PRIVACY POLICY
Last Updated: May 29, 2026
Effective Date: May 29, 2026
1. INTRODUCTION
Welcome to Petso’s Privacy Policy. This policy describes how Petso B.V. (“Petso”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information across our platforms:
- Petso - Pet owner platform
- Petso Pro - Professional services platform
- Farmso - Farm management platform
Your privacy is important to us. We are committed to protecting your personal information and being transparent about our data practices.
This Privacy Policy describes the personal data we process and the legal bases on which we rely. Where we rely on your consent (for example, for marketing communications or non-essential cookies), we will ask for it explicitly through an opt-in mechanism before processing — and you can withdraw that consent at any time. For all other processing, we rely on the legal bases set out in this Policy (such as performance of our contract with you, our legitimate interests, or compliance with a legal obligation).
- Personal Details: Name, email address, phone number, date of birth
- Profile Information: Profile photo, bio, location (city/country)
- Login Credentials: Password (encrypted), linked social accounts
- Payment Information: Credit card details (stored by Stripe), billing address
- Professional Information (Petso Pro): License numbers, certifications, insurance details, business registration
- Farm Information (Farmso): Farm name, registration number, land ownership documents
- Basic Details: Name, species, breed, gender, date of birth, weight
- Physical Characteristics: Color, markings, special features
- Microchip Information: Microchip number, registry
- Medical Records: Vaccination history, medical conditions, allergies, medications
- Documents: Veterinary records, certificates, photos, videos
- Behavioral Information: Temperament, training status, special needs
- Animal Details: Species, breed, tag numbers, birth dates
- Health Records: Vaccination history, treatments, veterinary visits
- Inventory Data: Feed consumption, production metrics
- Compliance Data: Regulatory certifications, audit records
Content You Create
- Posts & Comments: Social media posts, comments, reactions
- Reviews & Ratings: Professional reviews, service ratings
- Messages: Direct messages, appointment communications
- Documents: Uploaded files, photos, videos
- Notes: Personal notes, reminders, annotations
Usage Data
- Platform Activity: Pages viewed, features used, time spent
- Click Tracking: Buttons clicked, navigation paths
- Search Queries: Search terms, filters applied
- Feature Engagement: Features accessed, frequency of use
- Device Type: Mobile, tablet, desktop
- Operating System: iOS, Android, Windows, macOS
- Browser Information: Browser type, version
- Screen Resolution: Display settings
- Device Identifiers: IP address, device ID (anonymized)
Location Data
- IP-Based Location: Approximate location from IP address
- GPS Location: Precise location (only with explicit permission)
- Service Area: Location for professional service availability
- Time Zone: For scheduling and notifications
Cookies & Tracking Technologies
- Essential Cookies: Authentication, security, preferences
- Analytics Cookies: Usage patterns, performance metrics
- Functional Cookies: Language preferences, customizations
- Advertising Cookies: Marketing effectiveness (opt-out available)
- Profile Information: Name, email, profile picture
- Public Profile Data: From Facebook, Google, Apple
- Friend Lists: Only with permission
Payment Processors (Stripe)
- Transaction Data: Payment confirmations, receipts
- Card Information: Last 4 digits, card type
- Billing History: Transaction history
Microchip Registries
- Registration Status: Microchip registration confirmation
- Owner Verification: Ownership validation
Professional Verification Services
- License Verification: Professional credential validation
- Background Checks: Criminal background checks (with consent)
- Insurance Verification: Coverage confirmation
2.4 Blockchain Data
Decentralized Identifiers (DIDs)
- DID Creation: Public key, blockchain address
- Transaction History: Blockchain transactions (public)
- Verification Status: ZKP verification status
NFT Data
- Ownership Records: NFT ownership on blockchain
- Metadata: NFT attributes, creation date
- Transfer History: Blockchain transaction history
Important: Blockchain data is publicly visible and immutable. We cannot delete or modify blockchain records.
