all associated data from your Settings page (anonymized within 30 days)
- Portability: Request a machine-readable export of your data
- Objection: Object to specific processing activities
To exercise these rights, visit your Account Settings or contact us at privacy@getpawunity.com.
6. Data Retention
- Account data: Retained while your account is active
- Pet data: Retained while your account is active; removed with account deletion
- Scan logs: Retained for 12 months, then automatically deleted
- Deleted accounts: Anonymized within 30 days of deletion request
7. Third-Party Services
- Stripe: Payment processing (Stripe Privacy Policy)
- Email (SMTP): Transactional notifications only (scan alerts, contact messages)
- Google Analytics (GA4) & Google Tag Manager: Anonymous usage analytics to improve the platform. Activated only after you provide cookie consent. No personally identifiable information is sent to Google Analytics. (Google Privacy Policy)
No personal data is sold to or shared with advertisers.
8. Cookies
We use the following cookies:
- Essential: Authentication session token (JWT) — required for the platform to function. Cannot be declined.
- Analytics (optional): Google Analytics 4 cookies for anonymous usage statistics. Only activated after you accept cookies via our consent banner. You can withdraw consent at any time from your browser settings.
We do not use advertising or retargeting cookies.
9. Children's Privacy
PawUnity is not intended for users under 18 years of age. We do not knowingly collect personal data from minors.
10. Contact
For privacy requests, questions, or complaints: