Privacy Policy
Last updated: 2 July 2026
This policy is under ongoing legal review; the practices it describes are current.
This document is provided in English.
Controller: KarmaNova Animal Technologies
Data-protection contact: hello@karmanova.at
Applies to: the PawTails.care iOS app, Android app, and web application.
1. In Short
PawTails helps you track your pet’s health, share it with your vet, and manage a chronic condition such as feline diabetes. We take the trust you place in us seriously — your pet’s data is the heart of the product, not a commodity.
- We do not sell your data. We do not use it for advertising. We show no ads.
- We collect the account details you give us, the pet-health information you choose to log, and a small amount of technical data needed to run the app reliably.
- We host your data on a server in Nuremberg, Germany, within the European Union, and build for GDPR from the ground up.
- You can access, export, correct and delete your data at any time from within the app.
This summary is for orientation only; the full policy below governs.
2. Who This Policy Covers
This policy applies to the people who create a PawTails account and use the Service. Veterinarians who open an owner-generated share link do so without an account; the limited processing involved is described in Section 8.
3. What We Collect and Why
We group the data by what it is. Note that most of it is information about your pet, entered by you — see Section 4 for why that distinction matters.
| Category | Examples | Why we process it | Provided by |
|---|---|---|---|
| Account data | Email address; optional display name; account identifier; authentication method (email/password, or Google/Apple sign-in) | Create and secure your account; sign you in; contact you about the Service | You / your sign-in provider |
| Pet profile | Pet name, species, breed, birth date, photo, weight, colour/markings, neutered status; optional microchip ID and EU pet-passport number | Provide the tracking features you use | You |
| Pet health records | Glucose readings (with meal/stress context and notes), insulin types and doses (with injection site), fructosamine lab results, weight history, observations (appetite, thirst, urination, energy, mobility, vomiting), medications, diet profile, condition and remission status, diagnosis date | The core purpose of the Service | You |
| Veterinary contact | Your vet’s practice name, vet name, phone, email, address that you choose to store | Convenience and vet sharing | You (this is third-party data — see Section 4) |
| Preferences | Units (mmol/L or mg/dL, kg/lb), language, theme, statistics settings, notification toggles | Personalise the app | You |
| Subscription data | Subscription tier and status, purchase/entitlement records | Provide and validate PawTails Pro (available at launch) | Apple/Google/RevenueCat |
| Security/audit data | IP address and browser/device user-agent, recorded in a server-side audit log | Security, abuse prevention, and account-action records | Automatically |
We do not collect your device location, your contacts, your browsing history, or any advertising identifier. A thorough review of the app found no advertising SDK and no product-analytics or tracking SDK of any kind.
4. About “Health Data”: Your Pet vs You
The health information in PawTails concerns your animal, not you. Under the GDPR, “special category” health data (Article 9) concerns the health of a natural person — an animal is not a natural person, so pet health records are ordinarily not special-category personal data.
Two caveats we handle carefully:
- Free-text notes you write could contain personal data (for example, if you mention a person). Please avoid entering other people’s personal data in notes.
- Your vet’s contact details are personal data about that individual. You are responsible for having a legitimate reason to store them; we process them only to provide the features you use.
5. Legal Bases (GDPR Article 6)
- Performance of a contract — to provide the Service you sign up for (account, tracking, sync, sharing, subscriptions).
- Consent — for optional processing you switch on, such as the AI insights feature, and for any processing that requires it. You can withdraw consent at any time.
- Legitimate interests — to keep the Service secure and reliable and to prevent abuse, balanced against your rights.
- Legal obligations — where the law requires us to retain or disclose certain data.
6. AI-Generated Insights (PawTails Pro)
If you use the Pro “insights” feature, we send the relevant recent health data needed to generate the summary to a third-party AI provider that processes it on our behalf to return a plain-language analysis.
- Provider and model: the request is routed via OpenRouter to a large language model (currently Anthropic’s Claude Haiku). Processing takes place on the provider’s infrastructure, which may be located outside the European Economic Area; where that is the case, we rely on an appropriate transfer safeguard (see Section 9).
- What is sent: a summary of the pet’s recent health data for the period analysed — the pet’s name, species and weight; the diabetes condition’s status, target range and remission dates; aggregated statistics for glucose, insulin, weight, fructosamine and observations; and a small number of raw sample points (up to roughly twelve glucose readings, each as timestamp, value and meal/stress-context label, and up to five observation samples). Free-text notes are not sent — the notes, stress notes and mobility notes you write are deliberately excluded from what leaves for the AI provider. No account-identifying data is sent either — not your email, your name, or your account identifier. The request carries only an application-level header identifying the PawTails app, not you.
- Insights are rate-limited (roughly one per week) and informational only (see the Terms’ Medical Disclaimer). They do not constitute automated decisions producing legal or similarly significant effects on you (GDPR Article 22 does not apply).
