🚧BetaFeatures and responses may change. Learn more
← Back to app/Privacy Policy
|

Privacy Policy

Last updated: March 18, 2026

Questions? Contact us at legal@pocketpetcare.net

🇭🇺 Olvassa el ezt a dokumentumot magyarul

On this page

PocketPetCare takes your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights as a data subject under the General Data Protection Regulation (GDPR) and applicable Hungarian law.

1. Data Controller

The data controller responsible for your personal data is:

PocketPetCare
Debrecen, Hungary
Email: legal@pocketpetcare.net

For data protection inquiries, please contact us at the email above.

2. Data We Collect

Account Data

When you create an account, we collect your email address, name, and (if you register with a password) a hashed version of your password. We never store your password in plain text.

Pet Profile Data

When you create pet profiles, you may provide: species, breed, age, weight, sex, medical conditions, allergies, medications, microchip ID, and other health-related details you choose to enter. This data is used to personalize AI responses to be relevant to your specific pet.

Conversation Data

We store the messages you send and receive through the Service, including any images you upload, the question categories detected, and the language you write in. This data is used to provide the service and, in aggregate anonymized form, to improve it.

Payment Data

We store your Stripe customer ID, subscription status, and transaction history (amounts, dates, types). Full payment card details are handled exclusively by Stripe and are never stored on our servers.

Usage Data

We track feature usage, message counts, and credit balance changes to enforce plan limits, prevent abuse, and understand how the Service is used.

Technical Data

When you access the Service, we may collect your IP address, browser type, device information, and access timestamps. This data is used for security, rate limiting, and analytics.

Cookies

We use cookies for authentication tokens, session management, and optional analytics. See our Cookie Policy for details.

[REVIEW WITH LAWYER] We process your data on the following legal grounds:

  • Contract performance (Article 6(1)(b)): Account data, pet profile data, conversation data, and payment data are processed because they are necessary to provide you with the Service you have signed up for.
  • Legitimate interest (Article 6(1)(f)): Usage analytics and service improvement are processed on the basis of our legitimate interest in operating and improving a reliable, secure service. We have assessed that this interest is not overridden by your privacy rights.
  • Consent (Article 6(1)(a)): Marketing communications (if any) and non-essential cookies are processed only where you have given explicit consent, which you may withdraw at any time.
  • Legal obligation (Article 6(1)(c)): Financial records are retained to comply with Hungarian tax law requirements.

4. How We Use Your Data

  • Providing the Service: We use your account, pet, and conversation data to generate AI responses and manage your account.
  • AI response generation: Your pet profile data and conversation history are sent to OpenAI's API for processing. OpenAI processes this data as a data processor on our behalf and does not use it to train their models (under our API agreement).
  • Expert consultations: Relevant pet data and conversation excerpts may be shared with veterinary experts who provide consultation services through the platform.
  • Payment processing: We use Stripe to process subscription and credit purchases.
  • Analytics and improvement: Anonymized and aggregated usage data helps us understand how the Service is used and how to make it better.
  • Legal compliance: We retain certain records to comply with applicable law.

5. Third-Party Data Processors

We use the following third-party processors, all of which are bound by data processing agreements and appropriate legal safeguards:

  • OpenAI — AI model processing. Your messages and pet data are transmitted to OpenAI's API for response generation. Data may be processed in the United States. OpenAI participates in the EU-US Data Privacy Framework where applicable; transfers are further protected by Standard Contractual Clauses. [REVIEW WITH LAWYER — verify current OpenAI DPA and transfer mechanism]
  • Stripe — Payment processing. Stripe is PCI DSS compliant. Card data is handled exclusively by Stripe and never passes through our servers.
  • Supabase — Database hosting. Your data is stored on Supabase-managed PostgreSQL infrastructure. [REVIEW WITH LAWYER — confirm Supabase data region]
  • Vercel — Application hosting and edge functions. Our Next.js application is hosted on Vercel's infrastructure. [REVIEW WITH LAWYER — confirm Vercel data region]

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Conversation data: Retained while your account is active. You can delete individual conversations at any time. All conversation data is deleted when your account is closed.
  • Payment records: Retained for 7 years as required by Hungarian tax and accounting law.
  • Analytics data: Anonymized and aggregated after 24 months; raw usage logs are deleted at that point.

7. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

  • Right of access: You may request a copy of all personal data we hold about you.
  • Right to rectification: You may update most of your data directly in your account settings. For corrections we cannot make through the app, contact us.
  • Right to erasure ("right to be forgotten"): You may request deletion of your account and associated data. We will process your request within 30 days, subject to our legal retention obligations (e.g. financial records).
  • Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
  • Right to data portability: You may request an export of your data in a machine-readable format.
  • Right to object: You may object to processing based on legitimate interest. We will assess your objection and either stop the processing or demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Hungarian data protection authority (Nemzeti Adatvédelmi és Információszabadság Hatóság — NAIH, naih.hu) or your local supervisory authority.

To exercise any of these rights, email us at legal@pocketpetcare.net. We will respond within 30 days.

8. International Data Transfers

[REVIEW WITH LAWYER] Some of our data processors are located outside the European Union / European Economic Area (primarily in the United States). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions, where the destination country provides equivalent data protection
  • Participation in the EU-US Data Privacy Framework where applicable

9. Children's Data

The Service is not intended for users under 18 years of age. We do not knowingly collect or process personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and in-app notification at least 30 days before the changes take effect. The revised policy will be accessible at this URL with an updated "Last updated" date.

See also

Terms of ServiceMedical DisclaimerCookie PolicyRefund Policy
    Privacy Policy — PocketPetCare