petsPetBaseGet Started

Legal

Privacy Policy

Last updated: April 2026

1. Who We Are

PetBase ("we", "us", "our") operates the PetBase application and website. We are the data controller for personal information processed through PetBase. PetBase is operated by PetBase LLC. Our registered address is on file with our state of incorporation.

For privacy questions or requests, contact us at privacy@petbaseapp.com.

2. Information We Collect

  • Account information — email address, display name, and profile photo when you create an account.
  • Pet data — names, photos, health records, medical notes, vaccinations, and related information you enter about your pets. Health records are encrypted on your device before storage.
  • Community content — posts, comments, group memberships, and messages you create.
  • Location data — approximate location (city/region level) used for local service discovery, if you grant permission.
  • Usage data — pages visited, features used, device type, browser, and IP address collected via Firebase Analytics (if you have consented to analytics).
  • Payment data — if you subscribe to PetBase Premium, your payment is processed by Stripe. We store only a Stripe customer reference identifier; we do not store your card number.

3. How We Use Your Information

  • To provide and improve the PetBase service.
  • To process subscription payments via Stripe.
  • To send transactional notifications (e.g., billing confirmations).
  • To show contextual advertisements via Google AdSense for free-tier users who have consented (see Section 6).
  • To measure usage and improve the product via Firebase Analytics, where you have consented.
  • To comply with legal obligations.

Legal basis (GDPR): Contract performance (account, subscription); legitimate interest (security, fraud prevention); consent (advertising cookies, analytics); legal obligation (regulatory compliance).

4. Privacy by Design — End-to-End Encryption

Pet health records and medical data are encrypted using AES-256-GCM on your device before being sent to our servers. Your encryption key is derived from your account credentials and never leaves your device in unencrypted form. This means we store ciphertext, not readable health records. Even PetBase employees cannot read your pet's medical data.

5. Who We Share Data With

We do not sell your personal data. We share it only with service providers necessary to operate PetBase:

  • Google / Firebase — authentication, database (Firestore), file storage, and analytics. Google Privacy Policy
  • Stripe — payment processing for Premium subscriptions. Stripe Privacy Policy
  • Google AdSense — advertising for free-tier users who have provided consent (see Section 6). Google Ads Policy

6. Advertising (Google AdSense)

Free-tier PetBase users may see advertisements served by Google AdSense. We use Google Consent Mode v2. Before any advertising cookies are placed, we ask for your consent through Google's certified consent management platform (Funding Choices), which complies with the IAB Transparency & Consent Framework (TCF) v2.3 for European users and the IAB Global Privacy Platform (GPP) for US users.

Third-party ad cookies: Third party vendors, including Google, use cookies to serve ads based on a user's prior visits to your website or other websites. You may opt out of personalized advertising by visiting Google Ad Settings or NAI opt-out.

Premium subscribers see no advertisements. You can upgrade to Premium at any time to remove ads.

7. Analytics

We use Firebase Analytics (Google Analytics) to understand how the app is used. Analytics data collection is subject to your consent choice in the Google-managed consent banner. You may update or withdraw consent at any time through the same banner or from your account settings.

8. Cookies

We use the following types of cookies and similar technologies:

  • Strictly necessary — session authentication cookies required for you to log in and use the app. These cannot be declined.
  • Analytics cookies — Firebase Analytics, used to measure app usage. Requires consent.
  • Advertising cookies — Google AdSense, used to show relevant ads to free-tier users. Requires consent. Only placed after you accept via the Google-managed consent banner (Funding Choices / Privacy & messaging).

9. Data Retention

Account and pet data is retained for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. Encrypted health records are unreadable without your key and are deleted alongside your account. Stripe payment records are retained per Stripe's policy (typically 7 years for financial records). Usage analytics data is retained in aggregate form for up to 14 months per Google Analytics retention defaults.

10. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Consent withdrawal — withdraw consent for analytics or advertising at any time from account settings.

To exercise these rights, email privacy@petbaseapp.com. California residents: see Section 11 for CCPA rights.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information is collected, used, disclosed, or sold.
  • Right to delete personal information.
  • Right to opt out of the "sale" or "sharing" of personal information.
  • Right to non-discrimination for exercising your rights.

PetBase does not sell personal information. To manage advertising data sharing, use the "Do Not Sell or Share My Personal Information" option in the Google-managed consent banner or contact us at privacy@petbaseapp.com. For CCPA purposes, limited data sharing with Google AdSense for ad personalization may constitute a "sale" or "sharing" of personal information under California law.

12. Security

We implement industry-standard security measures including AES-256-GCM encryption for health records, HTTPS for all data in transit, Firebase security rules limiting data access, and Firebase App Check to prevent unauthorized API access.

13. Children's Privacy

PetBase is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify you via email or an in-app notice.

15. Contact Us

For privacy questions, requests, or complaints, contact: privacy@petbaseapp.com. If you are located in the EU or UK, you may also contact our data protection point of contact at the same email address. We will appoint a formal EU/UK representative under GDPR Article 27 if and when required by our processing activities.