3.1 Core Service Delivery
Account Management
- Create and maintain your account
- Authenticate your identity
- Personalize your experience
- Remember your preferences
- Multi-device synchronization
- Petso: Manage pet profiles, health records, appointments
- Petso Pro: Schedule appointments, manage clients, process payments
- Farmso: Track livestock, manage compliance, generate reports
Communication
- Send appointment confirmations
- Deliver notifications and reminders
- Respond to support requests
- Send transactional emails (receipts, confirmations)
- Platform updates and announcements
3.2 Service Improvement
Analytics & Research
- Understand usage patterns
- Identify feature popularity
- Measure platform performance
- Conduct A/B testing
- Improve user interface
Product Development
- Develop new features
- Enhance existing functionality
- Fix bugs and errors
- Optimize platform speed
- Improve mobile experience
Machine Learning & AI
- Personalized recommendations
- AI health insights (with consent)
- Predictive analytics
- Automated moderation
- Smart search results
3.3 Safety & Security
Fraud Prevention
- Detect suspicious activity
- Prevent unauthorized access
- Verify professional credentials
- Monitor for abuse
- Identify fake accounts
- Maintain system security
- Prevent cyberattacks
- Protect against malware
- Secure blockchain transactions
- Encrypt sensitive data
Legal Compliance
- Comply with laws and regulations
- Respond to legal requests
- Enforce Terms of Service
- Protect our legal rights
- Cooperate with law enforcement
Communication (Opt-Out Available)
- Send newsletters
- Promote new features
- Offer special promotions
- Recommend services
- Send surveys and feedback requests
Advertising
- Display relevant ads
- Measure ad effectiveness
- Personalize marketing
- Retarget visitors (with consent)
- Partner promotions
3.5 Payment Processing
Transaction Management
- Process payments
- Issue refunds
- Generate invoices
- Track subscription billing
- Calculate platform fees
Professional Payouts
- Distribute earnings
- Generate tax forms (1099)
- Maintain financial records
- Comply with tax regulations
4.1 With Other Users
Pet Owners & Professionals
When you book an appointment:
- Shared with Professional: Pet name, species, breed, age, medical history (with your consent), contact information
- Shared with Owner: Professional name, business name, credentials, location, pricing
Social Features
When you use social features:
- Public Profile: Display name, profile photo, pet photos (controllable via privacy settings)
- Posts & Comments: Visible to your followers or publicly
- Reviews: Visible publicly with your name
Privacy Controls
You control data sharing through:
- Privacy settings per pet
- Global search visibility toggle
- Data sharing consent per appointment
- Social profile privacy settings
4.2 With Service Providers
We share data with trusted third parties:
Infrastructure & Hosting
- Cloud Storage: AWS, Google Cloud (data encrypted)
- CDN Providers: Cloudflare (for performance)
- Email Services: SendGrid, Amazon SES
- SMS Providers: Twilio (for notifications)
Payment Processing
- Stripe: Payment processing, subscription management
- PayPal: Alternative payment method
- Information shared: Transaction amount, payment method, billing address
Analytics & Monitoring
- Google Analytics: Usage statistics (anonymized)
- Mixpanel: Feature engagement
- Sentry: Error monitoring
- Datadog: Performance monitoring
- Customer Support: Zendesk, Intercom
- Marketing Automation: Mailchimp, SendGrid
- Push Notifications: Firebase, OneSignal
Security & Verification
- Identity Verification: Stripe Identity
- Background Checks: Checkr (professionals only, with consent)
- License Verification: Professional licensing boards
- Fraud Detection: Sift, MaxMind
4.3 With Business Partners
Microchip Registries
- Share microchip data for registration
- Verify ownership status
- Update contact information
Veterinary Networks
- Share medical records (with consent)
- Emergency access to pet information
- Coordinate care between providers
Travel Authorities (E-Passport)
- Share vaccination records
- Provide health certificates
- Verify travel compliance
4.4 With Regulatory Authorities (When Required)
Legal Obligations
- Court orders and subpoenas
- Law enforcement requests
- Regulatory investigations
- Tax authorities (for professionals)
- Agricultural compliance agencies (Farmso)
Public Health & Safety
- Animal disease outbreaks
- Public safety concerns
- Child/animal abuse reports
- Emergency situations
4.5 Business Transfers
In the event of:
- Merger or acquisition
- Sale of assets
- Bankruptcy
- Corporate restructuring
Your data may be transferred to the acquiring entity.
4.6 With Your Consent
We may share information:
- When you explicitly authorize
- For specific purposes you approve
- Through integrations you enable
- Via data export features
5. DATA PRIVACY CONTROLS
5.1 Owner Privacy Settings
Pet Profile Privacy
- Private: Only visible to you
- Shared with Professionals: Accessible during appointments
- Global Search: Searchable by microchip/DID
- Social: Visible in pet social network
Choose what to share:
- ✓ Pet name and species (required)
- ☐ Breed and age
- ☐ Microchip number
- ☐ Vaccination records
- ☐ Medical history
- ☐ Owner contact information
- ☐ Location/address
Search Privacy
- Enable/disable global pet search
- Control QR code emergency information
- Limit professional directory visibility
- Hide from social feed
5.2 Professional Privacy Settings
- Display business name and location
- Show credentials and certifications
- Control service area visibility
- Hide/show pricing publicly
Availability
- Manage calendar visibility
- Control booking window
- Set private appointment types
5.3 Communication Preferences
Email Notifications
- ☐ Appointment reminders
- ☐ Health record updates
- ☐ Promotional emails
- ☐ Newsletter
- ☐ Product updates
- ☐ Community digest
Push Notifications
- ☐ Appointment confirmations
- ☐ Messages from professionals
- ☐ Social interactions
- ☐ Rewards updates
- ☐ System alerts
SMS Messages
- ☐ Appointment reminders
- ☐ Emergency alerts
- ☐ Verification codes
5.4 Marketing Preferences
Opt-out options:
- Unsubscribe from marketing emails
- Disable personalized ads
- Opt-out of third-party cookies
- Stop retargeting campaigns
- Decline promotional SMS
6. DATA RETENTION
6.1 Active Accounts
We retain data while your account is active:
- Account information: Duration of account
- Pet profiles: Until deleted by user
