Privacy Policy

1. Introduction

PetPass Technologies Inc. ("PetPass," "we," "our," or "us") is committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, store, transfer, safeguard, and delete information when you use PetPass, including petpass.co, app.petpass.co, and related PetPass services.

This Privacy Policy applies to pet owners, veterinary professionals, veterinary clinics, shelters, rescues, insurers, airlines, transport providers, organizations, and visitors.

This Privacy Policy is designed to comply with applicable privacy laws, including Canada's PIPEDA, Quebec privacy law where applicable, GDPR where applicable, and similar privacy laws in jurisdictions where we serve users.

If you do not agree with this Privacy Policy, please do not use PetPass.

2. Information We Collect

2.1 Information You Provide

We may collect the following information:

Account Information: name, email address, password, phone number, account preferences, and profile information.

Pet Information: pet name, species, breed, sex, date of birth, colour, weight, microchip number, photographs, medical history, vaccination records, treatment notes, certificates, documents, and travel history.

Owner Information: mailing address, emergency contacts, guardian assignments, and ownership or custody information.

Veterinary Information: veterinarian name, licence number, signing organization, clinic information, signature timestamp, verification status, and records created, signed, or uploaded by veterinary professionals.

Organization Information: business name, address, licence or registration numbers, team member details, user roles, and organization records for clinics, shelters, rescues, airlines, insurers, transport providers, and other organizations.

Payment Information: billing details processed through Stripe. PetPass does not store full payment card numbers. We may store Stripe customer references, subscription status, transaction references, billing history, and limited card details such as the last four digits for display, reconciliation, fraud prevention, tax, and support purposes.

Support Communications: messages, attachments, screenshots, documents, and other content you submit through support or customer service channels.

Consent Records: Terms acceptance, Privacy Policy acceptance, Cookie Policy acceptance where applicable, marketing opt-ins, sharing authorizations, and related metadata such as timestamp, IP address, user ID, user agent, and policy version accepted.

2.2 Information Collected Automatically

We may collect:

Usage Data: pages visited, features used, timestamps, clicks, interaction patterns, and user activity.

Device Information: browser type, operating system, device identifiers, screen resolution, language settings, and device configuration.

Log Data: IP address, access times, request IDs, error logs, security logs, and referring URLs.

Cookies and Similar Technologies: cookies, local storage, pixels, analytics tools, and similar technologies. See our Cookie Policy for more details.

Audit Logs: record creation, edits, signatures, sharing, access, deletion, administrative actions, and other security or compliance events.

3. How We Use Information

We use information to:

• provide, operate, and maintain PetPass;
• create and manage user accounts;
• provide pet record and document management tools;
• create and display digital pet profiles and digital pet passport summaries;
• store, organize, and share pet records at the user's direction;
• support veterinary record workflows;
• support ownership, shelter, rescue, transfer, and organization workflows;
• assist users in preparing travel-related documentation and record checklists;
• manage subscriptions, billing, payments, refunds, taxes, and fraud prevention through Stripe;
• send transactional emails, security alerts, billing notices, reminders, and service updates;
• send marketing communications only where permitted by law and with consent where required;
• respond to support requests;
• verify veterinary or organization accounts;
• maintain audit logs and record integrity;
• detect, prevent, and investigate fraud, abuse, unauthorized access, and security incidents;
• improve PetPass through analytics and aggregated usage patterns;
• comply with legal, tax, accounting, regulatory, and court-order obligations.

PetPass does not issue, certify, approve, or validate travel eligibility, regulatory compliance, government documents, import approval, export approval, airline acceptance, or official documentation.

All information provided through PetPass is for organizational and informational purposes only. Users must not rely solely on PetPass for legal, veterinary, regulatory, or travel decisions.

4. Consent and Legal Basis

By using PetPass, you consent to the collection, use, storage, disclosure, and transfer of information as described in this Privacy Policy.

Where required by law, we will obtain express consent for specific activities, including certain data sharing, marketing communications, cookies, or sensitive uses of information.

You may withdraw consent where permitted by law, but doing so may limit or prevent your ability to use certain PetPass features.

Where GDPR or similar laws apply, PetPass processes personal information based on one or more legal bases, including:

• consent;
• performance of a contract;
• compliance with legal obligations;
• legitimate interests;
• protection of rights, security, and fraud prevention.

5. How We Share Information

PetPass does not sell personal information.

We may share information only as follows:

5.1 With Your Consent or Direction

We may share pet records, pet profiles, documents, QR-code pages, or public profile links when you choose to share them with veterinarians, clinics, shelters, rescues, airlines, insurers, transport providers, government authorities, buyers, adopters, or other third parties.

