Back to home

Privacy Policy

Last updated: 19 April 2026

Data Controller

PetCare AI is operated by PetCare AI Pty Ltd (ABN 20 697 272 647 · ACN 697 272 647), Sydney, Australia.

UK users: PetCare AI Pty Ltd is the data controller under the UK GDPR (UK General Data Protection Regulation). EU users: PetCare AI Pty Ltd is the data controller under the EU GDPR (Regulation 2016/679). Canadian users: PetCare AI Pty Ltd is the organisation responsible for your personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, under the Act Respecting the Protection of Personal Information in the Private Sector (Law 25). For any privacy-related enquiries, please contact us via the contact page.

1. Overview

PetCare AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. It applies to all users of petcareai.com.au and petcareai.online.

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information you provide directly

  • Account information: email address and password (hashed) when you register
  • Pet profiles: pet name, species, breed, sex, age, weight, medical history, vaccinations, and emergency contacts that you choose to enter
  • Triage conversations: the symptoms and details you describe in chat sessions
  • Triage session photos (Pro): photos you choose to upload during a triage session to help describe your pet's condition. Photos are stored securely and are only retrieved when sent to the AI for analysis or when you choose to view them within your session history.
  • Missing pet reports: when you create a missing pet alert, we collect the last-seen location (address, latitude/longitude, and place identifier), the date and time last seen, optional reward, additional notes, and the contact details (name, phone, email) you want displayed on the public alert page. We also capture a snapshot of your pet's name, species, breed, colour, microchip number, and avatar at the time you create or update the alert so it can be displayed publicly.
  • Finder reports (collar tag scans): when someone scans your pet's QR collar tag or opens the public tag page, they may voluntarily submit a sighting. The sighting may include their name, phone or email, a note, and their device's geolocation (only if they explicitly grant browser permission). This information is provided by the finder, not by you.
  • Contact messages: any messages submitted through our contact form

2.2 Information collected automatically

  • Usage data: pages visited, features used, session timestamps, and error logs
  • Device information: browser type, operating system, and IP address
  • Location data: approximate geolocation (latitude and longitude) is only collected with your explicit action — when you click “Find nearby vets” in the chat, when you select a last-seen location via address autocomplete while creating or editing a missing report, or when a finder grants geolocation permission while submitting a sighting through the collar tag page. We do not track location at any other time.

2.3 Information from third parties

  • Google OAuth: if you sign in with Google, we receive your name and email address from Google
  • Google Places API: when you use address autocomplete on a missing pet report, your search query is sent to Google and we receive the matching place predictions (formatted address, latitude, longitude, and Google place identifier) for the location you select
  • Stripe: we receive confirmation of payment status and a customer ID. We do not receive or store your card details.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To generate AI triage assessments based on the symptoms you describe, including visual analysis of photos you upload (Pro subscribers only)
  • To save and display your triage session history
  • To personalise AI responses using your pet profiles (if provided)
  • To publish missing pet alerts and printable posters when you choose to create one, and to display your pet's name, photo, last-seen location, and contact details to the public via a shareable alert page
  • To generate a unique QR collar tag URL for each pet, to display your pet's name, photo, and your chosen contact details to any member of the public who scans it, and to record sightings submitted through that page so you (as the owner) can review where and when your pet has been seen
  • To process subscription payments and manage your account
  • To send transactional emails (account confirmation, payment receipts)
  • To respond to support enquiries
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not use your pet health data for advertising purposes. We do not sell your personal data to third parties.

4. How We Share Your Information

We share your data only with the following third parties, and only to the extent necessary to provide the Service:

ProviderPurposeData shared
Anthropic, Inc.AI language modelChat message content, pet context, and triage photos (Pro — temporary signed URL, valid 60 seconds)
SupabaseDatabase, authentication & file storageAccount data, pet profiles, session history, pet avatar photos, triage session photos (Pro — private bucket, access-controlled)
Stripe, Inc.Payment processingEmail address, subscription status
GoogleOAuth sign-in, Maps and Places APIsName and email (OAuth only); coordinates (Maps API, when you click “Find nearby vets”); address search query and selected place (Places API, only while you use address autocomplete on a missing report)

We may also disclose your information where required by law, court order, or to protect the rights and safety of PetCare AI Pty Ltd, its users, or others.

