MyPetNet App

Privacy Policy for MyPetNet

Last updated: 2025

1. General Provisions

This Privacy Policy (hereinafter – the “Policy”) has been drafted in accordance with the requirements of the
General Data Protection Regulation (EU Regulation 2016/679, GDPR), the Estonian Personal Data Protection Act,
and other applicable international and national regulations governing the processing and protection of personal data.

This Policy defines the procedure, principles, purposes, and conditions under which
Techanalytics OU (hereinafter – the “Operator”, “We”, “Us”) processes personal data of users
of the MyPetNet mobile application, websites, and related digital services (hereinafter – “Users”, “Data Subjects”).

The Operator considers the protection of personal data and the safeguarding of Users’ rights and freedoms to be
one of the key conditions for conducting its activities, ensuring confidentiality, privacy, and personal security
of each User.

This Policy applies to any personal data processed by the Operator both before and after the approval of this document.

2. Terms and Definitions

For the purposes of this Policy, the following definitions apply:

  • Personal Data (PD) – any information relating to an identified or identifiable natural person.
  • Data Subject (User) – any individual using the MyPetNet application or interacting with the Operator.
  • Processing of Personal Data – any action or set of actions performed with or without automation:
    collection, recording, systematization, accumulation, storage, updating, use, transfer, depersonalization,
    blocking, deletion, destruction.
  • Operator – Techanalytics OU, registered in Estonia, responsible for determining purposes and
    means of data processing.
  • Information System of Personal Data – a structured set of personal data contained in databases
    and processed using IT tools.
  • Depersonalization – actions rendering it impossible to identify a data subject without additional information.
  • Cross-Border Transfer – transfer of personal data to a foreign country, foreign authority,
    or foreign organization.
  • Third Parties – individuals or legal entities, government bodies, or organizations that receive
    personal data under legally compliant grounds.

3. Personal Data Processed by the Operator

The Operator may process the following categories of personal data when the User interacts with MyPetNet or
related services.

3.1. User Registration and Account Data

  • name
  • phone number
  • email address
  • login identifiers (hashed)
  • language and localization preferences
  • location settings
  • support request details

3.2. Pet Profiles

  • pet name, type, species, breed, age
  • photos and detailed descriptions
  • optional notes provided by the User

3.3. User-Generated Content (UGC)

  • posts, comments, reviews, images, and media
  • likes and interactions
  • communication with service providers or other users
  • reported or flagged content for moderation

3.4. Location Data

Collected only with explicit permission from the User:

  • approximate or precise GPS location
  • map-based search and routing data
  • geofencing information when browsing services

3.5. Technical and Analytical Data

  • IP address
  • device model, operating system version, device identifier
  • app version, crash logs, diagnostics
  • cookies (for web version) and similar technologies
  • usage behavior inside the app (e.g., visited screens, clicks, session duration)

3.6. Booking and Service Interaction Data

  • details of requested pet services
  • scheduled bookings and confirmations
  • chat interactions with service providers

3.7. Data Used for AI-Based Features

Processed only if AI-related features are enabled by the User:

  • uploaded pet photos
  • extracted technical metadata
  • structural image features (keypoints, masks, embeddings)
  • AI-generated interpretations, suggestions, or insights

MyPetNet does not process biometric data of humans. Only optional pet-related visual data
may be processed for analytical and assistive features.

4. Categories of Data Subjects

Data may be collected from the following categories of individuals:

  • Users of the MyPetNet mobile application
  • Users interacting with websites controlled by Techanalytics OU
  • Pet service providers (groomers, vets, trainers, caretakers, etc.)
  • Users contacting support or participating in feedback systems
  • Individuals whose data is provided by Users voluntarily (e.g., pet information, contact persons)

5. Purposes of Processing Personal Data

The Operator processes personal data strictly for legitimate, predetermined, and lawful purposes, including
but not limited to the purposes listed below.

5.1. Core Functionality of MyPetNet

  • user registration and authentication
  • creation and maintenance of pet profiles
  • posting content, viewing feeds, and messaging
  • location-based search for pet services
  • booking, scheduling, and communication functions
  • management of user preferences and settings

5.2. AI and Analytics

  • AI-based analysis of pet photos (optional)
  • content recommendations and interface improvements
  • detection of suspicious or abusive behavior
  • app usability analysis and service improvement

5.3. User Support and Communications

  • handling support requests and bug reports
  • responding to User feedback and inquiries
  • sending technical notifications and service messages
  • informing about updates and functional changes

5.4. Security, Fraud Prevention, Legal Compliance

  • ensuring the security of accounts and data
  • preventing fraudulent, abusive, or harmful activities
  • resolving disputes, enforcing terms of use
  • fulfilling legal obligations under EU and national law

5.5. Marketing (Only With Consent)

Marketing messages (such as newsletters or promotional communications) are sent only after the User has
explicitly opted in. Users may revoke such consent at any time via the app settings or by contacting support.

