Privacy Policy
Last Updated: Last Updated: December 5, 2025
1. Information We Collect
Account Information
When you create an account, we collect: • Email address (via Google OAuth) • Display name (from your profile) • Phone number (optional) • Profile photo (optional) • Authentication credentials (managed by Firebase Authentication) We use Google OAuth for secure authentication. Your password is never stored by us-it is managed entirely by Google.
Content You Upload
Videos and images you upload are stored securely in Firebase Cloud Storage. This content is used to: • Provide AI-powered behavioral analysis • Generate behavioral insights and captions • Store your analysis history and memories • Improve our AI models (with your consent) You retain full ownership of all uploaded content.
Camera and Microphone Access
The live camera feature requires camera permission to capture video. We: • Do NOT record or store live camera sessions unless you explicitly save them • Do NOT request microphone access • Process video frames locally in your browser using MediaPipe (no data sent to servers during detection) • Only send frames to Google Gemini API when you request analysis Camera access is only active while you are using the camera feature.
Usage Data
We collect information about how you use the Service: • Session data (timestamps, duration, feature usage) • Device information (device type, OS version, browser type) • Performance metrics (errors, load times, API response times) • Feature interactions (camera usage, uploads, analysis requests) • Credit usage and balance This data helps us improve the Service and understand user behavior patterns.
AI Analysis Data
When you request behavioral analysis, we store: • Behavioral analysis results (detected behaviors, confidence scores) • AI-generated captions and interpretations • Detection metadata (species, breed, color) • Timestamps and session information • Analysis history for your account This data is stored in Firestore and is only accessible to you.
2. How We Use Your Information
We use your information to: • Provide and improve the Service • Process your videos and generate behavioral insights using Google Gemini AI • Store your session history, memories, and analysis results • Communicate with you about the Service (via email) • Analyze usage patterns to improve AI models and detection accuracy • Ensure security and prevent abuse • Comply with legal obligations • Troubleshoot technical issues We do NOT sell your data to third parties.
3. Technology Stack & Data Processing
Frontend Architecture
Pawfect Fwiend is delivered as: • A native iOS app (Capacitor 6 wrapping Next.js 15 / React 19) • A progressive web app at dev.pwa.pawfect.fwiend.app • A marketing and account site at pawfect.fwiend.app On-device face blur (MediaPipe BlazeFace) anonymises human bystanders locally before any frame leaves your device.
Backend Infrastructure
Our backend is hosted on our own virtual private server and on Google Firebase: • Firebase Authentication (OAuth with Google and Sign in with Apple) • Firestore Database (per-user access rules enforced by Google) • Firebase Cloud Storage (encrypted-at-rest video uploads) • A Rust-based realtime analysis server (WebRTC / WebSocket streaming, video upload processing) • A Rust-based user-auth microservice (token verification, account export and deletion) All data is encrypted in transit (HTTPS / WSS) and at rest.
AI & Detection Services
Behavioural analysis uses: • Mistral Medium 3 (hosted by Mistral AI, EU-based): primary large language model for behavioural interpretation and caption generation • Google Gemini (fallback): used only when Mistral is unavailable • YOLOv8n and RTMPose (local to our VPS): pet detection and pose estimation, no third-party involvement Only the frames required for the current analysis are sent to Mistral or Gemini. Raw video is not retained by those providers beyond the immediate response.
Payments & Subscriptions
Web subscription management uses: • Stripe (Stripe Payments Europe, Ltd): processes card, Apple Pay, Google Pay and PayPal payments, and hosts the billing portal used for plan changes and cancellations iOS in-app purchases use: • Apple In-App Purchases: managed by Apple per their standard terms • Superwall (Superwall Inc): displays paywalls and reports conversions; entitlements are synced back to our Firestore We do not receive or store your full payment card number. Only non-sensitive metadata (subscription tier, status, next billing date, Stripe customer ID) reaches our systems.
Error Monitoring
Sentry (Sentry GmbH, EU-hosted) receives anonymised error reports and performance traces from both the client and the Rust server. Reports include the exception type, stack trace, and a hashed device / IP fingerprint; they do not contain video frames or raw account data.
4. AI Detection Limitations
Our pet detection system uses MediaPipe EfficientDet Lite0 with a 30% confidence threshold. Some videos may be rejected if: • The pet is too small or far from camera • The pet is partially obscured or hidden • Poor lighting or low video quality • Unusual angles or positions • Non-standard pet breeds or mixed breeds This is a technical limitation of machine learning, not a service restriction. We are continuously improving detection accuracy through model updates.
5. Credit System
Video analysis consumes credits from your account: • Each video analysis costs 1 credit • Credits do not expire • Unused credits are non-refundable • Refunds follow app store policies (Apple App Store or Google Play Store) • You can view your credit balance in Settings • Failed analyses due to technical errors are refunded automatically • No refunds for videos where no pet is detected (technical limitation)
6. Data Storage and Security
Your data is stored securely using industry-standard encryption: • Database: Firestore with Row Level Security (RLS) policies - Only you can access your data - Encryption at rest with Google-managed keys - Automatic backups and disaster recovery • Storage: Firebase Cloud Storage with encrypted buckets - All files encrypted with AES-256 - Access controlled by RLS policies - Automatic cleanup of temporary files • Authentication: Firebase Authentication with Google OAuth - No passwords stored by us - Session tokens with automatic expiration - Multi-factor authentication support • API: HTTPS encryption for all data transmission - TLS 1.2+ for all connections - Certificate pinning for mobile apps - Regular security audits Only you can access your uploaded content and session history. We implement strict access controls and never share your data with unauthorized parties.
