This Privacy Policy explains how PawDash ("we", "us") collects, uses, and protects your personal data when you use the PawDash service (pawdash.co.uk and any tenant subdomain or path). It is written in line with UK GDPR and the Data Protection Act 2018.
PawDash is operated as a sole-trader by Joshua Reed in the United Kingdom. You can contact us at hello@pawdash.co.uk.
We collect three categories of data:
We do not collect or store credit card or bank account details. Subscription billing is handled by GoCardless, who hold those details on our behalf.
We process personal data on the following bases:
When you record dogs and their owners in PawDash, you act as the data controller for that information; we act as a data processor on your behalf. Our Data Processing Agreement (/dpa) governs that relationship.
We do not sell your data and do not share it for advertising purposes.
Most data stays within the UK / EU. Where Vercel routes traffic via US edge servers, the transfer is covered by the UK International Data Transfer Addendum and the EU-US Data Privacy Framework.
We keep your account and business data for as long as your subscription is active. After cancellation we keep it for 30 days so you can export or reactivate, then delete it. We keep accounting records (invoices, payment confirmations) for 7 years per HMRC rules.
Under UK GDPR you have the right to:
Email hello@pawdash.co.uk to exercise any of these. We respond within 30 days.
Data is encrypted in transit (HTTPS) and at rest (Supabase AES-256). Database access is scoped to your tenant via Row Level Security. Passwords are hashed with bcrypt; we never see your password.
See our Cookie Policy.
We will email you at the address registered on your account if we make material changes. Continued use after notification means you accept the updated policy.