Privacy Policy

Effective Date: February 1, 2026 · Last Updated: May 25, 2026

Plain-English Summary: We collect information you provide (email, pet data) and technical data (device info, usage patterns) to run AlienKeeper. We don't sell your data. Payments are handled by Dodo Payments as our Merchant of Record. EU/EEA users' data is stored in the EU; US users' data is stored in the US. EU/EEA residents have rights under GDPR; California residents have rights under CCPA. You can export or delete your data anytime. Full details below.

1. Introduction

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use AlienKeeper ("Service").

By using the Service, you agree to this Privacy Policy. If you don't agree, please don't use the Service.

Contact Information: Email: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Email address
Password (stored using secure hashing)
Username
Timezone

Pet and Care Data:

Pet species, names, descriptions
Pet settings (Feeding and watering schedules etc.)
Pet activities (such as molts, sheds, notes etc.)
Photos you upload
Custom reminders and schedules

Community Content:

Space-sharing requests and messages
Comments and interactions with other users
Any other content you post in community features

Payment Information:

Payments are processed by Dodo Payments, who acts as our Merchant of Record. We do NOT store full payment card details.
Billing address and email
Transaction history

Dodo Payments is an independent data controller for payment transaction data. To exercise your data rights regarding payment information, contact Dodo Payments directly via their privacy policy.

Support Communications:

Messages you send to customer support
Feedback and survey responses

2.2 Information Collected Automatically

Device and Usage Information:

Device type, operating system, browser type
IP address and approximate location (city/country level)
Pages visited, features used, time spent
Click patterns and navigation paths

Cookies and Similar Technologies:

Authentication cookie — strictly necessary session cookie that keeps you logged in
__cf_bm — set by Cloudflare for bot detection and security; strictly necessary
Google Analytics cookies — analytics cookies to understand usage patterns; for EU/EEA users, only placed after explicit consent

You can control non-essential cookies through your browser settings or our cookie consent banner. Disabling the authentication cookie will prevent you from logging in.

2.3 Information from Third Parties

Payment processors (transaction status, fraud prevention data)
Analytics services (aggregated usage statistics)

3. How We Use Your Information

We use your information to:

Provide the Service:

Create and manage your account
Store your pet care data
Send reminders and notifications
Enable community features
Process payments and manage subscriptions
Provide customer support

Improve the Service:

Analyze usage patterns and feature adoption
Fix bugs and technical issues
Develop new features
Optimize performance

Communicate with You:

Service announcements and updates
Billing notifications
Respond to support requests
Send account security alerts
Marketing communications (you may opt out at any time)

Legal and Security:

Prevent fraud and abuse
Enforce our Terms of Service
Comply with legal obligations
Protect rights, property, and safety

With Your Consent: Any other purposes with your explicit permission.

4. How We Share Your Information

We do NOT sell your personal information.

We may share information in these limited circumstances:

Service Providers: Third-party vendors who help us operate the Service, including (for example):

Cloud hosting providers (such as DigitalOcean, Backblaze, AWS)
Dodo Payments — our Merchant of Record, responsible for payment processing, billing, and tax compliance
Email service providers (such as Amazon SES)
Analytics services (Google Analytics)
Cloudflare — for bot protection and security (sets __cf_bm cookie)
Backup and security services

These providers are contractually obligated to protect your data and use it only for specified purposes.

Community Features: Information you voluntarily post in community features (shared spaces and animals) is visible to other users as intended by the feature's functionality.

Business Transfers: If we merge with, are acquired by, or sell assets to another company, your information may be transferred. We'll notify you before this happens.

Legal Requirements: We may disclose information when required by law, legal process, or to:

Comply with valid legal requests (subpoenas, court orders)
Enforce our Terms of Service
Protect against fraud or security threats
Protect our rights, property, or safety, or that of users or the public

With Your Consent: Any other sharing with your explicit permission.

Aggregated/Anonymized Data: We may share statistical or aggregated information that cannot identify you personally (e.g., "70% of users track feeding schedules").

5. Data Storage and Security

Where We Store Data:

EU/EEA users: Primary servers and backups located within the European Union
US users: Primary servers and backups located in the United States
Payment data: Stored by Dodo Payments in their secure systems; we do not store full payment card details

Security Measures:

Industry-standard encryption (TLS/SSL for data in transit)
Secure password hashing (bcrypt)
Regular security updates and monitoring
Access controls and authentication
Automated backups with encryption
Regular security assessments

No Guarantee: While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You use the Service at your own risk.

Your Responsibility:

Keep your password secure and confidential
Use a strong, unique password
Enable two-factor authentication when available
Log out of shared devices
Report suspicious activity immediately

6. Data Retention

Active Accounts: We retain your information as long as your account is active and as needed to provide the Service.

Deleted Accounts: After account deletion:

Most data is deleted within 30 days
Some data may be retained longer for:
- Legal compliance (tax records, transaction history)
- Fraud prevention and security
- Backup systems (deleted within 90 days)
- Legitimate business purposes

Specific Retention Periods:

Transaction records: 7 years (tax/legal requirements)
Support tickets: 3 years
Security logs: 1 year
Anonymous analytics: Indefinitely

Legal Holds: We may retain data longer if required by law or legal process.

7. Your Rights and Choices

7.1 Account Management

Access Your Data: View and manage your pet data.
Update Information: Edit account details, pet records, and preferences anytime.
Delete Your Account: Request account deletion through settings or by contacting [email protected]. This deletes most data within 30 days (see Section 6 for exceptions).
Export Your Data: Download your data in a portable format (JSON) before account deletion (by contacting [email protected]).