- Health records: Permanent (unless deleted)
- Appointment history: 7 years
- Payment records: 7 years (tax compliance)
- Messages: 90 days (or until deleted)
- Social posts: Until deleted
6.2 Deleted Accounts
After account deletion:
- Immediate deletion: Profile information, preferences, settings
- 30-day grace period: Account recoverable upon request
- Retained for legal compliance: Transaction records (7 years), tax documents, legal holds
- Permanently deleted: Pet photos, documents, personal notes (after 30 days)
6.3 Professional Records
Professional accounts retain:
- Client records: 7 years after last appointment
- Financial records: 7 years (IRS requirement)
- License verification: 3 years after expiration
- Background checks: Duration of platform use
6.4 Blockchain Data
Important: Blockchain data is immutable and cannot be deleted:
- DIDs: Permanent on Solana blockchain
- NFT ownership: Permanent blockchain record
- Transaction history: Publicly visible forever
We can:
- Remove association with your account
- Delete off-chain metadata
- Deactivate DID display on platform
6.5 Backup Retention
Backups retained for:
- Disaster recovery: 90 days
- Business continuity: 30 days
- Point-in-time recovery: 7 days
7. DATA SECURITY
7.1 Technical Safeguards
Encryption
- Data in Transit: TLS 1.3 encryption
- Data at Rest: AES-256 encryption
- Database Encryption: Encrypted databases
- Backup Encryption: Encrypted backups
Access Controls
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Principle of least privilege
- Regular access audits
- IP whitelisting for admin access
Infrastructure Security
- AWS security best practices
- Firewall protection
- DDoS mitigation (Cloudflare)
- Intrusion detection systems
- Regular security patches
7.2 Organizational Safeguards
Employee Training
- Annual security training
- Privacy awareness programs
- Incident response training
- GDPR/CCPA compliance training
Access Limitations
- Need-to-know basis only
- Confidentiality agreements
- Background checks for employees
- Termination procedures
Third-Party Security
- Vendor security assessments
- Data processing agreements
- SOC 2 Type II certification required
- Regular audits
7.3 Security Practices
Regular Testing
- Quarterly penetration testing
- Annual security audits
- Vulnerability scanning
- Code security reviews
Monitoring
- 24/7 security monitoring
- Anomaly detection
- Automated alerts
- Incident response team
Certifications
- SOC 2 Type II compliant
- PCI DSS Level 1 (via Stripe)
- GDPR compliant
- CCPA compliant
7.4 Blockchain Security
Wallet Security
- You control private keys
- Hardware wallet support
- Multi-signature options
- Key recovery mechanisms
Smart Contract Security
- Audited smart contracts
- Bug bounty program
- Formal verification
- Upgrade mechanisms
7.5 Data Breach Response
In case of a breach:
- Immediate containment: Isolate affected systems
- Investigation: Determine scope and impact
- Notification: Inform affected users within 72 hours
- Remediation: Fix vulnerabilities
- Reporting: Notify regulators as required
8. YOUR RIGHTS & CHOICES
8.1 Access Rights
You have the right to:
- View your data: Access all personal information we hold
- Download your data: Export in machine-readable format (JSON, CSV)
- Request copies: Receive copies of specific records
How to exercise: Account Settings > Privacy > Download My Data
8.2 Correction Rights
You have the right to:
- Update information: Edit profile, pet details, preferences
- Correct inaccuracies: Fix errors in your data
- Complete incomplete data: Add missing information
How to exercise: Edit directly in your account or contact support
8.3 Deletion Rights (“Right to be Forgotten”)
You have the right to:
- Delete account: Permanently remove your account
- Delete specific data: Remove individual pet profiles, posts, documents
- Withdraw consent: Revoke previously granted permissions
Exceptions:
- Legal obligations (tax records, court orders)
- Contract performance (active subscriptions)
- Legitimate interests (fraud prevention)
- Blockchain data (immutable)
How to exercise: Account Settings > Privacy > Delete Account
8.4 Portability Rights
You have the right to:
- Export data: Structured, machine-readable format
- Transfer data: Move to another service
- API access: Programmatic data access (Enterprise)
Data included:
- Account information
- Pet profiles and records
- Appointment history
- Documents and photos
- Social posts
How to exercise: Account Settings > Privacy > Export Data
8.5 Objection Rights
You have the right to object to:
- Marketing communications: Opt-out anytime
- Data processing: Object to specific uses
- Profiling: Opt-out of automated decisions
- AI analysis: Decline AI health insights
How to exercise: Privacy Settings or email hello@petso.io
8.6 Restriction Rights
You have the right to:
- Limit processing: Restrict how we use data
- Freeze account: Temporarily suspend (not delete)
- Limit sharing: Reduce third-party sharing
8.7 Automated Decision Rights
You have the right to:
- Human review: Request manual review of automated decisions
- Explanation: Understand AI/algorithm decisions
- Opt-out: Decline automated processing
8.8 Complaint Rights
You have the right to:
- File complaints: With supervisory authorities
- Contact regulators: Data protection agencies
- Seek remedies: Legal recourse
Supervisory Authorities:
- EU: Your local Data Protection Authority
- California: California Attorney General
- Canada: Office of the Privacy Commissioner
9. REGIONAL PRIVACY RIGHTS
9.1 European Union (GDPR)
Legal Basis for Processing
- Consent: You’ve given explicit permission
- Contract: Necessary for service delivery
- Legal Obligation: Required by law
- Legitimate Interest: Our business needs (with your rights considered)
EU-Specific Rights
- Right to data portability
- Right to restriction of processing
- Right to object to processing
- Right to withdraw consent
- Right to lodge complaint with supervisory authority
International Transfers
- Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework participation (pending)
- Adequacy decisions where applicable
Data Protection Officer
Contact: hello@petso.io
9.2 California (CCPA/CPRA)
California Consumer Rights
- Right to Know: What data we collect and how we use it
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of sale/sharing (we don’t sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
- Right to Correct: Fix inaccurate information
- Right to Limit: Limit use of sensitive personal information
We do NOT sell your personal information.
