SnootScoot Privacy Policy
Last updated: April 23, 2026 · Effective: April 23, 2026
ProPawsTech ("we", "us", "our") operates the SnootScoot iOS application ("the App"). This Privacy Policy explains what information we collect, why, how we use it, who we share it with, and the rights you have over it.
It is written to satisfy the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Brazil's LGPD, Canada's PIPEDA, India's DPDP Act, Apple's App Store privacy requirements, and — for forward-compatibility — the EU/UK General Data Protection Regulation (GDPR / UK GDPR).
Availability
The App is not currently offered for download in the EU/EEA, the United Kingdom, or Switzerland. We will expand to those regions once we have appointed an Article 27 / FADP Article 14 representative. Until then, the GDPR-specific clauses in Section 6a are written to be ready for that expansion, but no EU/UK/Swiss user data is processed by the App.
1. Who is the data controller?
ProPawsTech
Email: propawstech@proton.me
Postal address: [ProPawsTech postal address — to be provided before EU launch]
For the purposes of GDPR / UK GDPR, ProPawsTech is the data controller of personal data processed by the App.
If you are in the EU/EEA and we are required to appoint an EU representative under Article 27 GDPR, that representative will be listed here before the App is made available in the EU/EEA.
2. Data we collect and why
| Category | Source | Examples | Purpose |
|---|---|---|---|
| Account identifier | Sign in with Apple | Apple user ID, email (if you share it) | Authenticate you, sync your data |
| Dog profile | You (manual entry) | Name, breed, birth date, weight, photo | Display in the App |
| Walk activity | App during use | GPS route, distance, duration, elevation | Show walk history, write to Health |
| Wellness logs | You (manual entry) | Weight history, meals, care notes | Show in wellness tabs |
| HealthKit (optional) | Apple Health | Your steps, active calories, walking dist. | Show fitness summary on Home |
| Audio (transient) | Microphone | Audio buffers analysed on-device only; | Detect dog vocalisations |
| never recorded, stored or transmitted | |||
| Vocalisation counts | App during walks | Per-event timestamp + confidence score | Show vocalisation insights |
We do not collect contact lists, advertising identifiers (IDFA), browser history, biometric facial data, precise device fingerprints, or any data about people other than the account holder.
2a. Lawful bases for processing (GDPR Article 6)
| Processing | Lawful basis |
|---|---|
| Creating and authenticating your account | Article 6(1)(b) — performance of contract |
| Storing your dog profile, walks, wellness | Article 6(1)(b) — performance of contract |
| Reading/writing HealthKit data | Article 6(1)(a) — your explicit consent (granted via the iOS Health permission prompt) |
| Microphone access for on-device analysis | Article 6(1)(a) — your explicit consent (granted via the iOS microphone permission prompt) |
| Location access for walk tracking | Article 6(1)(a) — your explicit consent (granted via the iOS location permission prompt) |
| Security, fraud prevention, abuse defence | Article 6(1)(f) — legitimate interests |
You can withdraw any consent at any time by toggling the relevant permission off in iOS Settings. Withdrawal does not affect processing that already took place.
2b. HealthKit specifics
If you grant HealthKit access, we process that data under Apple's HealthKit terms:
- Read on demand only. We query steps, active energy, and walking/running distance only when a screen needs to display that value. We do not use background delivery or observer queries.
- Write at the end of a walk only. We write the session's distance and active energy back to Apple Health so your Activity ring reflects it.
- Stays on your device. HealthKit data is never uploaded to our servers, Supabase, or any third party.
- Not used for advertising or data mining. Per Apple's policy, HealthKit data is never used for marketing, shared with data brokers, or sold.
- Fully revocable. You can revoke individual HealthKit permissions at any time in Settings → Privacy & Security → Health → SnootScoot. Screens that rely on those metrics will simply show 0.
3. Sharing & sub-processors
We do not sell or "share" (as defined under CCPA/CPRA) your personal information. We do not engage in cross-context behavioural advertising.
