Privacy Policy

MyDayz ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why, how we store and share it, and your rights worldwide.

It applies to the DogDayz mobile application (iOS and Android) and web application (collectively the "App") and should be read alongside our Terms & Conditions and Disclaimer.

Data controller: MyDayz (operated by a sole trader in the United Kingdom), 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom — legal@mydayz.co. UK ICO registration: ZC173666. EU representative (GDPR Article 27): Not appointed. MyDayz is established in the United Kingdom and does not target the EU market — the App is offered in English with pricing in GBP only, and we do not direct marketing to EU member states — so we consider that EU GDPR Article 3(2) is not engaged and no EU representative is currently required. We review this position regularly and will appoint a representative in an EU member state if we begin offering the App to individuals in the EU or monitoring their behaviour within the EU.

1.1 Account Information Full name; email address; hashed credentials.

1.2 Pet Profile Information Pet name, species, breed, date of birth, weight, microchip number, vaccination records, medication schedules, veterinary records, diet, grooming records, and other care notes you enter. This information concerns your animal's health and care, not your own, so it is generally not "special category" data about you under UK or EU GDPR; we nonetheless treat it with care and collect only what is needed. Where something you enter could reveal special-category information about a person — for example, a registered assistance- or service-dog record that may indicate a disability — we handle it accordingly. Some US states (for example, Washington's My Health My Data Act) define "consumer health data" more broadly; see section 9.2.

1.3 Photos and Media Profile photographs and other images you upload.

1.4 Location Data (Foreground Only) With your explicit opt-in, the App accesses your device's precise GPS location to log walk routes, calculate distances, and identify nearby veterinary clinics. Tracking occurs only while the App is actively in use. We do not track location when the App is closed or minimised. You may revoke access at any time in your device settings, which disables location features. If you use walk tracking, we store the resulting route and distance history with your activity logs (see retention in section 4.2).

1.5 Device and Technical Data Device type and OS version; and IP address and approximate region (used for security and to route requests). Where enabled, we may also process: push notification tokens (only if you turn on push notifications), crash reports and diagnostics, and anonymised usage analytics. We do not currently run third-party analytics or crash-reporting tools, and we will not enable any non-essential analytics on the website without first obtaining the consent required by law.

1.6 Advertising Data We do not display third-party advertisements or share data with ad networks at this stage. If we introduce advertising in future, we will update this Policy and seek your explicit consent before collecting any advertising identifiers (IDFA/GAID). Pet health profiles will never be shared with advertising networks.

1.7 Subscription and Billing Information If you subscribe, we process your subscription status and billing records (for example, plan, renewal dates, and transaction references). Card and payment details are handled by Stripe; we do not receive or store your full card number.

1.8 Communications If you contact us (for example, support or privacy requests), we process your messages and contact details to respond and to keep a record of how we handled your request.

1.9 Information We Derive We may generate basic derived information from what you enter — for example, your pet's age from its date of birth, weight trends, and care-status indicators (such as "due soon" or "overdue"). This is for your information only and is not veterinary advice.

3.1 UK GDPR and EU GDPR We are established in the UK, so the UK GDPR (overseen by the ICO) is our primary regime; the EU GDPR applies where it covers users in the EU. Under both, we rely on: Contract (to create and provide your account and the App's features); Consent (location/GPS features and any marketing — you may withdraw it at any time); Legal Obligation (for example, tax and accounting records); and Legitimate Interests. Our legitimate interests include keeping the App and accounts secure, preventing fraud and abuse, responding to your requests, and maintaining and improving the service (including any future analytics or crash reporting, which are not currently used). Where we rely on legitimate interests we carry out a Legitimate Interests Assessment (LIA) to balance those interests against your rights, available on request.

3.2 Brazil (LGPD — Lei Geral de Proteção de Dados) We rely on the following LGPD Article 7 bases: contract performance; legitimate interest (analytics, fraud prevention); consent (location, marketing); and legal obligation. DPO/Encarregado: legal@mydayz.co.

3.3 India (DPDP Act 2023) We process personal data on the basis of consent and legitimate use as defined under the Digital Personal Data Protection Act 2023. Grievance Officer: legal@mydayz.co. We will appoint a local Consent Manager if required by applicable rules.

3.4 Other Jurisdictions We process your data on equivalent legal bases under applicable local law, including the Australian Privacy Act 1988, PIPEDA (Canada), APPI (Japan), PIPA (South Korea), and the New Zealand Privacy Act 2020.