5. Public Pages (Missing Reports and Collar Tags)

Two features of the Service publish information you have provided to the public internet, without requiring a viewer to sign in:

  • Missing pet alert pages at /missing/{id} — visible to anyone with the link while the report status is “missing”. Displays the pet name, species, breed, colour, photo (if provided), last-seen location (including a map marker derived from latitude and longitude), date and time last seen, reward (if set), additional notes, and the owner contact details you chose to publish (name, phone, email). The page can be opened by anyone you share it with and is indexable by search engines unless you close the report.
  • Collar tag scan pages at /tag/{id} — visible to anyone who scans your pet's printable QR tag or opens the link directly. Displays the pet name, photo, and either (a) the publicly-listed contact details from an active missing report, or (b) the emergency contact details on your pet profile if no active missing report exists. A finder may submit a sighting through this page including optional name, phone or email, a note, and their geolocation (only with their explicit browser consent).

You control publication. You choose what contact details to expose, and you can close a missing report or remove a pet profile at any time from your dashboard. Closing a missing report or deleting the pet profile removes the public alert immediately; sightings already submitted by finders remain in your account history until you delete them.

Cached copies. Because these pages are public, search engines or third parties may cache or archive their content. We cannot guarantee removal from third-party caches.

Finder data submitted through a collar tag page is treated as information provided by the finder for the purpose of returning a missing pet to its owner. We display it only to the pet's registered owner (Pro feature) and do not use it for any other purpose.

6. Data Retention

We retain your account data and pet profiles for as long as your account is active. Triage session history is retained indefinitely so you can review past assessments, unless you delete individual sessions or your account.

Triage session photos uploaded by Pro subscribers are stored in a private, access-controlled storage bucket. They are only retrieved when sent to the AI for analysis or when you choose to view them in your session history. Photos are retained for as long as your account is active and are permanently deleted when you delete your account or within 30 days of account closure.

Missing pet reports and sightings are retained for as long as the associated pet profile exists so you can review the alert history. Closing a missing report removes it from the public pages but keeps it on your dashboard. Deleting the pet profile permanently deletes all associated missing reports and sightings.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g. payment records for tax purposes, which we retain for 7 years).

7. Your Rights

Depending on where you are located, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data ("right to be forgotten")
  • Portability: request your data in a portable, machine-readable format
  • Objection: object to our processing of your data in certain circumstances
  • Restriction: request that we restrict processing of your data
  • Withdrawal of consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us via the contact page. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

UK users (UK GDPR):You have the right to lodge a complaint with the Information Commissioner's Office (ICO). Our lawful bases for processing are: performance of a contract (account and subscription management), legitimate interests (service improvement and security), and consent (location data).

EU users (GDPR): You have the right to lodge a complaint with your national data protection authority. The same lawful bases apply as stated for UK users above.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale. You also have the right to correct inaccurate personal information and to limit the use of sensitive personal information. We do not sell personal information.

Australian users (Privacy Act 1988): You have the right to access and correct your personal information. If you believe we have breached the Australian Privacy Principles, you may contact us or lodge a complaint with the Office of the Australian Information Commissioner.

Canadian users (PIPEDA): You have the right to access your personal information, request corrections, and challenge our compliance with PIPEDA. You may lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca). Our lawful bases for processing are implied or express consent (as appropriate) and performance of a contract.

Quebec residents (Law 25):In addition to the rights above, you have the right to data portability, the right to be informed of automated decisions made about you, and the right to deindexation where applicable. You may lodge a complaint with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

8. Cookies and Tracking

We use only essential cookies and browser storage required for authentication and session management (e.g. Supabase auth tokens). We do not use advertising or tracking cookies, and we do not use third-party analytics services that track users across websites.

9. Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and access controls. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

If you discover a security vulnerability, please contact us responsibly via our contact page before public disclosure.

10. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

11. International Data Transfers

Your data is stored on Supabase infrastructure located in ap-southeast-2 (Sydney, Australia). Our third-party service providers (Anthropic, Supabase, Stripe) may process your data in the United States or other countries outside your jurisdiction. Where required (UK/EU), we rely on Standard Contractual Clauses (SCCs) for international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions, requests, or complaints, please contact us via the contact page.