Privacy Policy

Effective date: 5 April 2026
Last updated: 5 April 2026

This policy describes how [Legal Entity Name] (“we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the Shapa mobile application, related websites, and services (collectively, the “Services”).

Disclaimer: This document is provided as a structured template aligned with common mobile-app and marketplace practices. It does not constitute legal advice. You should have it reviewed and adapted by qualified legal counsel for your jurisdiction, products, and data flows (including GDPR, CCPA/CPRA, and app store requirements).

1. Who we are

Controller / operator	[Legal Entity Name], [registered address]
Product	Shapa
Contact (privacy)	[privacy@yourdomain.com]
Contact (general)	[support@yourdomain.com]
Data Protection Officer	[If applicable — name and email, or “Not applicable”]

If you are in the European Economic Area (EEA), UK, or Switzerland, you may also contact your local supervisory authority.

2. Scope

This policy applies to:

The Shapa mobile apps (iOS and Android);
Any website or web properties we operate for Shapa;
Backend services and APIs that power bookings, messaging, maps, and subscriptions.

It does not govern third-party sites or services that we link to or that integrate with Shapa (e.g. payment or map providers). Those providers have their own policies.

3. Information we collect

We collect information that you provide, that is generated when you use the Services, and that we receive from partners and devices, as needed to operate Shapa.

3.1 Account and profile

Name, email address, phone number (if collected);
Authentication identifiers (e.g. tokens when you sign in with email, Google Sign-In, or Sign in with Apple);
Profile details you choose to add (e.g. bio, photos, avatar selections);
Language and display preferences;
Walker application or verification information, if you apply to offer services through Shapa.

3.2 Pets and bookings

Pet profiles (e.g. names, photos, notes you add);
Walk and boarding requests, schedules, status, ratings, and related messages;
Service locations and addresses you provide for pickup, drop-off, or service areas (as applicable).

3.3 Location

Approximate or precise location when you grant permission, including for live tracking during walks, map features, and nearby discovery (e.g. community map), as implemented in the app;
You can change location permissions in your device settings; some features may not work without them.

3.4 Messages and media

In-app messages between users (e.g. owners and walkers);
Photos and images you upload (e.g. pet photos, profile images, walk or boarding updates);
Voice recordings if you use voice features we offer, subject to permissions you grant.

3.5 Payments and subscriptions

Payment method collection and charges are processed by Stripe (or another processor we designate). We typically receive limited payment data (e.g. last four digits, brand, subscription status, transaction references), not your full card number on our servers.
Billing and subscription history as needed to provide paid plans.

3.6 Device, diagnostics, and usage

Device type, OS version, app version, language;
Crash and error reports and performance data (we use tools such as Sentry for reliability);
Analytics events to understand feature usage and improve the product (we use Firebase Analytics or similar, as configured);
Push notification tokens and delivery metadata when you enable notifications (Firebase Cloud Messaging / platform push services).

3.7 Community and map features

If you use optional features such as community map, events, places, or alerts, we process content you submit (e.g. pins, comments, titles, descriptions) and related metadata (e.g. timestamps, approximate location tied to a pin, as applicable).

3.8 Information from others

We may receive information from:

Other users (e.g. when they invite you or reference you in a booking);
Service providers that help us verify identity or prevent fraud (if used);
Public sources, only where permitted by law.

3.9 We do not intend to collect

We do not knowingly collect special categories of data (e.g. health data beyond what you voluntarily enter in free-text fields) unless we explicitly ask and provide a lawful basis. Avoid uploading sensitive information you do not need to share.

4. How we use information

We use personal information to:

Provide and improve the Services (accounts, matching, scheduling, maps, messaging, notifications);
Process payments and manage subscriptions;
Safety and integrity — detect abuse, fraud, and violations of our terms;
Communicate with you (service messages, security alerts, optional marketing where allowed and with consent if required);
Analytics and product development — understand usage and fix bugs;
Legal compliance — respond to lawful requests and enforce our agreements.

Legal bases (EEA/UK/Switzerland): where GDPR-style rules apply, we rely on contract (to provide the Services), legitimate interests (security, analytics, improvement—balanced against your rights), consent (where required, e.g. certain marketing or non-essential cookies on web), and legal obligation where applicable.

5. How we share information

We do not sell your personal information in the conventional sense. We share data only as described below.

Recipient / situation	Purpose
Service providers	Hosting, email, analytics, error reporting, customer support tools—under contracts requiring protection of data
Stripe (and related payment partners)	Payment processing, fraud prevention, compliance
Google (e.g. Maps, Sign-In)	Maps display, authentication, and related APIs per their policies
Firebase / Google	Push notifications, analytics, and related infrastructure
Sentry (or similar)	Error and performance monitoring
Other users	Information you choose to share in profiles, bookings, chats, and public or semi-public community features
Legal and safety	When required by law, court order, or to protect rights, safety, and security
Business transfers	In connection with a merger, acquisition, or asset sale, subject to appropriate safeguards

We may share aggregated or de-identified data that cannot reasonably identify you.

6. International transfers

If we or our processors process data outside your country (e.g. EU data in the US), we use appropriate safeguards where required, such as Standard Contractual Clauses or equivalent mechanisms, and supplementary measures as appropriate.

7. Retention

We retain information as long as your account is active and as needed to provide the Services, resolve disputes, comply with law, and enforce agreements.

Typical considerations:

Account and profile: until you delete your account or ask for deletion, subject to legal holds;
Bookings and messages: for a period needed for operations, dispute resolution, and legal obligations;
Logs and analytics: for shorter periods unless longer retention is justified;
Backups: may persist for a limited time after deletion.

Specific retention periods may be provided upon request where feasible.

8. Security

We implement technical and organizational measures designed to protect personal information (encryption in transit, access controls, secure development practices). No method of transmission or storage is 100% secure; we encourage strong passwords and device security.

9. Your rights and choices

Depending on your location, you may have rights to:

Access a copy of your personal information;
Correct inaccurate data;
Delete your account or certain data;
Restrict or object to certain processing;
Data portability (receive data in a structured format);
Withdraw consent where processing is consent-based;
Opt out of certain “sales” or “sharing” for targeted advertising (US state laws), if applicable;
Lodge a complaint with a supervisory authority.

How to exercise rights: contact [privacy@yourdomain.com] with your request. We may verify your identity before acting.

Marketing: you may opt out of promotional emails via the unsubscribe link or app settings where available.

10. Children

Shapa is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it promptly.

11. Cookies and similar technologies (web)

If we operate a website, we may use cookies and similar technologies for essential operation, analytics, and (with consent where required) marketing. You can manage cookies through your browser and any cookie banner we provide.

12. California residents (summary)

If the CCPA/CPRA applies, you may have rights to know, delete, correct, and opt out of certain uses. We do not “sell” personal information as defined by the CPRA in the traditional sense; we use service providers as described above. To submit a request, contact [privacy@yourdomain.com] or [toll-free number if you offer one].

13. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “Last updated” date and, where required, notify you (e.g. in-app notice or email). Continued use after the effective date may constitute acceptance of the changes where permitted by law.

14. Contact us

[Legal Entity Name]
[Registered address]
Email: [privacy@yourdomain.com]
Support: [support@yourdomain.com]

← Back to Shapa home