Privacy Policy – PetiFit
Data Controller: PetiFit Sp. z o.o., ul. Dworcowa 6H, 12-140 Świętajno, Poland. Contact: contact@petifit.com.
Effective as of October 15, 2025 (version: 3.0).
1. What is this policy?
This explains how PetiFit Sp. z o.o. processes personal data of users of the PetiFit mobile application and the petifit.com website, in line with the GDPR (EU Regulation 2016/679).
2. Data we collect
a) Account & sign-in
- E-mail address and password (stored as a hash).
- Apple / Google Sign-In (enabled): external ID and e-mail. We do not receive your Apple/Google passwords.
b) Pet data
- Species, breed (including “unknown/mixed”), name, gender, birth/adoption date, weight, allergies, diseases, microchip/tattoo, color.
- Photos you upload.
c) Health & nutrition
- Visits, vaccinations, medications, symptoms, measurements (e.g., weight, temperature), notes.
- Meals, pet food, calorie & macro targets, food photos, goals (e.g., steps).
d) Media (photos)
You upload specifically selected photos or take a photo within the app. We do not maintain continuous access to your full photo library or camera—the OS asks for permission at the moment of use.
e) Technical data & location
- Logs and diagnostics (app version, OS, error timestamps).
- Push notification token.
- Location—only after permission (e.g., route maps, “find a clinic”).
- Cookies and similar technologies on the Website (see “Cookies”).
f) Health integrations (future)
Apple Health (HealthKit) sync is planned. Before enabling, a consent screen will specify the exact scope. HealthKit data are used solely to provide app features and not for marketing.
3. Why we process data
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and manage your account | Art. 6(1)(b) – contract |
| Apple/Google Sign-In | Art. 6(1)(b) |
| Store pet and health records | Art. 6(1)(b) |
| Send push notifications | Art. 6(1)(f) – legitimate interest (service notifications) |
| Analyze photos (OCR/AI), e.g., document scans | Art. 6(1)(b); if an external AI provider is involved – Art. 6(1)(a) (consent) |
| Location features (routes, clinics) | Art. 6(1)(a) – consent |
| Planned Apple Health (HealthKit) sync | Art. 6(1)(a) – consent |
| Improve the app and debug issues | Art. 6(1)(f) |
| Legal obligations (e.g., accounting) | Art. 6(1)(c) |
AI data processing
Some features (e.g., recognizing text from health booklet photos, symptom analysis, nutrition recommendations) use AI models, including OpenAI services. Data sent for analysis (e.g., photos, text) are processed solely to perform the requested function and transmitted over encrypted channels (TLS). Where analysis is performed by an external provider, we display a clear consent screen with the scope of data and the recipient.
4. How long we keep data
- Account data—while your account is active and up to 6 months after deletion.
- Pet & health records—until you delete them or together with the account.
- Technical logs—typically up to 12 months.
- Consent records—until withdrawn (and up to 12 months for evidential purposes).
- Accounting records—as required by law (typically up to 5 years).
5. Where and how we store data
- Currently: a secure local server controlled by PetiFit Sp. z o.o.
- Planned: migration to a company-owned EU/EEA cloud (we will notify users and update this policy).
- Security: HTTPS/TLS, password hashing, access control, admin event logging.
6. Who we share data with
We share data only when necessary and only with:
- IT providers (hosting/cloud) under data processing agreements (Art. 28 GDPR),
- Apple/Google for authentication according to their policies,
- OpenAI / other AI providers—only with your consent and with a clear scope,
- Public authorities—when required by law.
We do not sell personal data. If data are transferred outside the EEA, we will apply appropriate safeguards (e.g., Standard Contractual Clauses, Art. 46 GDPR) and inform you before enabling such functionality.
7. Your rights
You have the right to access, rectify, erase, restrict processing, data portability, object, and withdraw consent (without affecting prior lawful processing). Contact: contact@petifit.com. We reply within 30 days.
You may lodge a complaint with a supervisory authority. In Poland: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.
8. Children
The app is intended for users aged 16+. We do not knowingly collect data from children without parental consent.
9. Cookies and similar technologies (Website)
We use essential cookies. Analytics/marketing cookies operate only with your consent via a cookie banner. If we embed Apple/Google sign-in elements, those providers may use their own identification mechanisms under their policies.
10. Policy updates
As features evolve (e.g., cloud, Apple Health), we may update this policy. The version and date appear at the top. Material changes will be notified in the app and/or on the Website.
11. AI Model Training
To improve the accuracy of analysis and the quality of health and nutrition recommendations, PetiFit may use data generated in the app to train its own AI models. Data used for training are anonymized and cannot identify individual users. Training is performed solely within infrastructure controlled by PetiFit Sp. z o.o. and aims to enhance app features (e.g., symptom detection, food recommendations, behavior analysis).
The legal basis is user consent (Art. 6(1)(a) GDPR). You can withdraw consent anytime in the app settings; this does not affect the lawfulness of processing before withdrawal.