This notice explains how PETSEC (PTY) LTD ("PetSec", "we", "us") collects, uses, shares, and protects your personal information when you use the PetSec app and website. We process personal information in line with South Africa's Protection of Personal Information Act, 2013 (POPIA).
1. Who we are
PETSEC (PTY) LTD, registration number 2026/330801/07, Centurion, Gauteng, South Africa. We provide a community-based pet tracking service: BLE tags on pets, a network of community members' phones that detect those tags, and alerts to owners when a missing pet is found.
Our Information Officer is Joseph Steyn. You can reach us at hello@petsec.co.za for any privacy question or to exercise your rights.
2. What we collect
- Account & contact: your name, phone number (verified by WhatsApp one-time code), and home address with GPS coordinates (used to assign you to a coverage area and to verify tag activation at home).
- Pets: your pets' names, breed/description, photos of your pets, and the BLE tag identifiers linked to them.
- Detection activity: when your phone detects a tag, or your pet's tag is detected by another member, we record the approximate location and time so we can alert the right owner.
- Payments: records of your subscription and tag orders. Card and banking details are entered directly with our payment gateway — we never see or store them.
- Technical: a per-device push-notification token and basic error/diagnostic data so the app works and we can fix faults.
3. What we deliberately don't collect
We do not track your behaviour or location outside of community pet-detection events, and we never sell your personal information.
4. How we use your information
- To verify your identity at signup (WhatsApp one-time code) and when you activate a tag (a loose GPS check at your home).
- To run the detection network — matching tag detections to owners and sending "your pet has been spotted" alerts.
- To process your subscription and tag orders.
- To send you service messages (lost-pet alerts, tag-test reminders, billing notices) by push notification and/or WhatsApp.
- To keep the service secure, prevent abuse, and meet our legal obligations.
5. Sharing your location during scans
When you (as a community member) detect another member's pet tag, we share your approximate location with that pet's owner so they can find their pet. You control how precise this sharing is in Settings → Stray-scan privacy (Off / Approximate / Exact).
When a pet is detected, the owner and the finder can also exchange messages in the app to arrange the reunion. These messages are relayed through PetSec — your phone number, email and exact address are never shared, and each person sees the other only by role ("Owner of …" / "Finder"). You can switch this off in Settings → Finder messaging, and block or report at any time. Messages are between members only and are deleted within 30 days of the conversation going inactive.
The tag also carries a QR code so that anyone who finds your pet — even without the app — can reach you. When they scan it they see only your pet's name and type, can share where they found your pet (their location, if they allow it) and message you through the same relay. Your contact details are never shown to them, and these conversations follow the same 30-day deletion rule. A pet's found page can be switched off on request.
6. Third parties who process your data on our behalf
POPIA requires us to name every third party ("operator") that processes your personal information for us, what they receive, and where they operate. Each one processes your data only on our instructions.
| Processor | Location | What they process |
|---|---|---|
| Meta WhatsApp Cloud API | Ireland / EU | Your phone number and message content, to send OTP codes and pet-spotted alerts. |
| PayFast | South Africa | Your card/banking details directly, to process payments. We never see or store them. |
| Resend | Ireland / EU | Your email address, to send transactional emails. |
| Cloudflare R2 | Ireland / EU | Pet photos you upload. |
| Firebase Cloud Messaging (Google) | USA | A per-device token and notification text, to deliver push notifications. |
| Sentry | USA | Server-side error traces (may include your user ID). Never passwords, payment details, or photos. |
| Anthropic (Claude API) | USA | Inbound support-message content, processed to draft replies. Not used to train their models. |
7. How long we keep your data
- Stray-scan history: 365 days.
- Tag activation attempts: 180 days.
- Finder-chat messages: 30 days after the conversation goes inactive.
- Audit log: 730 days.
- Lost-event records: kept indefinitely, so a recovery can be referenced years later.
- After you delete your account: a 30-day grace period for accidental deletes, then identifying fields are anonymised. Payment records are retained in anonymised form for 5 years to meet SARS requirements.
8. Your rights
- Access: download everything we hold about you (Settings → Download my data, JSON format).
- Deletion: delete your account, which anonymises identifying fields, cancels any active subscription, deactivates your tags, and removes your photos within 30 days.
- Correction: update your profile details in the app at any time.
- Opt out of emails: unsubscribe via the link at the bottom of any email we send you.
- Complain: if you believe we've mishandled your data, contact us first — then, if unresolved, the Information Regulator.
9. Security
We protect your data with encrypted connections (HTTPS/TLS), hashed one-time codes, access controls on our systems, and encrypted off-site backups. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of the information.
10. Changes to this notice
We may update this notice from time to time. When a change is material — a new processor, a new category of data, or a longer retention period — we'll notify you by email or in-app before it takes effect.
11. Contact
Information Officer: Joseph Steyn · hello@petsec.co.za
Information Regulator of South Africa: inforegulator.org.za