We share data only with the sub-processors required to deliver the service:
| Sub-processor | Purpose | Data residency |
|---|---|---|
| Apple Inc. | Sign in with Apple, HealthKit, push | Per Apple's policies |
| Supabase Inc. | Encrypted user data storage | [region — to be confirmed before EU launch] |
3a. International data transfers
Supabase is a US-based service. If you are located in the EU/EEA, the UK, Switzerland, or another jurisdiction with cross-border transfer restrictions, your data may be transferred to and stored in the United States. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) included in Supabase's Data Processing Addendum, supplemented by the additional safeguards set out in our DPA with Supabase.
You may request a copy of the relevant transfer mechanism by emailing
propawstech@proton.me.
4. Data retention
- Account data on our servers is retained until you delete your account.
Deleting your account via Settings → Privacy → Delete my account triggers
a permanent deletion of your
auth.usersrow and all linked rows (cascade) within seconds. There is no soft-delete or grace period. - On-device data (SwiftData store, photos in app sandbox, Keychain tokens) is retained until you delete the App or your account. Account deletion wipes the local store before signing you out.
- Backup retention by Supabase may persist deleted data for up to 7 days in encrypted database backups, after which it is overwritten.
- Diagnostic logs are not retained server-side. The Edge Function that performs deletion logs only an opaque user ID for audit purposes and is rotated automatically.
5. Security
- TLS 1.3 in transit; AES-256 at rest (Supabase managed).
- Asymmetric ES256 JWT signing for session tokens.
- Apple Sign-In nonces bound to each authentication attempt.
- Keychain storage for tokens (
AfterFirstUnlockThisDeviceOnly). - Audio is processed entirely on-device using Apple's SoundAnalysis framework and discarded immediately after each analysis window.
- The first launch after a fresh install wipes any Keychain residue from previous installs.
No security control is perfect. If you discover a vulnerability, please
report it to propawstech@proton.me.
6. Your rights
6a. EU / UK / EEA users (GDPR / UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data (most fields are editable in-app).
- Erase your data ("right to be forgotten") — Settings → Privacy → Delete my account.
- Restrict processing.
- Port your data to another service — Settings → Privacy → Export my data produces a machine-readable JSON file.
- Object to processing based on legitimate interests.
- Withdraw consent at any time (via iOS Settings) without affecting the lawfulness of prior processing.
- Lodge a complaint with your local supervisory authority. EU users can find theirs at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users can complain to the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/.
6b. California users (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, disclose, and the purposes (this policy describes all of it).
- Delete your personal information — Settings → Privacy → Delete my account.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" — we do not sell or share your personal information for cross-context behavioural advertising, so no opt-out is needed. There is no "Do Not Sell or Share My Personal Information" link because the practice does not occur.
- Limit use of sensitive personal information — we do not use sensitive personal information (health, geolocation, etc.) for any purpose other than providing the App's core features.
- Non-discrimination — we will not deny service, charge different prices, or provide different quality of service if you exercise any of these rights.
To exercise any right above, email propawstech@proton.me from the email
associated with your account, or use the in-app Settings → Privacy controls.
We will verify your identity by matching your account email and respond
within 45 days.
6c. Other jurisdictions
Users in Brazil (LGPD), Canada (PIPEDA), India (DPDP Act), and other regions have substantively similar rights and may exercise them via the same channels.
7. Children
The App is not directed to children under 13 (or under 16 in the EU/UK,
where stricter age gates apply under the GDPR and the UK Age Appropriate
Design Code). We do not knowingly collect personal data from children. If
you believe a child has provided personal data through the App, contact
propawstech@proton.me and we will delete it promptly.
8. Automated decision-making
We do not engage in automated decision-making that produces legal or similarly significant effects on you (GDPR Article 22).
9. Changes to this policy
We will notify you in-app of any material change to this policy at least 14 days before it takes effect. The "Last updated" date at the top reflects the most recent revision.
10. Contact
ProPawsTech — propawstech@proton.me
For data-protection requests, please put "Privacy request" in the subject line.