Privacy Policy

Last updated: June 2026

This policy explains how Pawtal HQ (“we”, “us”, the “Service”) collects, uses and protects personal data, and your rights under the UK GDPR and the Data Protection Act 2018. It applies to the people who run a business account with us and to visitors of our website.

1. Who we are

Pawtal HQ is operated by Phil Ruston Design & I.T. We are the data controller for the account information described below. If you have any questions or wish to exercise your rights, contact us at philip@pawtalhq.co.uk.

2. The personal data we collect

Account & business details — your name, username, email address, business name, address, telephone and the bank details you enter for your own invoices.
Security data — a hashed password and, if enabled, two-factor authentication settings and recovery codes.
Your customers’ & pets’ records — the client and pet information you choose to store (names, contact details, addresses, booking and pet care notes). See section 5 on our role for this data.
Payment data — when you buy a licence, payment is handled by Stripe. We do not see or store your full card number; we keep only a Stripe customer/subscription reference and your licence status.
Technical data — basic server logs (e.g. IP address, browser type, timestamps) generated by our hosting for security and troubleshooting.

3. Why we use it, and our lawful basis

To provide the Service — create and run your account, store your records, generate invoices (lawful basis: performance of a contract).
To take payment and manage licences and renewals (lawful basis: contract).
To secure and support the Service, prevent fraud and fix problems (lawful basis: legitimate interests).
To meet legal obligations, such as tax and accounting records (lawful basis: legal obligation).

4. Cookies

We use one essential cookie only. A session cookie keeps you securely logged in. It is strictly necessary for the Service to work, so under the Privacy and Electronic Communications Regulations (PECR) it does not require consent.

We do not use analytics, advertising or third-party tracking cookies. If we ever introduce non-essential cookies, we will ask for your consent first. Note that when you pay, Stripe’s own checkout pages may set cookies on Stripe’s domain under Stripe’s privacy policy.

5. Your customers’ data — our role

For the client and pet records you store, your business is the data controller and we act as a data processor hosting that data on your behalf and on your instructions. You are responsible for having a lawful basis to hold your customers’ information and for honouring their data-protection rights. We process it only to provide and support the Service, and not for our own purposes.

6. Who we share data with

We do not sell your data. We share it only with service providers who help us run Pawtal HQ:

Stripe — payment processing (card data is handled directly by Stripe).
Our hosting provider — to store and serve the application and database.
Authorities — only where required by law.

7. Provider maintenance access

To operate, support and secure the Service, we retain a secure master administrative login that can access any business account for legitimate maintenance and support. This is described further in our Terms & Conditions.

8. How long we keep it

We keep account and customer data for as long as your account is active. If you close your account, we may delete your data after a reasonable period, except where we must retain certain records (e.g. payment/tax records) to meet legal obligations. You can ask us to delete your data sooner (see your rights below).

9. Where your data is stored & how we protect it

Data is stored on UK/EU-based hosting. We protect it with measures including hashed passwords, optional two-factor authentication, encrypted (HTTPS) connections, and strict separation so each business can only access its own data. No system is perfectly secure, but we take reasonable steps to safeguard your information.

10. Your rights

Under UK data-protection law you have the right to: access your data; have inaccurate data corrected; have data erased; restrict or object to processing; data portability; and to withdraw consent where processing relies on it. To exercise any of these, email philip@pawtalhq.co.uk.

If you are one of our customers’ clients, please contact that business directly, as they control your data; we will assist them as their processor.

11. Complaints

If you have a concern we cannot resolve, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk.

12. Children

The Service is intended for businesses and is not directed at children. We do not knowingly collect data from children through the Service.

13. Changes to this policy

We may update this policy from time to time. We will change the “last updated” date above, and significant changes will be brought to your attention where appropriate.

Questions about your privacy? Contact philip@pawtalhq.co.uk. · Terms & Conditions · Return to the app