We may share data for business purposes as described in this policy.
Shine the Light Request
California residents can request disclosure of third-party sharing for marketing purposes.
How to exercise: Email hello@petso.io with “California Privacy Rights”
9.3 Canada (PIPEDA)
Canadian Rights
- Right to access personal information
- Right to challenge accuracy
- Right to withdraw consent
- Right to file complaint with Privacy Commissioner
Contact: hello@petso.io or Office of the Privacy Commissioner of Canada
9.4 Brazil (LGPD)
Brazilian Rights
- Access to personal data
- Correction of incomplete/inaccurate data
- Anonymization, blocking, or deletion
- Portability to another provider
- Information about public/private sharing
- Revocation of consent
9.5 Other Regions
We comply with local privacy laws in:
- Australia (Privacy Act)
- Japan (APPI)
- South Korea (PIPA)
- Singapore (PDPA)
- United Kingdom (UK GDPR)
10. CHILDREN’S PRIVACY
10.1 Age Restrictions
- Under 13: Not permitted (COPPA compliance)
- 13-17: Parental consent required
- 18+: Full account access
10.2 Parental Controls
Parents/guardians of users 13-17 can:
- Access their child’s account
- Control privacy settings
- Review activity
- Delete account
- Limit features
10.3 Children’s Data Collection
For users 13-17, we collect:
- Minimum necessary information
- No behavioral advertising
- No selling of data
- Enhanced privacy protections
10.4 Verification
We may require:
- Age verification during signup
- Parental consent forms
- ID verification for disputed ages
10.5 Reporting Underage Users
If you believe a user is under 13:
- Email: hello@petso.io
- Subject: “Underage User Report”
- We will investigate and take action
11. COOKIES & TRACKING
11.1 Types of Cookies
Essential Cookies
Purpose: Platform functionality
Examples: Authentication, security, session management
Can opt-out: No (required for service)
Analytics Cookies
Purpose: Usage statistics, performance monitoring
Examples: Google Analytics, Mixpanel
Can opt-out: Yes
Functional Cookies
Purpose: Preferences, customization
Examples: Language, theme, layout preferences
Can opt-out: Yes (will reset preferences)
Advertising Cookies
Purpose: Marketing, retargeting
Examples: Facebook Pixel, Google Ads
Can opt-out: Yes
11.2 Cookie Management
Browser Settings:
- Block all cookies
- Block third-party cookies
- Delete cookies regularly
- Private/incognito mode
Platform Settings:
Account Settings > Privacy > Cookie Preferences
11.3 Do Not Track
We honor Do Not Track (DNT) signals:
- Disable analytics tracking
- Stop behavioral advertising
- Limit third-party cookies
11.4 Mobile Tracking
Mobile Identifiers
- Advertising ID (iOS/Android)
- Device identifiers (anonymized)
- App-specific IDs
Opt-out:
- iOS: Settings > Privacy > Tracking
- Android: Settings > Google > Ads > Opt out
12. THIRD-PARTY SERVICES
12.1 Payment Processing (Stripe)
Data shared:
- Payment card information
- Billing address
- Transaction amount
- Email address
Stripe’s Privacy Policy: stripe.com/privacy
Control: Required for payments, no opt-out
12.2 Cloud Storage (AWS)
Data stored:
- Documents and photos
- Database backups
- User-generated content
AWS Privacy Policy: aws.amazon.com/privacy
Security: Encrypted at rest and in transit
Providers: Facebook, Google, Apple
Data received:
- Profile information
- Email address
- Profile photo
Control: Choose social login or email signup
12.4 Analytics Services
Google Analytics:
- Usage patterns
- Demographics (aggregated)
- Device information
Opt-out: Google Analytics Opt-out Browser Add-on
12.5 Communication Services
SendGrid/Twilio:
- Email/SMS delivery
- Contact information
- Message content
Control: Opt-out of non-essential communications
13. INTERNATIONAL DATA TRANSFERS
13.1 Data Storage Locations
Primary servers located in:
- United States (AWS US-East-1)
- European Union (AWS EU-West-1)
- Asia-Pacific (AWS AP-Southeast-1)
13.2 Transfer Mechanisms
EU to US:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Explicit consent where required
Other Regions:
- SCCs for international transfers
- Local data residency options (Enterprise)
13.3 Data Localization
Enterprise customers can request:
- Data residency in specific regions
- Local data processing only
- Restricted international transfers
14. DATA ACCURACY & QUALITY
14.1 Our Commitment
We strive to:
- Maintain accurate records
- Update information promptly
- Verify professional credentials
- Remove outdated data
14.2 Your Responsibility
You are responsible for:
- Providing accurate information
- Updating changed details
- Correcting errors
- Verifying pet medical records
- Maintaining current contact information
14.3 Professional Verification
We verify:
- Professional licenses (annually)
- Business registration
- Insurance coverage
- Background checks (initial and periodic)
14.4 Dispute Resolution
If you dispute data accuracy:
- Contact hello@petso.io
- Provide correct information
- Include supporting documentation
- We investigate within 30 days
- Corrections made or explanation provided
15. CHANGES TO PRIVACY POLICY
15.1 Notification of Changes
We will notify you of material changes via:
- Email to registered address
- In-app notification
- Banner on website
- Update to “Last Updated” date
15.2 Notice Period
- Material changes: 30-day notice before effective
- Minor changes: Effective upon posting
- Legal requirements: Immediate if required by law
15.3 Your Options
If you disagree with changes:
- Export your data
- Delete your account
- Opt-out of new features
- Contact us with concerns
15.4 Continued Use
Continued use after effective date constitutes acceptance of updated Privacy Policy.
