Privacy Policy

Effective Date: August 12, 2025

DogFood Lab ("we," "our," or "us") operates StashDog, a mobile and web application that helps users organize and manage their personal belongings. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our applications and related services.

1. Information We Collect

1.1 Personal Information

When you create an account with StashDog, we collect:

• Name and email address for account creation and communication
• Profile picture (optional) for personalization
• Authentication credentials securely managed through Supabase
• Biometric data (mobile app only, if enabled) stored locally on your device for secure authentication

1.2 Content and Usage Data

When you use StashDog, we collect and store:

• Item data: Photos, descriptions, categories, tags, and notes about your belongings
• Collections: Organization structures you create to group your items
• Usage analytics: App features used, session duration, and interaction patterns
• Device information: Device type, operating system, app version, and unique device identifiers
• Location data: Only when explicitly granted, for location-based features

1.3 Communications Data

• Chat messages: If you use our AI chat feature, conversations are stored to improve service quality
• Support communications: Messages you send to our support team
• Notifications: Preferences and delivery status for push notifications (mobile app)

1.4 Payment Information

For premium subscriptions:

• Subscription data: Plan type, billing cycle, and subscription status
• Payment processing: Handled securely by Stripe and RevenueCat (mobile)
• Transaction records: Purchase history and receipts (no credit card details stored by us)

2. How We Use Your Information

2.1 Provide Core Services

• Maintain your account and user profile
• Store and organize your item data across devices
• Enable sharing and collaboration features
• Provide AI-powered item categorization and search
• Deliver push notifications and updates (mobile app)

2.2 Process Payments and Subscriptions

• Process subscription payments through Stripe and RevenueCat
• Manage subscription status and billing cycles
• Handle refunds and subscription changes

2.3 Improve Our Services

• Analyze usage patterns to enhance user experience
• Develop new features and functionality
• Perform quality assurance and testing
• Optimize app performance and reliability

2.4 Communication and Support

• Send important service announcements
• Provide customer support
• Respond to user inquiries and feedback
• Send promotional communications (with your consent)

2.5 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Maintain security and safety of our services
• Enforce our Terms of Service

3. Information Sharing and Disclosure

3.1 We Do Not Sell Your Personal Data

StashDog does not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers and Partners

We share information with trusted service providers who help us operate StashDog:

• Supabase: Database hosting and user authentication
• Stripe: Payment processing for subscriptions
• RevenueCat: Subscription management and analytics (mobile)
• Google Services: Authentication (Google Sign-In) and cloud services
• Apple Services: Authentication (Apple Sign-In) and app distribution (mobile)
• Cloud storage providers: Secure image and data storage
• Analytics services: App performance and usage monitoring

3.3 Sharing Features

When you choose to share collections or items:

• Shared content becomes accessible to recipients you designate
• Recipients can view shared items and collections based on permissions you set
• You control what information is shared and with whom

3.4 Legal Disclosure

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal process or government requests
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users
• Investigate fraud or security issues

4. Data Security and Protection

4.1 Security Measures

We implement industry-standard security practices:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Authentication: Secure user authentication with optional biometric protection (mobile)
• Access controls: Strict limitations on who can access user data
• Regular audits: Security assessments and vulnerability testing
• Secure infrastructure: Hosting with security-certified providers

4.2 Biometric Data Protection (Mobile App)

If you enable biometric authentication (Face ID, Touch ID):

• Biometric data is processed and stored locally on your device only
• We never have access to your actual biometric information
• You can disable biometric authentication at any time in settings
• Biometric data is not backed up or transmitted to our servers

4.3 Data Breach Response

In the event of a data breach affecting your personal information:

• We will notify affected users within 72 hours when feasible
• We will provide details about what information was involved
• We will outline steps being taken to address the breach
• We will offer guidance on protective measures you can take

5. Data Retention and Deletion

5.1 Retention Periods

• Account data: Retained while your account is active
• Content data: Retained according to your subscription plan and preferences
• Payment data: Retained as required by financial regulations (typically 7 years)
• Analytics data: Aggregated and anonymized data may be retained indefinitely

5.2 Account Deletion

You can delete your account at any time:

• All personal data will be permanently deleted within 30 days
• Some information may be retained longer if required by law
• Anonymized usage data may be retained for analytics purposes
• Shared collections may remain accessible to other users you've shared with

6. Your Privacy Rights and Choices

6.1 Access and Control

You have the right to:

• Access: View all personal information we have about you
• Update: Modify or correct your personal information
• Delete: Remove your account and associated data
• Export: Download your data in a portable format
• Restrict: Limit how we process your information

6.2 Communication Preferences

• Opt out of promotional emails while still receiving important service notifications
• Control push notification settings for different types of updates (mobile app)
• Manage sharing preferences and visibility settings

6.3 Subscription Management

• Cancel subscriptions through the app or your device's subscription settings (mobile) or payment provider (web)
• View subscription status and billing history
• Modify subscription plans and features

7. Regional Privacy Rights

7.1 California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

• Right to know: What personal information we collect and how it's used
• Right to delete: Request deletion of personal information
• Right to opt-out: We don't sell data, but you can opt-out of targeted advertising
• Right to non-discrimination: Equal service regardless of privacy choices
• Right to correct: Request correction of inaccurate personal information

7.2 European Privacy Rights (GDPR)

EU residents have rights under GDPR:

• Right of access: Obtain confirmation and details about data processing
• Right to rectification: Correct inaccurate personal data
• Right to erasure: Delete personal data under certain circumstances
• Right to data portability: Receive data in a structured, commonly used format
• Right to object: Object to processing for direct marketing or legitimate interests
• Right to restrict processing: Limit how we process your data

8. AI and Machine Learning

8.1 AI Features

StashDog uses AI technology to:

• Automatically categorize and tag items
• Provide smart search capabilities
• Generate item descriptions and suggestions
• Improve user experience through personalization

8.2 AI Data Usage

• AI features use your item data to provide personalized recommendations
• Processing may occur on our servers or through third-party AI services
• No AI training is performed on your personal data without explicit consent
• You can opt out of AI features while retaining core app functionality

9. Updates to This Privacy Policy

9.1 Policy Changes

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Industry best practices

9.2 Notification of Changes

We will notify you of significant changes through:

• Email notification to your registered address
• In-app notification when you next use StashDog (mobile app)
• Updated effective date at the top of this policy
• Prominent notice on our website

9.3 Continued Use

Continued use of StashDog after policy updates constitutes acceptance of the new terms.

10. Contact Information

10.1 Privacy Inquiries

For privacy-related questions or concerns:

• Email: privacy@dogfoodlab.io
• Subject line: Include "Privacy Inquiry" for faster response

10.2 Data Protection Officer

For GDPR-related requests:

• Email: dpo@dogfoodlab.io

10.3 General Support

For general app support:

• Email: support@dogfoodlab.io
• Website: https://stashdog.io

11. Consent and Agreement

By creating an account and using StashDog, you:

• Acknowledge that you have read and understood this Privacy Policy
• Consent to the collection and use of your information as described
• Agree to the terms outlined in this policy
• Understand your rights and how to exercise them