6. Legal Grounds for Processing

The Operator processes personal data on the following legal grounds:

  • Consent – for example, for location data, push notifications, AI-based analysis of pet photos,
    and marketing communications.
  • Contract – processing necessary for providing core app functionality and fulfilling the
    agreement between the User and the Operator.
  • Legitimate Interest – improving the app, ensuring security, preventing fraud and misuse,
    and developing new features.
  • Legal Obligation – fulfilling accounting, regulatory, and compliance requirements.

Withdrawal of consent by the User does not affect the lawfulness of processing based on consent before its withdrawal.

7. Procedures for Collection, Storage, Transfer, and Destruction of Personal Data

7.1. Collection

Personal data is collected directly from Users (e.g., through forms in the app or website) or automatically
during app usage (e.g., technical and analytical data).

7.2. Storage

Personal data is stored in secure cloud infrastructure compliant with GDPR requirements. The Operator implements:

  • encryption of data in transit and, where applicable, at rest
  • role-based and controlled access
  • resilience and redundancy for critical systems
  • secure backups and recovery procedures
  • internal audit and access logging

7.3. Transfer to Third Parties

The Operator may transfer personal data to trusted partners acting as data processors under GDPR-compliant
agreements, including:

  • cloud hosting and infrastructure providers
  • analytics and crash-reporting tools
  • payment and booking service providers (if applicable)
  • push notification systems
  • AI-processing or machine learning service providers

Such third parties process personal data strictly in accordance with documented instructions from the Operator
and applicable data protection laws.

7.4. Transfer to Service Providers Inside MyPetNet

When the User books or requests pet services within the app, relevant personal and pet-related information may be
disclosed to the chosen service provider strictly within the scope required for service delivery (for example,
pet details and contact information to confirm an appointment).

7.5. Cross-Border Transfers

If personal data is transferred outside the European Economic Area (EEA), the Operator ensures appropriate
safeguards, such as:

  • Standard Contractual Clauses (SCCs)
  • adequacy decisions by the European Commission
  • other legally binding and enforceable mechanisms

7.6. Destruction of Personal Data

Personal data is destroyed when:

  • the purpose of processing has been fulfilled;
  • the retention period established by law or internal policies has expired;
  • the User requests deletion, unless legal exceptions apply.

Electronic data is deleted using secure erasure methods. If any physical media were used, they are destroyed
irreversibly.

8. Data Security Measures

The Operator implements appropriate technical and organizational measures, including:

  • TLS/HTTPS encryption for data transmission
  • secure authentication and access control
  • audit of access logs and security events
  • firewalls and intrusion detection mechanisms
  • continuous monitoring of infrastructure
  • periodic vulnerability assessment and remediation
  • confidentiality obligations for employees and contractors

Unauthorized access, use, disclosure, alteration, or destruction of personal data is strictly prohibited.
In case of a data breach affecting Users’ rights and freedoms, the Operator will follow applicable GDPR
notification requirements.

9. Rights of the Data Subject (GDPR)

Users, as Data Subjects, have the following rights under GDPR, subject to applicable limitations and conditions:

  • Right of access – to obtain confirmation whether personal data concerning them is being processed and access such data.
  • Right to rectification – to request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”) – to request deletion of personal data where permitted by law.
  • Right to restriction of processing – to request limitation of processing in certain cases.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Right to data portability – to receive personal data in a structured, commonly used format and transmit it to another controller, where technically possible.
  • Right to withdraw consent – where processing is based on consent, Users may withdraw it at any time.
  • Right to lodge a complaint – to submit a complaint to the competent supervisory authority,
    such as the Estonian Data Protection Inspectorate.

Requests regarding the exercise of these rights may be submitted electronically to:
info@techanalytics.ee.
The Operator will respond within 30 days, or within another time frame permitted by applicable law.

10. Children’s Data

MyPetNet is not intended for children under the age of 13. The Operator does not knowingly collect personal data
from children under 13. If the Operator becomes aware that personal data of a child under 13 has been collected
without appropriate parental consent, such data will be deleted as soon as reasonably possible.

11. Updates to This Policy

The Operator may amend this Policy from time to time to reflect:

  • changes in legal or regulatory requirements;
  • changes in the app’s functionality, services, or data processing practices;
  • improvements in data protection practices.

The updated version of the Policy will be published publicly, and the “Last updated” date at the top of the
document will be amended accordingly. Continued use of MyPetNet after changes are published will be deemed
acceptance of the updated Policy.

12. Contact Information

If you have any questions regarding this Privacy Policy or the processing of personal data, please contact:

Techanalytics OU
Registry code: 17268385
Peterburi tee 90f, Tallinn 13816, Estonia

Email: info@techanalytics.ee
Phone: +372 5351 0324

Data Protection Contact:
info@techanalytics.ee