7.2 Communication Preferences

Email Notifications:

Opt out of marketing emails (link in every email)
Cannot opt out of essential service emails (security alerts, billing notifications)

Push Notifications: Manage through device settings or in-app preferences.

7.3 Cookie Preferences

Manage cookies through browser settings. Note that disabling essential cookies may prevent login and core functionality.

7.4 Marketing Opt-Out

Unsubscribe from promotional emails using the link in each message, or contact [email protected]. This doesn't affect transactional emails.

8. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights:

8.1 Right to Know

You can request:

Categories of personal information collected
Sources of information
Business purposes for collection
Categories of third parties we share with
Specific pieces of information we hold about you

8.2 Right to Delete

Request deletion of your personal information (subject to legal exceptions).

8.3 Right to Opt-Out of Sale

We do NOT sell your personal information. You do not need to opt out.

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

8.5 How to Exercise Rights

Email: [email protected] with subject "CCPA Request"
Include: Your name, email, account email (if different), and specific request
Verification: We may ask for information to verify your identity before processing requests.
Response Time: We'll respond within 45 days (may extend by 45 days if needed; we'll notify you).
Authorized Agents: You may designate an authorized agent to make requests on your behalf. We'll require proof of authorization.

Payment data: Dodo Payments is an independent data controller for payment transaction data they hold as our Merchant of Record. To exercise your rights regarding that data, contact Dodo Payments directly via their privacy policy.

8.6 California "Shine the Light" Law

You may request information about data shared with third parties for direct marketing purposes (we don't do this, but you can confirm by contacting us).

8.7 Do Not Track

We do not currently respond to "Do Not Track" browser signals because there is no consistent industry standard for compliance.

9. EU/EEA Privacy Rights (GDPR)

If you are located in the European Union or European Economic Area, the GDPR grants you the following rights regarding your personal data:

9.1 Right to Access (Art. 15)

Request a copy of the personal data we hold about you.

9.2 Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations (see Section 6).

9.4 Right to Restriction (Art. 18)

Request that we limit how we process your data in certain circumstances.

9.5 Right to Data Portability (Art. 20)

Receive your personal data in a structured, machine-readable format. You can request a JSON export of your data at any time by contacting [email protected].

9.6 Right to Object (Art. 21)

Object to processing based on legitimate interests, including profiling.

9.7 Right to Withdraw Consent

Where processing is based on your consent (e.g., analytics cookies), you may withdraw it at any time without affecting the lawfulness of prior processing.

9.8 How to Exercise Your Rights

Email: [email protected] with subject "GDPR Request"
Include your name, account email, and a description of your request
We may ask for identity verification before processing your request

9.9 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. Our lead supervisory authority is the Czech Office for Personal Data Protection (ÚOOÚ).

10. Children's Privacy

Age Requirement: The Service is not intended for children under 13.

No Knowing Collection: We do not knowingly collect personal information from children under 13.

Parental Notice: If we learn that we've collected information from a child under 13, we will delete it promptly.

If You're a Parent: If you believe your child under 13 has provided information to us, contact [email protected] immediately.

Users Under 18: If you're between 13-17, you represent that you have parental or guardian consent to use the Service.

11. International Users

Primary Audience: The Service is primarily intended for users in the United States and the European Union/EEA.

Data Residency: We store your data in the region corresponding to your location — EU/EEA users in EU datacenters, US users in US datacenters. See Section 5 for details.

Users from Other Regions: If you access the Service from outside the US or EU/EEA, your data will be stored in the nearest available region. You are responsible for compliance with your local data protection laws.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services:

Not Our Responsibility:

We don't control third-party privacy practices
Their privacy policies apply to their services
Review their policies before providing information

Examples:

Dodo Payments (payment processing)
Cloud hosting providers
Analytics services
Future authentication providers (Google, Apple sign-in)

13. Changes to This Privacy Policy

Updates: We may update this Privacy Policy periodically to reflect changes in practices, legal requirements, or Service features.

Notice of Changes:

Substantial changes (those that materially affect your rights or how we use your data): 14 days' notice via email
Minor changes: Posted on this page with updated "Last Updated" date

Acceptance: Continued use after changes constitutes acceptance. If you disagree, stop using the Service and delete your account.

Version History: We maintain dated versions of this policy for your reference (available upon request).

14. Data Breach Notification

In Case of Breach: If we experience a data breach affecting your personal information, we will:

Investigate and contain the breach
Notify affected users within 72 hours where feasible and required by law
Provide information about what data was affected
Explain steps we're taking to address the breach
Suggest steps you can take to protect yourself

Your Actions: If notified of a breach, immediately:

Change your password
Monitor your account for suspicious activity
Review connected payment methods
Contact us with questions

15. Your Responsibilities

You agree to:

Provide accurate information
Keep your account secure
Not share your password
Notify us of unauthorized access
Use the Service only for lawful purposes
Not violate others' privacy through community features

16. Contact Us

Questions or Concerns: Contact us about this Privacy Policy:

Email: [email protected]

For GDPR Requests: Use subject line "GDPR Request"
For CCPA Requests: Use subject line "CCPA Request"
For Data Deletion: Use subject line "Delete My Account"
For General Privacy Questions: Use subject line "Privacy Inquiry"

Response Time: We aim to respond to all privacy inquiries within 14 business days.