My Pet Family

Welcome to My Pet Family. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our mobile application and associated backend services. By using My Pet Family, you agree to the practices described below.

1. Data Controller

The application is operated by Štefan Marcin. If you have any questions regarding this policy, you may contact us at: stefan.marcin74@gmail.com.

2. Information We Collect

We collect the following categories of personal data:

• Account information: name, e-mail address, hashed password, preferred language, and currency.
• Authentication data: session tokens, IP address, and user-agent string recorded at login. If you sign in with Google or Apple, we receive your identity token and, where available, your e-mail address and display name from that provider.
• Pet profiles: pet name, species/category, gender, castration status, date of birth, height, breed, and microchip / identification number.
• Health records: veterinary visit titles, record types, dates, notes, and costs.
• Feeding records: feeding titles, record types, dates, notes, and costs.
• Activity records: activity titles, types, dates, duration, star ratings, notes, and costs.
• Reminders: reminder date and time, record type, and notes.
• Media files: photos (JPEG) captured with your device camera or chosen from your photo library, and documents (any format) you upload as attachments to pets or records. Camera access is requested only when you initiate a photo action and is not used in the background.
• Device & notification tokens: FCM (Firebase Cloud Messaging) tokens used to deliver push notifications.
• Feedback: free-text feedback and an optional screenshot you submit through the in-app feedback tool.

3. How We Use Your Information

• To create and manage your user account.
• To authenticate you securely, including via Google and Apple Sign-In.
• To store and display your pets' profiles, health, feeding, and activity records.
• To send account-activation and password-reset e-mails when requested.
• To deliver push notifications for reminders you have set.
• To allow you to share a pet profile with other users via a shareable link.
• To process and respond to in-app feedback you submit.
• To maintain the security and integrity of the service.

4. Pet Sharing & Collaborative Access

You can generate a shareable ID for a pet and share it with another user. The receiving user may be granted view-only or edit access to that pet's records, images, and files. You can revoke this access at any time by removing the pet from the shared user's account or deleting the shareable ID.

5. Photos, Camera Access, and Files

The app may request access to your device's camera and photo library solely to let you take or select photos for pet profiles and records. Camera and gallery permissions are used only when you explicitly trigger a photo action (e.g. setting a pet avatar, attaching a photo to a health or activity record). We do not access your camera or photos at any other time.

Images and documents you upload are stored on our server and are only accessible to authenticated users who have been granted access to the relevant pet. Images and files are logically deleted (marked as not visible) when you remove them; they are not immediately purged from disk storage.

6. Data Retention

• Active accounts: data is retained for as long as your account exists.
• Deleted records: when you delete a pet, health record, feeding record, activity record, or reminder, the item is flagged as invisible but may remain in database backups for a limited time.
• Sessions: login sessions expire automatically; they are also revoked immediately on logout or password reset.
• Password reset tokens: stored until used or superseded by a new request.

7. Third-Party Services

• Google Sign-In – identity verification via Google's OAuth 2.0 infrastructure.
• Apple Sign-In – identity verification via Apple's JWT-based authentication.
• Firebase Cloud Messaging (FCM) – push notification delivery.
• Firebase Hosting – hosting of the web build of the application.

Each third-party service is governed by its own privacy policy. We do not sell your data to any third party.

8. Security

We apply the following security measures:

• Passwords are stored as salted hashes and are never stored in plain text.
• All API endpoints (except public ones such as translations, login, and registration) require a valid session token transmitted via the Authorization: Bearer header.
• Access to pet data, images, and files is verified against ownership and permission records before each response.
• Sessions are time-limited and can be revoked server-side.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent for optional data processing (e.g. e-mail or push notifications — configurable in your profile settings).
• Lodge a complaint with a data-protection supervisory authority.

To exercise any of these rights, please contact us at stefan.marcin74@gmail.com.

10. Children's Privacy

My Pet Family is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the "Last updated" date below will be revised. Continued use of the application after changes are posted constitutes your acceptance of the revised policy.

Last updated: June 2025