Pawivo
Pawivo
Google Play

Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains what personal data we process when you use the Pawivo mobile application and the pawivo.app website, why we process it, who we share it with, and what rights you have. We follow Regulation (EU) 2016/679 (GDPR) and the Polish Personal Data Protection Act of 10 May 2018.

In short: we collect only what we need to run the service. We never sell your data and we never use it for advertising. Your dogs, walks, health entries, and reminders belong to you - you can export them or delete your account at any time.
On this page

1. Controller and contact

The controller of your personal data is Breaking Byte, the developer of Pawivo, with its registered address in Poland. For any privacy-related question - including access, correction, deletion, or a complaint - write to contact@pawivo.app. We respond to verified requests within 30 days, as required by Article 12 GDPR.

2. Data we process

Depending on how you use Pawivo, we process the following categories of personal data:

  • Account data - email address, phone number (if you sign in by phone), display name and profile photo (if provided by you or by Google sign-in), Firebase user ID, time zone, and locale.
  • Dog profile data - name, breed, sex, date of birth, weight, neutered status, activity level, and an optional photo for each dog you add.
  • Health and care data - weight history, weight goals, calorie goals, planner reminders (medication, vaccinations, deworming, flea/tick treatment, vet visits, grooming, custom items), completion history, optional notes, and optional photo attachments.
  • Walk data - GPS coordinates (latitude, longitude, altitude), speed, accuracy, timestamps, derived statistics (distance, duration, pace, elevation), and walk events you log (pee, poop, meal, free-text notes).
  • Device data - Firebase Cloud Messaging (FCM) push token, app version, Android version, device language, and time zone, used to deliver reminders and to provide a working session.
  • Diagnostic data - crash reports collected by Firebase Crashlytics (stack traces, Crashlytics installation ID, device model, OS version, app version) so we can fix bugs. Collection is off by default; we only collect this data after you explicitly opt in via Profile → Privacy → Crash reports, and you can withdraw consent at any time.
  • Website data - if you use the pawivo.app website, your IP address, browser user agent, and basic request logs are processed by our hosting provider for security and to keep the site available. The website does not use advertising or tracking cookies.

We do not knowingly collect special categories of data (Article 9 GDPR) such as biometric or health data about humans.

3. Purposes and legal bases

  • To create your account, sign you in, and keep your session secure - Article 6(1)(b) GDPR (performance of a contract).
  • To store and display your dogs, walks, weight history, planner items, and reminders - Article 6(1)(b) GDPR.
  • To capture GPS during an active walk and compute statistics - Article 6(1)(b) GDPR; capture only happens when you start a walk.
  • To send you push notifications for the reminders you scheduled - Article 6(1)(b) GDPR; you can disable notifications in your system settings at any time.
  • To diagnose crashes and stability issues using Firebase Crashlytics - Article 6(1)(a) GDPR (your consent, given via Profile → Privacy → Crash reports). You can withdraw consent at any time; we stop collecting new crash data immediately and delete unsent reports from your device.
  • To prevent abuse and protect the security of accounts and the backend - Article 6(1)(f) GDPR (legitimate interest in the security of the service).
  • To respond to your support messages or legal requests - Article 6(1)(c) GDPR (legal obligation) and Article 6(1)(f) GDPR (legitimate interest).

4. Location and walk tracking (mobile app)

Pawivo uses precise GPS only while you are actively recording a walk. When a walk starts, the app runs an Android foreground service with a visible notification so you always know that location capture is in progress.

  • Location is captured roughly once per second (latitude, longitude, altitude, speed, horizontal accuracy, timestamp) and stored locally on your device, then synchronised with our backend so you can see the route and statistics on any of your devices.
  • Capture stops the moment you finish, pause, or abort the walk; closing the app while a walk is active keeps the foreground notification visible until you stop the walk.
  • <strong>Background location</strong> - we request the <em>background location</em> permission during the walk-start flow. It is used only after you tap "Start walk" and only for the duration of that walk; its sole purpose is to prevent the operating system from throttling our foreground location service when the screen locks (particularly on Xiaomi, OPPO, and Huawei devices). We do not use background location for passive collection, geofencing, or any other purpose; we never capture location outside an active walk session.
  • You can delete any individual walk from the walk history; this also removes its GPS trace from our backend.
  • Granting the camera permission is optional - it is only needed if you want to take a new photo for a dog avatar or attach a photo to a planner item.

5. Recipients and processors

We do not sell your personal data and we do not share it for advertising. We rely on the following service providers (processors), each bound by a written data processing agreement:

  • Google (Firebase) - Firebase Authentication (sign-in, including via Google account; we receive your email, display name, and profile photo from Google), Cloud Messaging (push notifications; uses Firebase installation IDs), Crashlytics (crash reports, only if you have opted in), and Firebase Storage (media). Operated by Google Ireland Limited; some processing - in particular crash reports - may take place in the United States.
  • Mapbox - map rendering for the live walk map and walk history. Mapbox receives the map view-port coordinates needed to serve map tiles, but does not receive your account identity. Mapbox additionally collects anonymous usage telemetry (Mapbox Telemetry); you can opt out at any time by tapping the "(i)" attribution icon on any map screen and using the "Mapbox Telemetry" toggle.
  • Meta Platforms (Facebook Login) - if you sign in with your Facebook account, Meta provides us with your email, name, and Facebook user ID. We do not share any other data with Meta. Facebook Login is subject to Meta's own privacy practices.
  • Backend hosting, email and SMS delivery - providers operating in the European Union, used to run the Pawivo backend (api.pawivo.app), deliver transactional emails such as one-time login codes and data export downloads, and dispatch SMS one-time codes when you sign in with a phone number.

