Privacy Policy

Furry Adventures Brighton Ltd ("we", "us", "Furry Adventures") is a company registered in England and Wales (company number 17194944). Our registered address is in Brighton, East Sussex.

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller of personal data you provide to us. You can contact us about this policy or any privacy matter at hello@furryadventures.co.uk.

We collect only what we need to walk your dog properly and run a small business:

• Account info: name, email address, phone number, postcode, residential address (for collection / pet sitting).
• Dog profile: dog's name, breed, age, weight, vaccinations and expiry, vet contact, behaviour notes, allergies.
• Bookings: walks you've booked, cancellations, the dogs on each walk.
• Walk data: GPS track of each walk, timestamps of pickup/dropoff, photos taken during the walk, written notes by the walker.
• Payment info: handled entirely by Stripe — we never see or store your card number, expiry, or CVC. We only receive a Stripe customer token + the resulting payment status.
• Communications: emails we send you (delivered via Resend) and any reply you send us.
• Technical: standard server logs, basic device info on app sign-in. No analytics or marketing trackers.

We only use your data for the purposes you'd expect from a dog-walking business. Each use has a lawful basis under Article 6 of UK GDPR:

• Performing your booking (Art. 6(1)(b) — contract): identifying which dog to collect, where, when, and getting them back safely.
• Sending walk recaps and account emails (Art. 6(1)(b) — contract): booking confirmations, walk recaps, cancellation receipts, password resets.
• Vaccination expiry reminders (Art. 6(1)(f) — legitimate interest): your dog's safety + insurance compliance.
• Vet emergency contact (Art. 6(1)(d) — vital interests): we'll contact your nominated vet if your dog needs urgent care.
• Bookkeeping and tax (Art. 6(1)(c) — legal obligation): we keep records of payments and bookings to comply with HMRC requirements.
• Marketing photos (Art. 6(1)(a) — consent): we will only use a photo of your dog publicly (Instagram, website) if you have explicitly opted in.

• Active customer data: for as long as you have an account.
• Walk records (incl. GPS + photos): 2 years from the date of the walk, then deleted.
• Bookkeeping records: 6 years from the end of the relevant tax year (UK statutory requirement).
• Closed accounts: personal data is deleted within 90 days of account closure, except records we're legally required to retain (above).

We do not sell or trade personal data. We share only with the third parties we need to run the service:

• Supabase (database + storage) — based in Ireland (eu-west-1) with appropriate safeguards.
• Stripe (payment processing) — UK / global, PCI-DSS Level 1.
• Resend (transactional email delivery) — based in the US under the EU-US Data Privacy Framework.
• Vercel (web hosting) — global CDN, US-based, with appropriate safeguards.
• Expo (push notifications via Apple / Google) — only the push token + the message content we choose to send.
• Your nominated vet — if your dog needs urgent care during our service.
• Insurers and legal advisers — only when strictly required (e.g. an insurance claim or legal dispute).

All processors are bound by data-processing agreements and process data only on our documented instructions.

Some of our processors (Stripe, Resend, Vercel) may transfer data outside the UK / EEA. These transfers are protected by either (a) UK Adequacy Regulations, (b) the EU-US Data Privacy Framework, or (c) International Data Transfer Agreements / Standard Contractual Clauses, as appropriate.

We protect your data with row-level security, encrypted storage at rest, encrypted transport (TLS 1.2+), and least-privilege access for staff. Payment data never touches our servers — Stripe handles it directly. We do not download personal data to laptops, USB sticks, or unmanaged systems.

Under UK GDPR you have the right to:

• Access the personal data we hold on you.
• Rectify inaccurate data — most fields are editable directly in your account.
• Erase ("right to be forgotten") — subject to bookkeeping retention obligations.
• Restrict or object to processing.
• Portability — get your data in a machine-readable format.
• Withdraw consent for any processing based on consent (e.g. marketing photos), at any time.

To exercise any of these, email hello@furryadventures.co.uk and we'll respond within one calendar month.

You also have the right to complain to the Information Commissioner's Office (the UK's data-protection regulator). We'd appreciate the chance to address your concern first, but it's your right to go straight to them if you prefer.

We use a small number of strictly-necessary cookies: an authentication session cookie when you sign in, and Stripe's cookies on the booking-confirm page (required for payment). We don't use third-party analytics, advertising, or tracking cookies.

Our service is for dog owners aged 18 or over. We don't knowingly collect data from anyone under 18.

When we change this policy materially we'll email account holders before the change takes effect. The version number and last-updated date at the top tell you when it last changed.