This feature is optional. If you do not use it, no data is sent to the AI provider.
7. When We Share Data
We do not sell your data and we do not share it for anyone else’s advertising. We disclose data only:
- to service providers (processors) acting on our behalf (Section 8), under contract;
- to people you choose to share with — caregivers you invite and vets you send a share link to (Section 8, “Sharing you control”);
- where required by law, or to protect rights, safety, or the security of the Service;
- in a business transfer (merger or acquisition), subject to this policy.
8. Sub-Processors and Sharing You Control
We host the Service on a server in Nuremberg, Germany, operated for KarmaNova Animal Technologies. Your account and pet data are stored there, within the European Union, using the self-hosted Supabase stack for the database, authentication, and file storage (including pet photos).
PawTails Pro relies on a small number of third-party providers, which process limited data on our behalf when you use the relevant features:
| Provider | Purpose | Notes / location |
|---|---|---|
| Apple / Google | In-app purchases and payment processing for PawTails Pro | Governed by their own terms; Pro subscriptions open at launch |
| RevenueCat | Subscription entitlement management for PawTails Pro | May be located outside the EEA; see Section 9 |
| OpenRouter (and the underlying model, currently Anthropic’s Claude Haiku) | Optional AI insights for PawTails Pro | See Section 6 |
We keep an up-to-date list of the providers we use.
Sharing you control
- Vet share links — you can generate a link (and QR code) containing a long random token that lets a veterinarian view a read-only summary of the pet’s recent data without an account. The summary covers a limited recent window (up to 365 days) and includes the pet profile; a glucose summary and recent readings — including any free-text notes and stress notes on those readings, with stress-flagged readings marked; insulin doses (with notes); weight; the latest fructosamine result; recent observations (with notes); active medications; the diet profile; and the full veterinary contact you have stored (practice, vet name, phone, email, address, notes). It does not reveal your account email, your name, your account identifier, or the pet’s microchip or passport number. The link works only while it is active; it expires and you can revoke it at any time (revoking removes the link entirely). Anyone holding an active link can view the summary, so share it only with people you trust. When someone opens your link, the view is recorded.
- Caregivers — you can invite others to view and log entries for your pet. They see the pet data you have shared with them.
9. International Transfers
Some processors may be located outside the European Economic Area (for example, in the United States). Where personal data is transferred outside the EEA/UK, we rely on an appropriate safeguard such as an adequacy decision or the EU Standard Contractual Clauses (and the UK Addendum).
10. Data Residency
We store your account and pet data on a server in Nuremberg, Germany, within the European Union.
11. How Long We Keep Data
- While your account is active, we keep your data so the Service works.
- When you delete your account, it enters a 30-day recovery window during which you can restore it. After the window closes, your personal data is permanently anonymised in place: your email is replaced with a non-identifying value, pets are renamed generically, and your account can no longer be logged into. De-identified pet health records are retained (no longer linked to you), including in aggregate groupings the app keeps for service integrity; once anonymised, this is no longer personal data under the GDPR.
- Share links are retained until they expire or you revoke them.
- Security/audit data (IP address, user-agent) held in the audit log is retained until the account is anonymised.
- Backups are retained on a rolling basis and then overwritten.
12. Your Rights
Under the GDPR (and equivalent UK law), you have the right to:
- Access your data (Article 15);
- Rectify inaccurate data (Article 16);
- Erase your data (Article 17);
- Restrict processing (Article 18);
- Data portability — receive your data in a machine-readable format (Article 20);
- Object to processing based on legitimate interests (Article 21);
- Withdraw consent at any time, without affecting prior processing (Article 7).
You can exercise the core rights directly in the app: Settings → Your Data Rights lets you request data export, portability, rectification, erasure, and processing restriction, and Settings → Account lets you export a machine-readable copy of your data and delete your account. You can also contact us at hello@karmanova.at. We respond within the time limits the GDPR sets (normally one month).
You also have the right to lodge a complaint with a supervisory authority — in Austria, the Austrian Data Protection Authority (Datenschutzbehörde), or the authority in your EU country of residence; in the UK, the Information Commissioner’s Office.
13. Security
We design for data safety as a first principle. Measures include encryption of data in transit (HTTPS/TLS), row-level access controls so each account can only reach its own data, authenticated access, and least-privilege backend rules. No system is perfectly secure, but protecting your data is central to how we build.
14. Children
PawTails is not directed at children and is intended for users aged at least 16. We do not knowingly collect data from children below the applicable age of digital consent.
15. Cookies and Similar Technologies (Web)
The web app uses only the cookies and local storage necessary to sign you in, keep your session, and remember preferences such as language and theme. It does not use advertising or third-party tracking cookies.
16. Changes to This Policy
We may update this policy. If we make material changes, we will give reasonable notice in-app. The “last updated” date shows the current version.
17. Contact
Privacy questions or requests: hello@karmanova.at.