15.5 Version History
Previous versions available at: petso.io/privacy/archive
16.1 Privacy Team
Email: hello@petso.io
Response Time: Within 48 hours
Subject Line Guidance:
- Data Access Request
- Data Deletion Request
- Privacy Concern
- GDPR Inquiry
- CCPA Request
16.2 Data Protection Officer (DPO)
Email: hello@petso.io
Scope: EU/EEA data subjects
16.3 Mailing Address
Petso B.V.
Privacy Department
123 Pet Plaza, Suite 500
San Francisco, CA 94105
United States
EU Representative:
Petso EU Privacy Services
Email: hello@petso.io
UK Representative:
Petso UK Privacy Services
Email: hello@petso.io
16.5 Regulatory Authorities
EU: Your local Data Protection Authority
California: California Attorney General
Canada: Office of the Privacy Commissioner
Find supervisory authorities: petso.io/privacy/authorities
17. SPECIFIC PROCESSING ACTIVITIES
17.1 AI & Machine Learning
Purpose:
- Personalized recommendations
- Health insights (opt-in)
- Predictive analytics
- Image recognition (pet photos)
- Content moderation
Data used:
- Usage patterns
- Pet health records (with consent)
- User interactions
- Uploaded images
Your control:
- Opt-out of AI processing
- Request human review
- Delete AI-generated insights
17.2 Blockchain Processing
Purpose:
- DID creation and management
- NFT minting and transfers
- Immutable record keeping
- Zero-knowledge proofs
Important limitations:
- Blockchain data is public
- Cannot be deleted or modified
- Transactions are permanent
- We don’t control the blockchain
17.3 Biometric Data
Face recognition (optional):
- Pet photo organization
- Lost pet matching
- Facial feature tagging
Control:
- Opt-in only
- Can be disabled anytime
- Biometric data encrypted
- Not shared with third parties
17.4 Location Data
Collection:
- IP-based location (automatic)
- GPS location (with permission)
- Service area (professionals)
Uses:
- Find nearby professionals
- Emergency pet location
- Location-based recommendations
- Time zone adjustments
Control:
- Disable GPS access
- Use approximate location only
- Clear location history
18. PROFESSIONAL-SPECIFIC PRIVACY
18.1 Client Data Responsibilities
As a professional, you must:
- Use client data only for service delivery
- Maintain confidentiality
- Not share without permission
- Secure data appropriately
- Delete when no longer needed
18.2 Professional Profile Privacy
You control:
- Business information visibility
- Credential display
- Service area publication
- Pricing transparency
- Calendar availability
18.3 Client Communication
- Messages stored for 90 days
- Encrypted in transit
- Not used for marketing
- Accessible to both parties
- Can be deleted by either party
18.4 Reviews & Ratings
Display:
- Public on professional profile
- Average rating calculated
- Recent reviews highlighted
Privacy:
- Reviewers identified by name
- Professionals cannot remove negative reviews
- False reviews can be disputed
- Moderation for inappropriate content
19. TRANSPARENCY & ACCOUNTABILITY
19.1 Data Processing Records
We maintain records of:
- Processing activities
- Legal basis for processing
- Data retention schedules
- Third-party processors
- International transfers
19.2 Privacy Impact Assessments
We conduct assessments for:
- New features with privacy implications
- High-risk processing activities
- Automated decision-making
- Large-scale data processing
19.3 Audits & Certifications
- Annual privacy audits
- SOC 2 Type II certification
- GDPR compliance reviews
- Security certifications
- Third-party assessments
19.4 Breach Notification
In case of data breach:
- Investigation within 24 hours
- User notification within 72 hours
- Regulatory notification as required
- Public disclosure if significant
- Remediation plan published
20.1 Anonymous Data
We use anonymized/aggregated data for:
- Industry research
- Statistical analysis
- Platform improvement
- Public reporting
Anonymization process:
- Remove personally identifiable information
- Aggregate with other users
- Cannot be re-identified
- Not subject to privacy rights
20.2 Research & Development
We may use data for:
- Product research
- Feature testing
- Academic partnerships
- Industry studies
Safeguards:
- Anonymization when possible
- Ethical review board approval
- User consent for identifiable data
- Secure research environments
20.3 Legacy Data
For inactive accounts (2+ years):
- Anonymization of personal data
- Retention of statistical data
- Deletion of sensitive information
- Option to reactivate within 30 days
21. LAWFUL BASES FOR PROCESSING (GDPR ARTICLE 13)
Under the General Data Protection Regulation, we must tell you the legal basis on which we rely to process your personal data, separately for each processing purpose. The table below summarizes our processing.
| Processing purpose | Lawful basis (GDPR Art. 6) | Special-category basis (GDPR Art. 9) if applicable |
|---|
| Creating and authenticating your account | Performance of contract — Art. 6(1)(b) | — |
| Managing your profile and pet records (non-health data) | Performance of contract — Art. 6(1)(b) | — |
| Storing and processing pet health records (vaccinations, conditions, allergies, medications, prescriptions) | Performance of contract — Art. 6(1)(b) | Explicit consent — Art. 9(2)(a). We treat pet health information as if it were special-category data so that we apply the higher Article 9 standard. |
| Booking appointments and processing payments | Performance of contract — Art. 6(1)(b); compliance with legal obligation (tax / invoicing) — Art. 6(1)(c) | — |
| Sending you transactional notifications (booking confirmations, security alerts, service updates) | Legitimate interests — Art. 6(1)(f) | — |
| Sending you marketing emails and push notifications | Consent — Art. 6(1)(a); withdrawable at any time | — |
| Improving and securing the Services (fraud prevention, abuse detection, troubleshooting) | Legitimate interests — Art. 6(1)(f) | — |
| Crash reporting and error monitoring | Legitimate interests — Art. 6(1)(f) | — |
| Generating AI-assisted insights about your pet’s care | Consent — Art. 6(1)(a) | Explicit consent — Art. 9(2)(a) where health data is involved |
| Provisioning and operating your custodial Solana wallet (see Section 22) | Performance of contract — Art. 6(1)(b) | — |
| Recording transactions and anchoring data on public blockchains (DIDs, NFTs, $PET transactions, document hashes) | Explicit consent — Art. 6(1)(a). Because on-chain data cannot be deleted (see Section 23), we rely on explicit consent given at the time of the action. | Explicit consent — Art. 9(2)(a) where health data is involved |
| KYC / AML and sanctions screening for $PET-related activity | Compliance with legal obligation — Art. 6(1)(c); legitimate interests — Art. 6(1)(f) | — |
| Complying with court orders, regulatory requests, and other legal duties | Compliance with legal obligation — Art. 6(1)(c) | — |
| Defending, exercising, or establishing legal claims | Legitimate interests — Art. 6(1)(f); also Art. 9(2)(f) for special-category data | Art. 9(2)(f) |
| Processing pet-care records on behalf of a professional user (Petso Pro — see Section 18) | We act as processor on behalf of the Pro business, which is the controller. The lawful basis is determined by the Pro business in its own privacy notice. | — |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, you may object at any time under Article 21 GDPR. See Section 8 for instructions.
Counsel review required: confirm the Article 9 health-data characterization is calibrated correctly for pet — versus human — medical data, and confirm that the marketing-consent + transactional-legitimate-interest split is acceptable under Dutch Telecommunicatiewet Art. 11.7.
22. CUSTODIAL WALLET & PRIVATE-KEY CUSTODY
This section describes the custodial wallet model used by Petso for the $PET token, NFT minting, and other on-chain actions. It is one of the most important disclosures in this Privacy Policy. Please read it carefully.
22.1 What We Do
- Wallet provisioning. When you create a Petso account, we automatically generate one or more blockchain wallets for you (typically a Solana wallet, and where applicable a Cardano wallet). These wallets are used by the Services for on-chain actions such as creating Pet DIDs, minting NFTs, recording certificates, and claiming or transferring $PET.
- Custodial keys. The private key for each wallet is generated by us and stored encrypted at rest in our database (Cloudflare D1). Encryption uses a key managed by Petso. We hold and operate the decryption key.
- What this means for you. Because we hold your private key, we are able to sign transactions on your behalf. In practice this means we control your wallet today. You should treat your Petso account as the gateway to your wallet and apply the same security hygiene you would apply to any custodial financial service.
22.2 Why We Use a Custodial Model
A custodial model lets us:
- give you a smooth in-app experience without forcing you to manage a seed phrase;
- recover access to your wallet if you lose access to your account;
- enforce platform rules (for example, to comply with sanctions screening or court orders);
- reduce the risk of total loss from a user mistakenly disclosing or losing their seed phrase.
The trade-off is that you must trust us to safeguard the key.
