<-- Back to home

Privacy Policy

Last updated: 9 May 2026

This Privacy Policy explains how PawDash ("we", "us") collects, uses, and protects your personal data when you use the PawDash service (pawdash.co.uk and any tenant subdomain or path). It is written in line with UK GDPR and the Data Protection Act 2018.

1. Who we are

PawDash is operated as a sole-trader by Joshua Reed in the United Kingdom. You can contact us at hello@pawdash.co.uk.

2. What data we collect

We collect three categories of data:

  • Account data: your name, email address, business name, business address.
  • Business operating data: information you enter while running your business - dogs, dog owners' names, addresses, phone numbers, vet info, walks, daycare bookings, boarding stays, schedules, invoices, staff names and pay splits.
  • Technical data: IP address, browser type, pages visited, captured by Vercel (our hosting provider) for security and performance.

We do not collect or store credit card or bank account details. Subscription billing is handled by GoCardless, who hold those details on our behalf.

3. Lawful basis

We process personal data on the following bases:

  • Contract: to deliver the PawDash service to you.
  • Legitimate interest: to keep the service secure, prevent abuse, and improve features.
  • Legal obligation: to keep accounting records.
  • Consent: for non-essential cookies (see Cookie Policy).

4. Data about your customers (pet owners)

When you record dogs and their owners in PawDash, you act as the data controller for that information; we act as a data processor on your behalf. Our Data Processing Agreement (/dpa) governs that relationship.

5. Who we share data with

  • Supabase (database and authentication) - servers in the EU (Frankfurt).
  • Vercel (hosting and serverless functions) - servers in the EU and US.
  • GoCardless (Direct Debit billing) - UK.
  • Google (only if you sign in with Google) - identity verification only.

We do not sell your data and do not share it for advertising purposes.

6. International transfers

Most data stays within the UK / EU. Where Vercel routes traffic via US edge servers, the transfer is covered by the UK International Data Transfer Addendum and the EU-US Data Privacy Framework.

7. How long we keep it

We keep your account and business data for as long as your subscription is active. After cancellation we keep it for 30 days so you can export or reactivate, then delete it. We keep accounting records (invoices, payment confirmations) for 7 years per HMRC rules.

8. Your rights

Under UK GDPR you have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete data ("right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Complain to the Information Commissioner's Office (ico.org.uk)

Email hello@pawdash.co.uk to exercise any of these. We respond within 30 days.

9. Security

Data is encrypted in transit (HTTPS) and at rest (Supabase AES-256). Database access is scoped to your tenant via Row Level Security. Passwords are hashed with bcrypt; we never see your password.

10. Cookies

See our Cookie Policy.

11. Changes to this policy

We will email you at the address registered on your account if we make material changes. Continued use after notification means you accept the updated policy.