When you create or enable a public QR code, public profile, or share link, anyone with that QR code or link may be able to view the information you have chosen to make accessible.

You may revoke or disable active shares where the Platform provides that option. Revocation does not retract information already viewed, downloaded, copied, or stored by a recipient.

5.2 With Veterinary Providers and Organizations

When you connect your pet profile or records to a veterinary clinic, shelter, rescue, or other organization, relevant pet, account, and record information may be shared with that organization to provide the requested service.

5.3 With Airlines, Authorities, or Travel-Related Parties

PetPass does not directly share data with government or airline systems unless you initiate, authorize, or request that sharing, or unless required by law.

When you initiate sharing, such as through a QR code, link, export, download, or other sharing feature, you control which information becomes accessible to the party viewing or receiving that information.

PetPass does not guarantee that airlines, governments, border authorities, veterinarians, or other third parties will accept any information shown or shared through PetPass.

5.4 With Service Providers

We may share information with service providers that help us operate PetPass, including:

• Stripe for payment processing, billing, subscription management, fraud prevention, and payment records;
• Cloudflare for security, DDoS protection, CDN, bot protection, and related network services;
• hosting and infrastructure providers for application hosting, storage, databases, backups, and monitoring;
• email and SMS providers for transactional and marketing communications;
• analytics providers for product improvement and usage analysis;
• customer support tools;
• security, logging, and monitoring providers.

These providers may process information only as needed to provide services to PetPass, subject to applicable contractual, privacy, and security obligations.

5.5 Legal, Safety, and Security Reasons

We may disclose information where required by law, court order, subpoena, government request, legal process, or where necessary to protect rights, safety, security, users, animals, PetPass, or the public.

5.6 Business Transfers

If PetPass is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to appropriate confidentiality and privacy protections.

6. Data Storage and International Transfers

PetPass uses hosting infrastructure located in Virginia, United States.

Your information may be stored or processed in the United States, Canada, or other countries where PetPass or its service providers operate.

Because PetPass's primary data center is located in Virginia, USA, your personal information may be subject to the laws of the United States, including lawful access requests by U.S. courts, law enforcement, or government authorities.

Certain service providers, including Stripe, Cloudflare, email providers, and other infrastructure or support providers, may also process information in the United States, Canada, the European Union, or other jurisdictions.

PetPass uses reasonable contractual, technical, and organizational safeguards for cross-border transfers where required by law.

If GDPR applies, users may contact PetPass to request information about applicable international transfer safeguards.

Where required by Quebec privacy law, PetPass will conduct privacy impact assessments for projects involving the acquisition, development, or overhaul of systems that collect, use, disclose, retain, or destroy personal information, including cross-border transfers of personal information.

7. Quebec Privacy Requirements

Where required by Quebec privacy law, PetPass will designate a person responsible for the protection of personal information.

Where required, PetPass will conduct privacy impact assessments for:

• information-system projects involving personal information;
• electronic service delivery projects involving personal information;
• transfers or communications of personal information outside Quebec;
• material changes to systems that collect, use, disclose, retain, or destroy personal information.

8. Data Retention

We retain personal information for as long as necessary to:

• provide PetPass;
• maintain user accounts;
• support pet record history;
• process payments, subscriptions, billing, tax, and accounting records;
• maintain veterinary, organization, transfer, and audit history;
• detect and prevent fraud, abuse, and security incidents;
• resolve disputes;
• comply with legal, tax, accounting, regulatory, security, and court-order obligations.

General retention practices include:

Active accounts: retained while your account remains active.

Deleted accounts: most account-level personal information is deleted or de-identified after account closure, subject to legal, audit, tax, security, backup, dispute, and record-integrity requirements.

Billing and transaction records: retained as required for tax, accounting, fraud prevention, and legal obligations.

Audit logs and record-integrity logs: may be retained where necessary to protect record integrity, verify consent, support veterinary or official-document workflows, investigate misuse, or comply with law.

Pet records of transferred pets: may remain with the receiving owner or authorized organization after a transfer, while the original owner's access may be removed or limited.

Marketing consent records: may be retained to demonstrate consent or withdrawal of consent under applicable law.

Some information may remain in backups for a limited period before deletion according to backup schedules.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• access your personal information;
• correct inaccurate or incomplete information;
• request deletion;
• withdraw consent;
• request data portability;
• object to certain processing;
• restrict certain processing;
• request information about how your data is used and shared;
• request information about cross-border transfers;
• file a privacy complaint with PetPass or a privacy regulator.

