Terms of Use and Privacy Policy
Version: 2.2
Effective date: June 20, 2026
Last updated: June 20, 2026
Data controller: CodeSwift — suporte@codeswift.com.br
Data Protection Officer (DPO): dpo@codeswift.com.br
1. Introduction
Welcome to MyPet. These Terms of Use and Privacy Policy (collectively, the “Terms”) govern your use of the MyPet application (“App”). By creating an account, purchasing Premium, or using the App, you agree to these Terms. If you do not agree, please stop using the App.
2. Description of the Service
MyPet is a personal tool for dog and cat owners. The App is local-first: your data lives on your device, and cloud sync is optional, available only to Premium subscribers. Available features:
- - Creation and management of pet profiles
- - Logging of medical conditions, medications, vaccinations, symptoms, and allergies
- - Tracking of feeding, walks, hygiene, and routines
- - Digital diary with notes and activities
- - Local reminders and notifications (generated on your device)
- - Offline use with optional sync when online
- - Shortcut to find nearby veterinarians and pet stores (opens your device's maps app)
- - Pet sharing with other users (Premium)
The App is intended for personal use and does not replace professional veterinary advice.
3. Eligibility and Children's Privacy
The App is not directed at children under 13 years of age and we do not knowingly collect personal data from children under that age. In compliance with Article 14 of the LGPD, the Brazilian Statute of the Child and Adolescent (ECA), Article 8 of the GDPR, and COPPA (where applicable to US users):
- - Users between 13 and 17 may only use the App with specific, verifiable consent from a parent or legal guardian.
- - Children under 13 must not create an account or provide personal data to the App.
- - If we discover that we have collected data from a child without proper consent, the account will be deleted and the data erased within 30 days.
Parents or guardians who believe their minor child has provided us with data should contact dpo@codeswift.com.br.
4. Account and Authentication
You can use the App in two ways:
- - Without an account: your pet data stays only on your device and is not synced to the cloud. So the device has a technical identity (needed for a future sign-in or sync), we establish an anonymous session with Supabase; this session does not include your pet data or information that personally identifies you.
- - With an account: you can sign up via email and password or via Google Sign-In. When you create an account, we collect your email and, optionally, your name and profile picture, which are stored in Supabase (our backend provider).
You are responsible for keeping your credentials secure. You may delete your account at any time directly in the App, under Settings → Edit Profile → Delete account. Deletion is immediate and permanent: we remove your account, profile, subscription record, synced pets, and pet shares from our production systems, including a best-effort removal of avatar images; the data stored locally on your device is erased as well. Deleting your account does not cancel an active Premium subscription on the Apple App Store or Google Play — that must be done separately in the store (see Section 10). For audit and tax purposes we retain transaction event records unlinked from your account, as described in Section 6.3. You may also request deletion via the email listed in Section 19.
5. Data We Collect and Legal Basis for Processing
In compliance with Article 7 of the LGPD and Article 6 of the GDPR, each processing activity has a specific legal basis:
| Purpose | Data | Legal basis |
|---|---|---|
| Account creation and authentication | Email, password (hash), name, photo | Performance of contract (LGPD art. 7, V; GDPR art. 6(1)(b)) |
| Cloud sync and storage of pets | Profile, health, activity, notes, avatars | Performance of contract (LGPD art. 7, V; GDPR art. 6(1)(b)) |
| Premium subscription processing | User ID, subscription status, purchase events | Performance of contract (LGPD art. 7, V; GDPR art. 6(1)(b)) |
| Crash reporting (Sentry) | Stack traces, device model, OS | Legitimate interest (LGPD art. 7, IX; GDPR art. 6(1)(f)) — App stability |
| Support and feedback submissions (Sentry) | Message content and contact email you submit | Legitimate interest (LGPD art. 7, IX; GDPR art. 6(1)(f)) — user support |
| Usage analytics (PostHog) | Pseudonymized events (account ID), screen metrics — no email or name | Consent (LGPD art. 7, I; GDPR art. 6(1)(a)) |
| Compliance with legal and tax obligations | Transaction and identification data | Legal obligation (LGPD art. 7, II; GDPR art. 6(1)(c)) |
| Fraud prevention and security | Access logs, IP, device identifiers | Legitimate interest (LGPD art. 7, IX; GDPR art. 6(1)(f)) |
You may withdraw consent at any time; this does not affect processing already carried out or activities based on another legal basis.
