Privacy Policy

Data controller

The controller of your personal data is Daniel Furne Silva, a natural person with Spanish tax ID (NIF) 47916076S and address at Calle Tarragona 26, bajos 1, 17403 Sant Hilari Sacalm, Spain.

For any privacy matter you can contact us at legal@snifr.dog.

What we collect

Account data: name or alias, email, date of birth, password hash, language and notification preferences.

Dog profile data: photos, name, breed, age, traits and the content you write.

Activity data: matches, chats, Walkies, parks you favourite, likes, Super Sniff and Spotlight usage.

Location data: approximate (city-level) location for matching and precise GPS only while a walk is active or you open the map.

Device and push tokens: device model, OS version, app version and the push token issued by Apple or Google when you accept notifications.

Billing data: receipts and identifiers provided by Apple, Google or Stripe when you buy Pro or consumables.

Advertising data: whether you saw or tapped a sponsored card. If you consent to tracking, a sponsor's measurement pixel may also receive your IP address and the ad-interaction event.

Legal basis (GDPR Art. 6)

Performance of the contract: creating your account, showing matches, running Walkies, processing in-app and web purchases.

Consent: push notifications, optional marketing communications and, where applicable, adult-verification biometrics (Art. 9 GDPR).

Legitimate interest: abuse prevention, debug and security logs and aggregated statistics that do not identify you.

Legal obligation: keeping invoices and tax records for the periods required by Spanish law.

Push notifications and location

We only send push notifications after you grant consent in your operating system. You can revoke that consent at any time from the system settings.

Precise GPS is only used while a Walkie is active or you open the parks map. For matching we use a city-level area derived from onboarding or from the first point we receive when you open the map.

Adult verification (optional)

If you choose to obtain the "verified" badge we may ask you to upload a selfie and an ID document. The selfie and the ID are compared either through a verification vendor or by manual review.

Legal basis: explicit consent for the processing of biometric data (Art. 9 GDPR). You can withdraw consent and ask us to delete the material at any time.

Retention: raw images are deleted within 30 days; only a hash that proves you were verified is kept for up to 24 months.

Who we share data with (processors)

Supabase: EU hosting of the database and storage of personal and activity data.

Expo: delivery of push notifications and storage of push tokens.

Apple App Store and Google Play: processing of in-app purchases and receipts.

Stripe: processing of web purchases (when activated).

Google Cloud and Google Places: parks data via the Places API.

Google sign-in: optional OAuth authentication.

OpenStreetMap: parks data; no personal data is sent to OSM.

For Google, Apple and Stripe some processing may involve transfers outside the EU; these transfers rely on Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

Advertising and sponsors

Snifr. shows sponsored cards and rewards from partners inside the app. We manage these creatives ourselves; Snifr. does not embed any third-party advertising SDK.

A sponsor campaign may include a measurement pixel. On iOS the app only loads that pixel after you allow tracking through Apple's App Tracking Transparency prompt; if you decline, the pixel is not loaded. When it does load, the partner receives limited data (such as your IP address and the fact that the device saw or tapped the ad) to measure the campaign. We never share your name, email, chats or precise location with advertisers.

Legal basis: your consent (App Tracking Transparency on iOS; equivalent controls on other platforms). You can change your choice at any time in your device settings. We also keep aggregated impression and click counts as our own first-party statistics, which do not identify you.

How long we keep your data

Account and profile: while your account is active.

Chat messages: until you delete your account plus 30 days.

Routes and walks: 24 months, then anonymised for aggregated statistics.

Push notification tokens: until revocation or account deletion.

Security logs: 12 months.

Billing and IAP data: 6 years (Spanish tax law).

Adult verification material: raw images 30 days, hash 24 months.

Your rights

You can access, rectify, erase, restrict, port your data and object to certain processing.

To exercise these rights write to legal@snifr.dog. If you are not satisfied with our response, you can lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

Security

We use TLS in transit, encrypted storage at rest, password hashing and role-based access. No system is perfect, so we also keep audit logs and we will notify you of incidents that affect your data as required by law.

Changes to this policy

We will let you know about material changes through the website or by email. The "Last updated" date at the top reflects when this policy was last revised.