Privacy Policy
Version 1.1 · Effective date: May 24, 2026
This document is bilingual. The French version prevails. Version française disponible ici.
1. Data Controller Identity
The FamilyPet+ application (the "Service") is operated by:
- Data controller: Alexis GUILLAUME
- Legal form: Individual (not registered as a company)
- Address: Alexis GUILLAUME — France
- Registration number: N/A (individual)
- General contact email: contact@jasmory.tech
- Data Protection Officer (DPO): postmaster@jasmory.tech
For any questions about your personal data, you may also use the in-app /privacy/contact form.
2. Data we collect
We process the following categories of data, strictly necessary for the Service:
| Category | Data | Source |
|---|---|---|
| Account identity | Email, username, password (argon2id-hashed) | User input |
| Pet profile | Name, species, breed, date of birth, sex, profile picture | User input |
| Pet health data | Vaccination records, treatments, prescriptions, weight, veterinary notes, health PDFs | User input / import |
| Photos and media | Pet photos, walk photos, short videos | User input |
| Geolocation | GPS tracks from recorded walks (lat, lon, timestamp, altitude) | Device sensors, opt-in only |
| Push notifications | FCM token, notification preferences | Technical generation |
| Technical data | IP address (truncated after 24h), device model, OS version, app version, log identifiers | Automatic collection |
| Analytics | Aggregated and pseudonymized usage events | Automatic collection |
| Support messages | Subject, body, category (bug, question, suggestion, account, premium, other) — voluntarily submitted via the in-app help form | User input |
We do not collect payment card data directly (any payments are handled by a PCI-DSS certified third party).
3. Legal bases (GDPR art. 6)
- Performance of a contract (art. 6.1.b): account, pet profile, core features.
- Consent (art. 6.1.a): walk geolocation, push notifications, analytics, community sharing.
- Legitimate interest (art. 6.1.f): security, fraud prevention, error logging (Sentry).
- Legal obligation (art. 6.1.c): retention of certain logs for evidentiary purposes.
4. Where your data is stored
Primary hosting is provided by Amazon Web Services (AWS) in the eu-north-1 (Stockholm, Sweden — European Union) region.
Data does not leave the European Union, except for transfers to the sub-processors listed in section 5 (governed by Standard Contractual Clauses).
5. Sub-processors and recipients
| Sub-processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Application hosting (EC2), database, object storage | Stockholm, EU | Primary host — no transfer outside EU |
| Firebase / Google LLC | Push notifications (FCM) | United States | EU Standard Contractual Clauses (SCCs) |
| Anthropic PBC | Optional AI conversational features | United States | SCCs + data minimization: no identifying data sent |
| Sentry (Functional Software, Inc.) | Application error monitoring | United States | SCCs + client-side PII scrubbing |
Personal data is never sold, rented or traded for advertising purposes.
6. Retention periods
| Data type | Retention |
|---|---|
| User account and pet profile | Lifetime of the account (until user deletion) |
| Imported health documents | Lifetime of the account |
| Walk GPS tracks | Lifetime of the account (user may delete anytime) |
| Detailed analytics logs | 365 days maximum, then anonymous aggregation |
| Sentry error logs | 90 days |
| Authentication logs (security) | 12 months |
| Support messages (subject, body, category, replies) | 12 months after last interaction, then automatic erasure |
| Encrypted backups | 30-day rolling window |
| Data after account deletion | Erased within 30 days, unless legal obligation |
7. Your rights (GDPR art. 15-22)
You may at any time:
- Access your data via the
/privacy/contactform. - Rectify your data directly through profile screens.
- Erase ("right to be forgotten") your account via
/auth/account(full erasure within 30 days). - Port your data — structured export (JSON + media) via
/auth/export. - Object / withdraw consent — granular toggles via
/me/consents(geolocation, notifications, analytics, community). - Restrict processing — on request via
/privacy/contact. - Delete your support messages — you may request permanent deletion of your support messages and the associated replies by emailing postmaster@jasmory.tech.
- Lodge a complaint with the French CNIL (www.cnil.fr) or your local supervisory authority.
Response time: maximum 30 days (extendable to 60 days for complex requests, per GDPR art. 12.3).
8. Security
- In-transit encryption: TLS 1.3
- At-rest encryption: AES-256 (EBS, S3)
- Passwords: argon2id with unique salt
- Authentication: short-lived JWT + revocable refresh tokens
- Regular admin access audits
- Responsible disclosure policy: postmaster@jasmory.tech
9. Minors
The Service is not intended for users under 15 without explicit parental consent (GDPR art. 8 as transposed in France). No data is knowingly collected from underage users.
10. Changes
Any material change to this policy will be notified in-app at least 30 days before taking effect. The date at the top of this document is updated at each revision.