6. Storage, Security, and Retention
6.1 Storage. All pets and their information are stored locally on the device (MMKV database, encrypted by the operating system). Cloud sync is exclusive to Premium subscribers and uses Supabase as the provider.
6.2 Security measures. We adopt reasonable technical and organizational controls to protect your data:
- - In transit: all communications with our servers and providers use TLS 1.2+ / HTTPS.
- - At rest (cloud): Supabase encrypts data at rest (AES-256) and backups are encrypted.
- - At rest (device): local MMKV storage is protected by the iOS / Android sandbox.
- - Authentication: passwords are stored as bcrypt hashes by Supabase Auth; we never have access to passwords in plain text.
- - Access control: Row-Level Security (RLS) policies in the database ensure each user can only access their own data (and pets explicitly shared with them).
- - Payments: we do not store credit card data; processing is handled by the Apple App Store or Google Play.
- - Administrative access: restricted to the minimum number of people with a need to access, protected by multi-factor authentication.
6.3 Retention. We retain your personal data only for as long as necessary for the purposes described:
| Category | Retention period |
|---|---|
| Account, profile, and synced pet data | While the account is active |
| After account deletion (in-App or by request) | Immediate erasure from production systems (except transaction tax records, kept unlinked from your account — see below) |
| Backups | 90 days after deletion; overwritten in the next cycle |
| Transaction / tax records | 5 years (Brazilian National Tax Code art. 173) |
| Crash reports (Sentry) | 90 days |
| Usage analytics (PostHog) | 12 months |
| Access and audit logs | 12 months (Brazilian Internet Civil Framework art. 15) |
| Accounts inactive for over 24 months | Email notice; automatic deletion 30 days later if no response |
6.4 Local data loss warning. Pets stored only locally (free users or offline) have no backup and may be lost if the device is damaged, wiped, or the App is uninstalled. MyPet is not responsible for losses caused by user actions, device failures, or third-party provider outages.
7. Pet Sharing
Premium subscribers can share a pet with other users through an 8-character invite code. Recipients can view and edit the shared pet, but cannot delete it or revoke the share — they can, however, leave the share at any time. If the owner's Premium subscription expires, the pet is temporarily hidden from recipients until renewal. If the owner deletes the pet or their account, the share ends and the pet stops appearing for recipients.
8. Local Notifications
The App may request permission to send local notifications (generated by your device, without a server), including vaccination reminders, medication doses, feeding schedules, walk reminders, and App-related notices. Permissions can be changed at any time in your device settings.
9. Photos and Location
- - Photos (library): we access your device's photo library only when you choose to add pet photos or a profile picture. Images stay on the device and, if you are a Premium subscriber, are uploaded to Supabase Storage.
- - Location: the App does not request access to your device location. The “Nearby” shortcut simply opens your device's maps app with a search for veterinarians and pet stores; any location use happens within that separate app, under its own privacy policy.
10. Premium Subscription
Premium is offered as monthly and annual plans. Billing, auto-renewal, and cancellation are processed by the Apple App Store (iOS) or Google Play (Android), with technical intermediation by RevenueCat (library react-native-purchases).
- - Renewal: subscriptions renew automatically until canceled by the user in the app store.
- - Cancellation: must be done directly in Apple App Store or Google Play settings. After cancellation, you keep Premium access until the end of the paid period.
- - Refunds: follow the policies of the relevant store; MyPet does not process payments directly and cannot issue refunds.
- - Price changes: changes to active subscriptions will be communicated in advance per each store's rules.
- - Data shared with RevenueCat: anonymous user identifier, subscription status, purchase events, and device identifiers. RevenueCat does not receive your pets' data.
