Lost Paws

Privacy Policy

Last updated: May 2026

Policy version 1.6 (shown at sign-up)

1. Who we are

Lost Paws("we", "us") operates the Lost Paws mobile app and website to help neighbours reunite lost pets with their families. We are established in Ireland and are the data controller for personal data described in this policy (EU GDPR and Irish data protection law).

Contact: hello@lostpaws.pet
Address: Ireland — full postal address available on request via hello@lostpaws.pet

We have not appointed a separate Data Protection Officer; privacy requests can be sent to the email above.

2. Who this applies to

This policy applies to users of the Lost Paws app and visitors to our marketing website. The app is not directed at children under 13 (or the minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

3. What we collect

  • Account data: email address and password (stored only by our auth provider; we never see your plain-text password), optional Sign in with Apple (Apple may provide your email or a private relay address), and an optional profile icon (bundled breed illustration id — not a photo you upload).
  • Listing data: pet details you publish (name, type, breed, colour, description, last seen text, optional map coordinates, photos). Map coordinates you submit are stored at full precision on our servers so you can edit listings; other users see them rounded on public feeds (see section 4).
  • Reply contact (lost listings): email and/or phone so finders can reach you. Access is logged server-side for abuse prevention (who requested contact, which listing, when — not shown to other users).
  • Community sightings (lost listings only): optional, unverified tips from signed-in users — map pin, area text, time, optional note and photo (EXIF removed on upload). Sightings are not confirmed; similar-looking pets and other factors mean reports may be wrong. Reporter contact is optional and only shared with the listing owner if the reporter opts in. Owners see a private trail with full pins; other users see only a count and approximate latest area (~110 m). When a sighting is submitted, we send a push notification to the listing owner only (if they have a device push token on file). Sightings are hidden from public summary when a listing is found or reunited.
  • Listing view statistics: one unique view per listing per viewer (account id when signed in, or a device-stored anonymous id when not). Owners see only an aggregate count.
  • Notification preferences (optional): alert radius, on/off flag, push token, and — while alerts are on — your last foreground location saved on your profile for nearby push matching. That location is stored at full precision, is updated when you open Home or Explore with location allowed, is cleared immediately when you turn alerts off, and is not used for matching if it is older than 14 days (the value may remain in the database until you refresh it or turn alerts off).
  • Location while using the app (optional): if you allow location, we read it only in the foreground at low accuracy — no background tracking. On the Home tab, location permission is required to load the nearby feed; on Explore, listings load without location (location is used only for distance labels and, if alerts are on, to refresh alert matching). For maps and reports you may instead place a pin manually. Converting coordinates to area text may use your device's map/geocoding service (Apple on iOS; platform-dependent on Android) — we do not send that lookup to our servers as a separate log.
  • Marketing preference (optional): whether you opted in to future product email. We record this choice in your consent log and account metadata. We do not currently send marketing or newsletter email — only transactional messages such as sign-up verification and password reset.
  • Consent records: policy version and timestamps for privacy acceptance and optional marketing preference.
  • Local device storage: encrypted session tokens (SecureStore on mobile), optional login lockout counters after failed sign-in attempts, search/alert radius preference, onboarding and notification-prompt flags, and an anonymous viewer id for view counting when not signed in.
  • Advertising:on Home, Explore, and My requests we may show Google AdMob banners in production builds (not in Expo Go). Google may use device identifiers to deliver and measure ads. In the EU/EEA we use Google's User Messaging Platform (UMP) before personalized ads; you can change choices in-app or in device settings. On iOS we may show Apple's App Tracking Transparency prompt before ads initialize when the system permission has not yet been set. Ads are hidden while report, contact, edit, sighting, or listing-detail screens are open on those tabs.

We do not ask for your legal name on your profile. We minimise data to what the service needs.

4. Public vs private

Public: listings in feeds/maps, listing photos in our image bucket, map coordinates rounded to about 110 m on public feeds and sighting summaries, and aggregate view counts.

Shared on request: lost-listing reply email/phone to signed-inusers via our app (rate-limited; not on map cards). Not returned when status is not "lost". Sighting reporter contact is shared only with the listing owner when the reporter opts in (rate-limited, audited).

Private: your account email, push tokens, alert location on your profile, marketing preference, individual view rows, contact-access logs (security only), and full-precision coordinates stored for your own listings and for owner-only sighting trails.

Row-level security limits API access but does not make published listings secret — assume public content may be copied by others.

5. How we use push notifications

  • New listing alerts (optional): when you enable alerts and allow notifications, we store your Expo push token. If a new lost or found listing is created with a map pin within your chosen radius, and your saved alert location is no older than 14 days, we may notify you. We do not send these alerts for listing edits alone. You are not notified about your own listings.
  • Sighting alerts: when someone submits a community sighting on your lost listing, we notify you only (not other users), if you have a push token on file.

6. Lawful bases (GDPR)

  • Contract: accounts, listings, maps/feeds, and delivering reply contact you chose to publish for lost pets.
  • Legitimate interests: security, fraud/abuse prevention (including contact-request rate limits and view rate limits), operating the platform, proportionate view statistics for listing owners, and enabling unverified community sighting tips on lost listings (with the limitations described above).
  • Consent: optional push alerts, optional future marketing email (preference recorded only today), and (where required) personalized advertising via Google UMP / device settings.

Publishing a lost listing with reply contact is voluntary; you agree that contact may be disclosed as described when the listing is lost.

7. Automated decisions

We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you. View counts and nearby alerts use simple distance and time rules (not profiling for credit or employment).

8. Your rights

  • Access / portability: Profile → Your data → Export my data (JSON). Anonymous views recorded before you signed in are not linked to your account and are not included.
  • Erasure: Profile → Delete my account or email us. Deletion removes your account, profile, listings, sightings, consent log, and related records we control; if stored photos cannot be removed, deletion may fail until retry succeeds.
  • Rectification: edit listings in-app or contact us.
  • Restrict / object: contact us where GDPR applies.
  • Withdraw consent: marketing toggle in Profile → Privacy & legal; push alerts off in app/device settings; ad choices via Google UMP / iOS/Android settings.
  • Complaints: contact us first. If you are in Ireland, you may complain to the Data Protection Commission (DPC). If you are in another EU/EEA country, you may contact your local supervisory authority.

9. Security & retention

HTTPS, encrypted session storage on mobile where supported, path-scoped storage uploads, EXIF stripping on photos, database row-level security, and rate limits on sensitive actions. No method is 100% secure.

We keep data while your account exists and as required by law. Account deletion cascades configured records (listings, views linked to you, consent log, profile). Contact-access logs are deleted with your account. Alert location is cleared when you turn alerts off. Anonymous device viewer ids remain until you clear app data.

We cannot delete copies others made outside our systems (screenshots, forwarded messages).

10. Processors & international transfers

We use subprocessors including Supabase (database, auth, storage), Resend (transactional auth emails only), Expo(push token handling and delivery via Expo's push service when enabled), Google AdMob (ads), and Apple / Google (Sign in with Apple; map display and on-device geocoding through the operating system). They may process data in Ireland, the EEA, the US, or other regions per their terms. Where required, we rely on appropriate safeguards (such as EU Standard Contractual Clauses offered by providers). We do not sell your personal data.

11. Website & app storage

Our marketing pages are mostly static and do not use non-essential analytics or advertising cookies.

Email verification and password-reset pages on our website use Supabase auth session storage in your browser (localStorage) so you can complete those flows. That is essential to the service, not used for advertising.

12. Changes

We may update this policy. Material changes are reflected in a new policy version; the app may ask you to accept the updated policy before continuing. The current version is 1.6.

13. Contact

Privacy questions or data subject requests: hello@lostpaws.pet