You may withdraw consent at any time without affecting prior lawful processing.

4.1 Storage Locations Your DogDayz pet and activity data is stored locally on your device. Where cloud features are enabled for your account (such as backup or syncing across your devices), that data is also synchronised to cloud servers hosted within the European Union (Germany, Frankfurt); your MyDayz account and subscription details are always stored there. For users outside the UK/EEA, data may be transferred under UK ICO/EC-approved Standard Contractual Clauses or equivalent safeguards. Australian users: we comply with APP 8 cross-border disclosure obligations.

4.2 Retention Schedule Account and pet profile data: retained while your account is active, deleted/anonymised within 30 days of account deletion. Activity logs: retained for 24 months, then anonymised. Analytics and crash data: retained for 12 months in aggregated form. Subscription records: retained for 7 years for tax and legal compliance. Backups: purged within 90 days of deletion request. You can delete your account at any time from your account settings or by emailing legal@mydayz.co (see Terms, section 6.4); deletion triggers the erasure timelines above.

4.3 Security We use encryption in transit (TLS/HTTPS) and at rest, hashed and salted passwords, role-based access controls, pseudonymisation or anonymisation where appropriate, and regular security reviews. You also play a part: keep your password confidential and your device secure and up to date (see Terms, section 6.5). No method of transmission or storage is 100% secure.

9.1 UK and EU (UK GDPR / EU GDPR) Access; rectification; erasure; restriction; portability; objection; withdrawal of consent; and complaint to the UK ICO (https://ico.org.uk, 0303 123 1113) or your EU supervisory authority. We respond to UK and EU rights requests within one month, which we may extend by up to two further months for complex or numerous requests (we will tell you if we need more time).

9.2 United States

California (CCPA/CPRA): Right to know; delete; correct; opt-out of sale/sharing; limit use of sensitive personal information; non-discrimination. We do not sell or "share" (for cross-context behavioural advertising) personal information as defined by the CCPA/CPRA, so we do not provide a "Do Not Sell or Share My Personal Information" link; if this changes, we will provide one.

Washington (MHMDA): Pet health and medication data may constitute consumer health data under the My Health MDA. You have the right to confirm collection, withdraw consent, delete, and receive a list of third parties to whom health data has been disclosed. We do not sell consumer health data.

Virginia, Colorado, Connecticut, Texas, and other US states with comprehensive privacy laws: Right to access; delete; correct; portability; opt-out of profiling for decisions producing legal effects; and appeal our decisions. To opt-out of profiling, email legal@mydayz.co with "Opt-Out of Profiling" in the subject line.

All US rights requests: email legal@mydayz.co with subject "US Privacy Rights Request — [Your State]". We will respond within 45 days (extendable by 45 days where permitted).

9.3 Canada (PIPEDA and Quebec Law 25) Access; correction; withdrawal of consent (where processing is consent-based); and complaint to the OPC (https://www.priv.gc.ca). Quebec residents have additional rights under Law 25 including de-indexing and data portability. Privacy Officer: legal@mydayz.co. We obtain express consent for commercial electronic messages under CASL.

9.4 Australia (Privacy Act 1988 — Australian Privacy Principles) Access and correction of personal information held by us. Complaint to the OAIC (https://www.oaic.gov.au). We comply with all 13 Australian Privacy Principles. Cross-border disclosures are made in accordance with APP 8.

9.5 Brazil (LGPD) Access; correction; anonymisation, blocking, or deletion; portability; information about sharing; opt-out of processing; and complaint to the ANPD. DPO/Encarregado contact: legal@mydayz.co.

9.6 Japan (APPI — 2022 Amendments) Access; correction; deletion; suspension of use; opt-out of third-party provision; and complaint to the PPC. We maintain third-party provision records as required by APPI 2022.

9.7 South Korea (PIPA) Access; correction; deletion; suspension of processing; portability; and complaint to the PIPC. We comply with retention and destruction obligations under PIPA Article 21 and will appoint a local representative when required.

9.8 India (DPDP Act 2023) Access (summary of personal data and processing activities); correction and erasure; grievance redressal via legal@mydayz.co; and nomination of a representative for data access. We will comply with Data Fiduciary obligations as implementing rules are notified.

9.9 New Zealand (Privacy Act 2020) Access and correction of personal information. Complaint to the Office of the Privacy Commissioner (https://www.privacy.org.nz).

To exercise any right, contact legal@mydayz.co. We respond within 30 days (or the timeframe required by your local law). We may verify your identity before processing requests.