Pawsly – Privacy Policy & Cookie Policy (EN)
Laste updated: 4 August 2025
Applies to: the website *.pawsly.app
Data controller: Pawsly, based in the Netherlands.
Contact (privacy): hello@pawsly.app

1) Who we are

Pawsly provides a dog wellness/meditation service with nature sounds and guided meditations. Access is available only to users with an active subscription.

2) Scope and role

This Privacy & Cookie Policy explains how we process personal data when you visit our website, create an account, purchase/maintain a subscription, or use the Service. Pawsly acts as the controller for this processing under the EU GDPR/AVG.

3) What data we collect

We collect only what is necessary to let you log in, pay, and access content. We do not use analytics, advertising, or social tracking.

  • Account data: email address, password hash, account status, subscription/membership level.
  • Subscription & payments: subscription status, invoices, payment references, and related metadata processed via Stripe. Pawsly does not store full card or bank details.
  • Access & session data: login timestamps, session/token identifiers, membership entitlements, and consent records where applicable.
  • Technical security data: IP address and user-agent may appear in server/error/security logs to prevent abuse and ensure availability.
  • Support & transactional communications: messages you send us and system emails (e.g., password resets, receipts, renewal notices).

We do not intentionally collect special categories of personal data and we do not perform profiling or automated decision-making with legal effects.

4) Sources

Data is provided by you (e.g., during sign-up/checkout) or generated by your use of the Service (e.g., session logs). Payment metadata may be provided by Stripe.

5) Purposes and legal bases

  • Provide and manage your account & subscriptionContract necessity (GDPR art. 6(1)(b)).
  • Process payments & comply with tax/accounting lawContract necessity and Legal obligation (art. 6(1)(b) & 6(1)(c)).
  • Security, fraud prevention, uptime, troubleshootingLegitimate interests (art. 6(1)(f)).
  • Customer supportLegitimate interests (art. 6(1)(f)).

We do not send marketing emails without your opt-in and we do not run advertising/remarketing.

6) Cookies (strictly necessary only)

We only use cookies and similar technologies that are strictly necessary for the Service to function (no analytics/advertising).

Examples (names may vary):

  • Authentication/session : keeps you logged in and recognizes your membership level.
  • Checkout/payments: enables cart/checkout, prevents fraud, and completes payments.
  • Security & load balancing: may be set by our infrastructure to protect the Service.
  • No comments cookies: we do not run a public blog with comments.

Consent: because we only use strictly necessary cookies, an opt-in banner is not required. If we ever add non-essential cookies, we will request valid consent first.

You can block/delete cookies in your browser, but essential features (login/checkout) may not work without them.

7) International transfers

We aim to store and process data in the EEA. Some providers (e.g., Stripe and its support operations) may involve limited transfers outside the EEA. When that happens, we rely on EU Standard Contractual Clauses (SCCs) and, where necessary, supplementary measures to protect your data. Details are available on request.

8) Retention

  • Account data: kept until you delete your account or ask us to delete your data, unless we must retain certain data by law.
  • Payment & invoicing data: retained for at least 7 years to meet Dutch/EU tax and accounting obligations.
  • Security/server logs: typically retained for up to 90 days, unless needed longer to investigate incidents.
  • Support communications: retained for a reasonable period to handle follow-up, unless you request earlier deletion where feasible.

When retention periods end, we delete or irreversibly anonymize data.

9) Security

We use appropriate technical and organizational measures, including TLS encryption in transit, robust password hashing, access controls (least privilege), regular updates/patching, monitoring, and backups.

10) Your rights

Under the GDPR/AVG, you can request:

  • Access to your data;
  • Rectification of inaccurate data;
  • Erasure (“right to be forgotten”);
  • Restriction of processing;
  • Data portability (copy of your data in a structured, commonly used format);
  • Objection to processing based on legitimate interests.

Where processing relies on consent (not typical for our core Service), you can withdraw it at any time.

To exercise your rights, contact hello@pawsly.app. We will respond within one month. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

11) Children

The Service is intended for adult dog owners/caregivers. We do not knowingly collect data from children under 16. If you believe a child has provided us data, please contact us so we can delete it.

12) Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

13) Changes to this policy

We may update this Policy from time to time. If changes materially affect you, we will notify you via the Service or by email. The effective date at the top shows when it last changed.

14) Contact

Questions or requests about privacy?

Email: hello@pawsly.app

Controller: Pawsly (Netherlands)