You may exercise these rights through your account settings, Privacy Center, or by contacting:

privacy@petpass.co

We may need to verify your identity before completing a privacy request.

We will respond within the timeframe required by applicable law. In Canada, PetPass aims to respond to verified privacy requests within 30 days.

Some requests may be limited where information must be retained for legal, security, tax, accounting, dispute-resolution, veterinary record-integrity, fraud-prevention, or other legitimate purposes.

10. Security Controls

PetPass uses reasonable administrative, technical, and physical safeguards designed to protect information, including:

• encryption in transit;
• encryption or secure storage where appropriate;
• password hashing;
• role-based access controls;
• audit logs;
• administrative access controls;
• rate limiting;
• bot protection;
• security monitoring;
• backups;
• vendor security controls;
• dependency and vulnerability review;
• access logging for sensitive actions.

No system is 100% secure.

Users are responsible for protecting their account credentials and notifying PetPass immediately of suspected unauthorized access.

Security concerns may be reported to:

security@petpass.co

11. Breach Notification

If PetPass becomes aware of a security breach involving personal information, we will assess the incident and notify affected users, regulators, or other parties where required by applicable law.

Where required by applicable law, PetPass will notify affected individuals and applicable privacy regulators of any breach of security safeguards involving personal information that creates a real risk of significant harm.

PetPass will maintain records of privacy and security breaches as required by law.

12. Cookies and Tracking

PetPass may use cookies, local storage, pixels, analytics tools, and similar technologies to:

• operate the Platform;
• authenticate users;
• manage sessions;
• protect against fraud and abuse;
• remember preferences;
• improve services;
• understand aggregate usage.

PetPass does not use third-party advertising cookies unless disclosed in the Cookie Policy and consented to where required.

Additional details are provided in the Cookie Policy.

13. Marketing Communications

PetPass may send marketing communications where permitted by law and with consent where required.

Marketing communications may include product updates, feature announcements, newsletters, promotions, travel guides, or offers.

Marketing messages will include required identification information and an unsubscribe mechanism.

You may unsubscribe from marketing communications at any time by using the unsubscribe link or contacting PetPass.

You may still receive transactional or service-related messages, such as account, security, billing, subscription, support, pet record, or reminder notifications.

14. Children's Privacy

PetPass is not directed to children under 16.

We do not knowingly collect personal information directly from children under 16 without appropriate consent.

If you believe a child has provided personal information to PetPass, contact us at:

privacy@petpass.co

15. Human Medical Information

PetPass is designed for pet records and pet-related documentation.

PetPass is not intended to collect, store, or process human medical records or human health information.

Users must not upload human medical or health information unless expressly authorized by PetPass in writing.

16. Veterinary, Pet, and Organization Records

Pet records may include information uploaded by owners, veterinarians, shelters, rescues, clinics, organizations, or other authorized users.

PetPass may identify the source, author, timestamp, verification status, edit history, sharing history, access history, or audit history of certain records.

Where records are created, signed, validated, or uploaded by veterinary professionals or organizations, PetPass may restrict editing or preserve audit history to maintain record integrity.

17. Government and Travel Documents

PetPass may allow users to upload official documents issued by governments, veterinarians, laboratories, airlines, or other authorities.

PetPass does not issue, endorse, validate, certify, approve, or guarantee official government documents, travel eligibility, airline acceptance, border acceptance, import approval, export approval, or legal compliance.

Users are responsible for verifying travel and regulatory requirements with official authorities.

18. Third-Party Links and Services

PetPass may link to third-party websites, authorities, airlines, veterinary clinics, payment providers, Stripe, Cloudflare, or other services.

PetPass is not responsible for the privacy practices, content, policies, decisions, or security of third parties.

19. Changes to This Privacy Policy

PetPass may update this Privacy Policy from time to time.

When we publish a new version:

• the "Last updated" date will change;
• the new version may be recorded in our policy version history;
• material changes may be communicated by email, in-app notice, or posting on the Platform;
• where appropriate, users may be required to re-accept the updated Privacy Policy before continuing to use PetPass.

Continued use of PetPass after changes means you accept the updated Privacy Policy, unless separate re-consent is required by law or by our Platform process.

20. Contact Us

Questions, privacy requests, security concerns, or complaints may be sent to:

PetPass Privacy Team
Email: privacy@petpass.co

PetPass Security
Email: security@petpass.co

Postal address: Available on request

Users in Canada may also contact the Office of the Privacy Commissioner of Canada.