7. Third-Party Services
Mistral AI (primary LLM)
Video frames selected for behavioural analysis are sent to Mistral AI (Paris, France) via their Medium 3 model: • Frames are transmitted over HTTPS • Mistral returns the structured analysis to our Rust realtime server • Mistral does not retain frames for model training under their default API terms • Mistral's privacy policy applies: https://mistral.ai/privacy Human faces visible in a frame are locally blurred on your device (MediaPipe BlazeFace) before transmission.
Google Gemini (fallback LLM)
If Mistral is temporarily unavailable, the same frame is sent to Google Gemini (Google LLC). Frames are not shared with Gemini under any other circumstance. Google's privacy policy applies: https://policies.google.com/privacy
Firebase Services (Google)
Our identity, database and storage layer is Firebase (Google): • Firebase Authentication: manages Google and Apple OAuth sign-in • Firestore: stores user profiles, pets, memories, credits, subscriptions, and an internal ai-credit-ledger used for billing accuracy • Firebase Cloud Storage: stores uploaded videos until analysis completes Google's privacy policy applies: https://policies.google.com/privacy
Stripe (payments)
Web payments are processed by Stripe Payments Europe Ltd (Dublin, Ireland). When you subscribe, you are redirected to Stripe Checkout; you enter payment details on stripe.com, not on our site. Stripe returns a customer and subscription identifier via webhook; those identifiers are stored in Firestore under your user account. Stripe's privacy policy: https://stripe.com/privacy
Apple App Store & Superwall (iOS payments)
iOS subscriptions are billed by Apple through the standard In-App Purchase flow. Superwall (Superwall Inc) is the paywall orchestrator: it displays the upgrade screen, reports the conversion, and syncs the resulting entitlement back to Firestore. Apple handles all payment data. Superwall's privacy policy: https://superwall.com/privacy
Sentry (error monitoring)
Sentry (Sentry GmbH, Vienna, Austria; EU-hosted) receives anonymised error reports, stack traces, and a hashed device / IP fingerprint from our apps and servers. No raw frames, email addresses, or account data are transmitted. Sentry's privacy policy: https://sentry.io/privacy
Hostinger VPS (hosting)
Our Rust realtime server, Rust user-auth service, and web static hosting run on a virtual private server provided by Hostinger (Kaunas, Lithuania). Flight recorder session logs (JSONL with per-session analysis traces) are stored locally on that VPS and backed up nightly to an encrypted object store for disaster recovery.
8. Data Retention
We retain your data as follows: • Account Data: Retained as long as your account is active • Video Content: Retained as long as your account is active • Analysis Results: Retained as long as your account is active • Temporary Files: Automatically deleted after 30 days • Deleted Content: Permanently removed within 30 days You can delete individual sessions or your entire account at any time from the Settings page. When you delete content or your account, it is permanently removed from our systems within 30 days.
9. Your Rights
You have the right to: • Access: view all data we hold about you • Export (data portability): download a machine-readable copy of your data (GDPR Article 20) • Delete (erasure): permanently remove your data and account (GDPR Article 17) • Rectification: update inaccurate information • Object: opt out of certain data processing • Withdraw consent: revoke permissions at any time How to exercise these rights: • Web: sign in at pawfect.fwiend.app/account/profile. The Privacy and data section has Export my data and Delete my account buttons. Export downloads a JSON bundle of everything we hold. Delete cascades through pets, memories, credits, subscription, user profile, and Firebase Auth account, then signs you out. • iOS and PWA: open Settings inside the app. Download data and Delete account rows call the same server endpoints. • Email: privacy@pawfect.fwiend.app for any request the in-app buttons cannot fulfil. Export and deletion are processed immediately by our Rust user-auth service. Deletion cannot be undone.
10. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at privacy@pawfect.fwiend.app. For users aged 13-18, parental consent may be required depending on your jurisdiction.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place to protect your data: • Standard Contractual Clauses (SCCs) for EU data transfers • Encryption in transit and at rest • Access controls and monitoring • Regular security audits By using the Service, you consent to the transfer of your data to countries outside your country of residence.
12. Security Measures
We implement comprehensive security measures: • Encryption: All data encrypted in transit (HTTPS) and at rest (AES-256) • Access Controls: Row Level Security (RLS) policies in Firestore • Authentication: Firebase Authentication with OAuth 2.0 • Monitoring: Automated security monitoring and alerting • Audits: Regular security audits and penetration testing • Incident Response: 24/7 incident response team If we discover a security breach, we will notify affected users within 72 hours as required by law.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via: • Email notification • In-app notification • Website banner Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically for updates.
14. Contact Us
For privacy questions or concerns, contact us at: Email: privacy@pawfect.fwiend.app Data Protection Officer: dpo@pawfect.fwiend.app Mailing Address: Sam Houston Labs Ltd, 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom
15. GDPR Compliance (EU Users)
If you are in the European Union, you have additional rights under GDPR: • Right to data portability: Export your data in machine-readable format • Right to restrict processing: Limit how we use your data • Right to object: Object to automated decision-making • Right to erasure: Delete your data (right to be forgotten) • Right to lodge a complaint: Contact your local data protection authority Our legal basis for processing your data: • Consent: You consent to the Service terms • Contract: Processing is necessary to provide the Service • Legitimate Interest: Improving the Service and preventing abuse • Legal Obligation: Complying with applicable laws Our Data Protection Officer: dpo@pawfect.fwiend.app
16. CCPA Compliance (California Users)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA): • Right to Know: Request what personal information we collect • Right to Delete: Request deletion of your personal information • Right to Opt-Out: Opt out of the sale of your personal information • Right to Non-Discrimination: We do not discriminate for exercising your rights To exercise these rights, contact us at privacy@pawfect.fwiend.app Note: We do NOT sell your personal information to third parties.