11. Sub-processors and Third-Party Services
We use the following sub-processors, all bound by a signed Data Processing Agreement (DPA) and Standard Contractual Clauses for international transfers:
| Sub-processor | Function | Country / region | DPA |
|---|---|---|---|
| Supabase Inc. | Database, auth, storage, realtime | USA / EU | supabase.com/legal/dpa |
| RevenueCat, Inc. | Subscription management | USA | revenuecat.com/dpa |
| Functional Software, Inc. (Sentry) | Crash monitoring | USA / EU | sentry.io/legal/dpa |
| PostHog, Inc. | Product analytics | USA / EU | posthog.com/dpa |
| Google LLC (Sign-In, Play Billing) | Authentication, Android billing | USA / Global | cloud.google.com/terms/data-processing-addendum |
| Apple Inc. | iOS billing, push notifications | USA / Global | apple.com/legal/privacy |
We update this list whenever we add or change sub-processors. The current version is always on this page.
12. International Data Transfers
The sub-processors listed in Section 11 are located outside Brazil and the European Union, primarily in the United States. In compliance with Article 33 of the LGPD and Chapter V of the GDPR, we use the following safeguards:
- - Standard Contractual Clauses (SCCs) approved by the European Commission, in place with all US-based sub-processors.
- - Standard clauses from the Brazilian ANPD where applicable to transfers originating in Brazil.
- - Sub-processors certified under recognized frameworks such as the EU-US Data Privacy Framework and the UK Extension (Google, Apple).
- - Periodic risk assessment of destination jurisdictions (Transfer Impact Assessment).
You may request a copy of the applied safeguards by emailing the DPO: dpo@codeswift.com.br.
13. Data Breach Notification
In compliance with Article 48 of the LGPD and Articles 33–34 of the GDPR, in the event of a security incident that may pose risk or relevant harm to data subjects:
- - We will notify the ANPD (the Brazilian Data Protection Authority) and affected data subjects within a reasonable timeframe, not exceeding 72 hours from becoming aware of the incident.
- - Notification to data subjects will be sent by email and/or in-App notice, containing: incident description, affected data, risks, mitigation measures, and contact channel.
- - We maintain a detailed internal record of all incidents for audit purposes.
14. Your Rights (LGPD / GDPR)
You have the right to:
- - Confirm whether your data is processed and access it
- - Correct incomplete, inaccurate, or outdated data
- - Anonymize, block, or erase unnecessary or unlawfully processed data
- - Port your data to another provider
- - Erase data processed based on consent
- - Be informed about sub-processors with whom we share data
- - Withdraw consent
- - Object to processing based on legitimate interest
- - Review of automated decisions (not currently applicable — we do not perform material automated decisions)
- - File a complaint with the ANPD (gov.br/anpd) or the data protection authority of your country
To exercise any right, email dpo@codeswift.com.br. Requests will be handled within 15 days of receipt, in accordance with LGPD art. 19, §1.
15. User Responsibilities
You agree to:
- - Use the App legally and personally
- - Not attempt to modify, decompile, reverse engineer, defraud, or harm the App
- - Not share offensive or illegal content, or content that violates third-party rights
- - Understand that MyPet does not provide veterinary advice and always consult a professional for your pet's health matters
16. Updates, Availability, and Limitation of Liability
- - We may update, change, or discontinue features without prior notice
- - Cloud services may experience temporary unavailability
- - The App is provided “as is”, without express or implied warranties
- - We do not guarantee uninterrupted or error-free operation
- - We are not liable for decisions made based on App data
- - We are not liable for pet health issues
- - We are not liable for local data loss or third-party provider unavailability
17. Changes to these Terms
We may update these Terms periodically. The version and effective date shown at the top of this page identify each revision. Material changes will be communicated in the App with at least 15 days' advance notice. Continued use after the effective date of the new version implies agreement with it.
18. Governing Law
These Terms are governed by the laws of Brazil, in particular by the LGPD (Law nº 13.709/2018), the Internet Civil Framework (Law nº 12.965/2014), and the Consumer Protection Code (Law nº 8.078/1990). Any disputes will be resolved in the consumer's local courts.
19. Contact, Controller, and DPO
- - Data controller: CodeSwift
- - General support: suporte@codeswift.com.br
- - Data Protection Officer (DPO / Encarregado LGPD): dpo@codeswift.com.br
- - Brazilian authority: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd