Legal
Privacy Policy
Effective Date: May 2025 · Version 1.0 · petikah.com/privacy
PetikAh is committed to protecting your personal data. This Privacy Policy explains what we collect, why we collect it, how we use it, and what rights you have — in plain language.
1. Who We Are
PetikAh ("we", "our", "us") is a multi-sided marketplace platform connecting pet owners, veterinarians, pet stores, couriers, shelters, dog walkers, and pet hotels. The platform is accessible via our mobile app (bundle ID: com.petikah.app) and website at petikah.com.
For the purposes of data protection law, PetikAh acts as the Data Controller for personal data collected through the Platform. We process data in compliance with Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its Regulations.
Data protection inquiries may be directed to: privacy@petikah.com
2. Data We Collect
The data we collect depends on your role(s) and how you interact with the Platform. We collect only what is necessary to provide our services.
2.1 Data You Provide Directly
- Full name and display name
- Email address
- Password (stored as a secure hash; never readable by PetikAh)
- Profile photo
- Role selection (pet owner, store owner, vet, courier, shelter, dog walker, pet hotel)
- Pet profiles: species, breed, name, age, weight, health notes
- Business information: store name, address, species hosted, pricing, capacity
- Professional credentials: veterinary license number (Cédula Profesional)
- Payment information: processed and tokenized by Stripe; PetikAh does not store raw card data
2.2 Data Collected Automatically
- Device identifiers and operating system information
- App version and session timestamps
- Crash logs and diagnostic data
- In-app behavior: screens visited, features used, tap interactions
2.3 Location Data
Location data is collected only for roles where proximity-based matching is functionally required:
- Couriers: real-time GPS while a delivery is active.
- Dog Walkers: GPS during active walk sessions, shared in real time with the assigned Pet Owner.
- Pet Owners: approximate location used to surface nearby services. Not stored persistently.
Location is collected only while the app is in use (foreground). We do not collect background location. You may revoke location permission at any time in your device settings.
2.4 Data from Third-Party Sign-In
If you sign in via Google or Facebook OAuth, we receive: name, email address, profile photo URL, and a unique provider-issued user ID. We do not receive your password, friends list, posts, or any data beyond what is listed above.
2.5 Data We Do Not Collect
- We do not collect government ID numbers, CURP, or RFC.
- We do not collect biometric data.
- We do not sell your personal data to third parties.
- Couriers do not have access to order prices, subtotals, or PawCoin information.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage your account | Name, email, password hash, role, photo | Contract performance |
| Authenticate your identity | Email, OAuth tokens, Firebase UID | Contract performance |
| Match services to your location | GPS coordinates (Couriers, Walkers) | Contract performance |
| Process payments and bookings | Stripe payment token, transaction history | Contract performance |
| Display your profile to other users | Name, photo, role, ratings | Contract performance |
| Send transactional notifications | Email, push notification token | Contract performance |
| Improve the Platform | Anonymized usage analytics, crash logs | Legitimate interest |
| Detect fraud and abuse | Login patterns, device fingerprint | Legitimate interest |
| Comply with legal obligations | Any data required by law | Legal obligation |
| Marketing (with consent only) | Email, in-app messages | Consent |
4. How We Share Your Data
PetikAh does not sell personal data. We share data only in the following limited circumstances:
4.1 Between Platform Participants
- Pet Owner name and pet details are visible to booked Vets, Walkers, Hotels, and Couriers.
- Store Owner business name, product listings, and ratings are publicly visible.
- Veterinarian name, license status, and ratings are visible to Pet Owners.
- Courier name and approximate location are visible to the Pet Owner during an active delivery.
- Dog Walker name and live walk location are visible to the assigned Pet Owner during a session.
4.2 Service Providers
- Firebase (Google LLC) — authentication, real-time database, cloud storage
- Stripe — payment processing and tokenization
- Expo / React Native ecosystem — app delivery and over-the-air updates
4.3 Legal Requirements
We may disclose personal data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of PetikAh, our users, or the public.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. We will notify affected users before their data becomes subject to a different privacy policy.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account profile data | Duration of account + 3 years | Legal and dispute resolution |
| Transaction records | 7 years | Mexican tax law (SAT) |
| Location data (Couriers) | 90 days post-delivery | Dispute resolution |
| Location data (Walkers) | 30 days post-walk | Dispute resolution |
| Crash logs and diagnostics | 90 days | Platform stability |
| Marketing consent records | Until consent withdrawn + 3 years | Legal compliance |
| Deleted account data | 30 days, then permanent deletion | Accidental deletion recovery |
6. Data Security
- Passwords are never stored in plain text. Firebase Authentication handles credential hashing.
- All data in transit is encrypted using TLS 1.2 or higher.
- Firebase Cloud Firestore data is encrypted at rest by Google.
- Access to production data is restricted to authorized PetikAh personnel only.
- Third-party API keys and secrets are stored exclusively in Firebase Console and never in source code.
- Regular security reviews are conducted on authentication flows and API endpoints.
If you suspect unauthorized access, contact us immediately at security@petikah.com and change your password.
7. Your Rights (ARCO)
Under the LFPDPPP you have the following rights regarding your personal data:
| Your Right | What It Means | How to Exercise It |
|---|---|---|
| Access | Request a copy of all personal data we hold about you. | Email privacy@petikah.com |
| Rectification | Correct inaccurate or incomplete personal data. | Update in-app profile or email us |
| Erasure | Request deletion of your personal data, subject to legal retention requirements. | Account deletion in settings or email us |
| Portability | Receive your data in a structured, machine-readable format. | Email privacy@petikah.com |
| Objection | Object to processing based on legitimate interest. | Email privacy@petikah.com |
| Restriction | Request we limit how we use your data while a dispute is resolved. | Email privacy@petikah.com |
| Withdraw Consent | Revoke consent for optional processing at any time. | In-app settings or email us |
Submit written requests to privacy@petikah.com. We will respond within 20 business days. If you are unsatisfied, you may file a complaint with the INAI.
8. Cookies and Tracking
The PetikAh mobile app does not use browser cookies. We and our third-party providers may use device-level tracking technologies including Firebase Analytics (anonymized usage tracking), Expo telemetry (anonymous error reporting), and Stripe device fingerprinting (fraud prevention). You may opt out of analytics tracking in your in-app settings under Privacy › Analytics.
9. Children's Privacy
PetikAh is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. Users between 13 and 17 must have verifiable parental or guardian consent. To report a concern, contact privacy@petikah.com.