We may also disclose data to public authorities when we are legally required to do so - for example following a court order valid in the European Union or Poland.

6. International transfers

Our backend is hosted inside the European Union. Some processors - in particular Firebase services - may transfer personal data to the United States or other countries outside the European Economic Area. Where this happens, the transfer is protected by the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, by additional safeguards required by the Schrems II ruling.

7. How long we keep data

We keep personal data only as long as we need it for the purpose for which it was collected:

  • Account, dog, walk, and health data - for as long as your account exists. After you delete your account, we erase or anonymise this data within 30 days.
  • Crash reports - collected only if you have opted in. Kept by Firebase Crashlytics for up to 90 days, then automatically deleted.
  • FCM push tokens - kept until you sign out, uninstall the app, or the token is invalidated by the operating system.
  • Backups - encrypted backups of the backend database are kept for up to 30 days for disaster recovery.
  • Support correspondence - kept for up to 24 months so we can recognise repeat issues, then deleted.

8. Your rights under GDPR

You have the following rights regarding your personal data; you can exercise any of them by contacting contact@pawivo.app:

  • Access (Article 15) - request a copy of your data; the in-app data export covers your account, dogs, walks, health and planner data.
  • Rectification (Article 16) - correct inaccurate data; most fields can be edited directly in the app.
  • Erasure / right to be forgotten (Article 17) - request deletion of your account and all associated data.
  • Restriction of processing (Article 18).
  • Data portability (Article 20) - receive your data in a structured, machine-readable format; we provide this through the in-app data export feature.
  • Objection (Article 21) - object to processing carried out under our legitimate interest (for example, abuse prevention).
  • Withdraw consent at any time, where processing is based on consent (for example, Crashlytics opt-in via Profile → Privacy → Crash reports), without affecting prior lawful processing.
  • Lodge a complaint with the Polish supervisory authority - President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.

9. Security

We protect your data with HTTPS/TLS in transit, Firebase-managed authentication tokens, and access controls on the backend. Local storage on your device is sandboxed by Android. No system is perfectly secure; if you discover a vulnerability, please report it responsibly to contact@pawivo.app.

10. Children

Pawivo is intended for users aged 16 or older. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe a child has provided us with personal data, please contact us and we will delete it.

11. Automated decision-making

We do not carry out any automated decision-making or profiling within the meaning of Article 22 GDPR that produces legal or similarly significant effects on you. The statistics, calorie estimates, and weight trends shown in the app are computed for informational purposes only.

12. Website cookies

The pawivo.app website uses only essential cookies and local storage required to remember your language preference and to keep the site working. We do not use advertising, analytics, or third-party tracking cookies.

13. Data deletion

You have full control over your data in Pawivo. You can delete your account along with all associated data at any time: dog profiles, walk history, care entries, photos, and app settings.

How to delete your account in the app

  1. Open the Pawivo app and sign in to your account.
  2. Go to Help in the bottom navigation.
  3. Under Account data, tap Delete account.
  4. Read the consequence notice and tap Continue.
  5. Confirm by tapping Delete account in the second confirmation sheet.

After confirmation, your account is marked as scheduled for permanent deletion. Permanent deletion happens after 30 days.

What happens to your data

  • For 30 days after confirmation, your account stays in a "scheduled for deletion" state. Your data is still stored, but you can no longer access it from the app.
  • If you sign back in to the same account within those 30 days, the deletion is automatically cancelled and you regain full access to all your data.
  • After 30 days, your data is permanently and irreversibly removed from our servers. It cannot be recovered.

What data is deleted

  • Your user profile (email, nickname, account ID).
  • Dog profiles (photos, details, preferences).
  • Full walk history (GPS tracks, timing, statistics).
  • Care entries (reminders, completion records, notes, attachments).
  • Weight measurements.
  • App settings.

If you can't sign in to the app

If you've lost access to your account (for example, after revoking Pawivo's permission in your Facebook or Google settings), email us:

In your message, include either:

  • the email address associated with your Pawivo account, or
  • the Facebook / Google user ID you used to sign in (if you signed in via those services).

We'll confirm deletion within 30 days of receiving your request.

Facebook Login users

If you signed in to Pawivo via Facebook and we receive an automated deletion request from Meta (for example, after you revoked Pawivo's permission in your Facebook settings), we will process it the same way as a direct request: your account will be deleted within 30 days.

14. Changes to this Policy

We may update this Privacy Policy as the service evolves or as the law requires. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced inside the app and on this page before they take effect.