22.3 How We Protect Your Key
- Private keys are never stored in plain text; they are encrypted before being written to the database.
- The encryption key is held separately from the encrypted material and is rotated periodically.
- Access to the encryption key and to the wallet-signing service is restricted to a small number of authorized personnel under strict access controls and audit logging.
- We perform monitoring and alerting on unusual wallet activity.
No security measure is perfect. In the unlikely event of a personal-data breach affecting your wallet or your private key, we will notify the Dutch supervisory authority (Autoriteit Persoonsgegevens) within 72 hours where required by Article 33 GDPR, and we will notify you directly where the breach is likely to result in a high risk to your rights and freedoms (Article 34 GDPR).
22.4 Your Options
You have the following choices in relation to your custodial wallet:
- Withdraw your $PET to another wallet. You can move $PET out of your custodial wallet to an external Solana wallet at any time (subject to network fees and any vesting / lock-up). After withdrawal, the receiving wallet is under your sole control; we cannot recover or freeze it.
- Request export of your custodial private key, where this feature is available in the Services. After export, the wallet ceases to be custodial and Petso no longer signs on your behalf.
- Account deletion. When you delete your account, we will destroy our copy of your wallet’s encryption material. Note: this does not delete the wallet from the blockchain. The wallet’s public address and historical transactions remain visible on the public ledger indefinitely. If you have not first transferred out any holdings, they may become inaccessible.
22.5 AML, Sanctions, and Lawful Requests
Because we control the signing keys, we may be required by law to:
- screen wallet activity for sanctions and AML compliance;
- freeze, suspend, or restrict your wallet if required by sanctions or a competent authority’s order;
- disclose wallet activity to law enforcement or regulators on lawful request.
We will exercise these rights only to the extent legally required and will inform you where the law permits.
22.6 We Are Not a Bank
Petso is not a credit institution, payment institution, e-money institution, or regulated investment service provider. Your wallet is not a payment account and your $PET is not a bank deposit. There is no deposit-guarantee scheme covering balances held in your custodial wallet.
Counsel review required: confirm the Wwft / De Nederlandsche Bank (DNB) classification of the custodial activity, and assess whether MiCA “crypto-asset service” licensing (Title V, in particular Article 60) is triggered by the custodial-wallet activity.
23. BLOCKCHAIN-ANCHORED DATA AND THE RIGHT TO ERASURE
Some of our processing involves recording information on public blockchains, which are append-only ledgers. This section explains what we anchor on-chain, what stays off-chain, and how we handle the GDPR right to erasure (Article 17) in that context.
23.1 What Goes On-Chain
We record the following on-chain (currently Solana, with limited use of Cardano for certificate anchoring):
- Pet DIDs (Decentralized Identifiers) — a unique blockchain identifier for a pet, plus a cryptographic hash that allows third parties to verify the integrity of the pet’s records;
- NFT mints — when you opt in, a non-fungible token representing a pet, certificate, or other item, with its associated metadata URL;
- $PET token transactions — transfers, claims, and rewards;
- Document hashes — cryptographic fingerprints of certificates and other records, allowing third parties to verify a document is authentic without disclosing its content.
We do not record any of the following on-chain:
- pet names, breeds, photos, or other profile content;
- pet medical records, vaccinations, prescriptions, or any other health information;
- your name, email, phone number, address, or any other identifier of your Petso account.
A public ledger reveals:
- the public wallet address that initiated and received each transaction;
- the amount, asset, and timestamp of each transaction;
- the mint addresses and metadata URLs of NFTs;
- document hashes (but not the underlying documents).
Anyone who knows your wallet address can therefore see your on-chain transaction history. A wallet address is pseudonymous personal data under the GDPR (see EDPB Opinion 28/2024) but is not intrinsically linked to your real-world identity unless that link is made elsewhere (for example, by you publishing the address).
23.3 Our Legal Basis for On-Chain Processing
Because on-chain data cannot be deleted, we cannot rely on contract or legitimate interest as the lawful basis for putting data on-chain. We rely on your explicit consent under GDPR Articles 6(1)(a) and (where health data is involved) 9(2)(a). Each on-chain action is initiated by a discrete user action in the app and is preceded by a clear consent prompt.
If you decline consent, you can still use the Services in a non-on-chain mode. You will not be able to create a Pet DID, mint NFTs, or take part in the $PET economy.
23.4 The Right to Erasure (Article 17 GDPR) — How It Works Here
You have the right to erasure (“right to be forgotten”) under Article 17. For Petso, this works as follows.
- Off-chain data. When you exercise your right to erasure, we delete or irreversibly anonymize all personal data we hold off-chain about you. This includes the off-chain content linked to any Pet DID — pet profile, photos, medical records, documents, etc. After this happens, the on-chain DID and any document hash are no longer linkable to a real person via our systems.
- On-chain identifiers. We cannot delete the on-chain DID, NFT, hash, or transaction record. However, after we have deleted the off-chain content, the on-chain identifier ceases to identify you in any practical sense; it is at most a hash with no connection to your identity. Where the Petso DID program supports it, we will also revoke or deactivate the DID on-chain to make this clear.
- Wallet. As described in Section 22, on account deletion we destroy our copy of your wallet’s encryption material. The wallet itself, its public address, and its transaction history remain on the ledger.
23.5 The Trade-Off You Must Understand
By opting in to on-chain anchoring, you accept that the on-chain component cannot be reversed. We can sever the on-chain identifier from your real-world identity by deleting the off-chain content, but we cannot remove the identifier itself.
We disclose this trade-off here, in our Terms of Service, and in the in-app consent flow for each on-chain action.
Counsel review required: confirm the Article 17 / Article 11 GDPR analysis is properly hedged in light of recent EDPB guidance on blockchain processing and CNIL guidance on irreversibility.
24. SUB-PROCESSORS AND INTERNATIONAL TRANSFERS
We use a limited number of service providers (“sub-processors”) to deliver the Services. Each sub-processor is bound by a data-processing agreement that includes the GDPR Article 28 obligations. Where a sub-processor processes personal data outside the European Economic Area, we put in place an appropriate transfer mechanism — most often the European Commission’s Standard Contractual Clauses (“SCCs”) under Decision 2021/914, supplemented by technical and organizational measures where required by the EU Court of Justice’s “Schrems II” judgment.
The table below lists our current sub-processors. We will update this list as it changes; you can request advance notice of additions by emailing hello@petso.io.
| Sub-processor | Purpose | Categories of data | Hosting region | Transfer mechanism |
|---|
| Clerk, Inc. | Authentication, user account management, OTP delivery | Email, name, password (hashed), OAuth profile, session metadata, phone number | United States | SCCs (Module 2) + supplementary measures |
| Cloudflare, Inc. (D1, R2, Workers) | Primary application backend; storage of all personal data and uploaded files | All categories of data described in Section 2 of this Policy | United States (ENAM region by default); EU-region pinning under evaluation | SCCs (Module 2) + supplementary measures |
| Amazon Web Services EMEA Sàrl (AWS SES, eu-west-1 / Ireland) | Transactional and marketing email | Recipient email address, sender email address, subject and body | EU (Ireland) | Intra-EEA; no third-country transfer |
| Functional Software, Inc. d/b/a Sentry (de.sentry.io ingest) | Application crash and error monitoring | Stack traces, breadcrumbs, device and browser metadata, account identifier | EU (Germany) | Intra-EEA; no third-country transfer |
| Expo, Inc. (Expo Push Service) | Relay of push notifications to mobile devices | Expo push token, notification payload | United States | SCCs (Module 2) + supplementary measures |
| Apple, Inc. (APNs) | Delivery of push notifications to iOS devices | APNs device token, notification payload | Global (standard iOS pipeline) | Apple iOS Developer Agreement |
| Google LLC (Firebase Cloud Messaging / FCM, Firebase metadata) | Delivery of push notifications to Android devices | FCM token, notification payload, Firebase app metadata | United States | SCCs (Module 2) + supplementary measures |
| Google LLC (Google Maps Platform, Places API) | Location-based features: nearby pet parks and points of interest | Device geolocation (where you grant the permission), search keywords | United States | SCCs (Module 2) + supplementary measures |
| Stripe Payments Europe Limited / Stripe, Inc. | Payment processing for Petso Pro bookings, invoices, and Connect payouts | Cardholder data, customer name and email, business banking and identity data for Stripe Connect KYC | EEA-issued cards processed by Stripe Payments Europe Ltd (Ireland); US-side infrastructure for Stripe, Inc. | Intra-EEA for EU-issued cards; SCCs (Module 2) for US transfers |
| Tatum (Tatum.io OÜ) | Solana RPC proxy | Wallet addresses queried, raw transactions submitted | Estonia (confirm region with vendor) | Intra-EEA where Estonian region applies; otherwise SCCs (Module 2) |
| Blockfrost.io (Blockfrost.io OÜ) | Cardano RPC proxy | Wallet addresses queried, anchoring transaction hashes | EU (Ireland-region API by default) | Intra-EEA |
| Google LLC (Google Tag Manager) — website only | Container for marketing analytics and third-party tags loaded on petso.io | IP address, page-view metadata, click events, anything that the website’s cookie-consent banner permits | United States | SCCs (Module 2) + visitor consent gate (see Section 11) |
| Solana / Cardano mainnet validators | Settlement of on-chain transactions you authorize | Wallet address, transaction details, document hashes | Decentralized, global | Public-ledger participation — not a controller-to-processor relationship. We rely on your explicit consent (see Section 23). |
If you are a professional user (Petso Pro), please also note that the business you work for is a separate controller for the data of its own end-clients and patients (see Section 18). Petso acts as processor for the Pro business in respect of that data under a separate data-processing agreement.
Counsel review required: confirm each vendor entry (legal entity, hosting region, transfer mechanism). The list must be kept current; material changes require advance notice to data subjects under the Article 28 obligation and may require contract renegotiation with Pro business customers.
BY USING PETSO SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Questions? Contact hello@petso.io
Last Updated: May 29, 2026
Version: 2.0
© 2026 Petso B.V. All rights reserved.