Privacy policy
This policy explains what personal data we collect when you buy a WiseTag or use the WiseTag profile service, how we use it, and the rights you have under UK data protection law (the UK GDPR and the Data Protection Act 2018).
1. Who is responsible for your data
The data controller is [PLACEHOLDER: legal entity name, e.g. WiseTap Ltd] (trading as WiseTag), registered office [PLACEHOLDER: registered office address, incl. postcode]. ICO registration number: [PLACEHOLDER: ICO registration number — or remove the line that uses this]. For anything in this policy, contact us at [PLACEHOLDER: support/contact email address].
2. What we collect
- Account data — your email address and a password (stored only as a secure hash, never in plain text).
- Pet profile data— everything you choose to put on the profile: your pet's name, photo, breed, medical notes, and your contact details (phone number, email, backup contact, home area) if you add them.
- Order data — your name, email and delivery address when you buy a tag. Payments are handled entirely by Stripe or Shopify; we never see or store your card details.
- Technical data — an essential session cookie when you log in (see section 6), and standard server logs (IP address, request time) kept for security.
3. Pet profiles are public by design
The whole point of WiseTag is that a stranger who finds your pet can open the profile. Anyone who taps your tag or enters its code can see everything you put on the profile — including your phone number and any other contact details you choose to show. Profiles are not listed or searchable on our site, but they are not private. You control every field and every contact button from your dashboard, and you can remove or change anything at any time. Only add information you are happy for a finder to see.
4. How we use your data and why we are allowed to
- To fulfil your order and run your account and profile — processing necessary to perform our contract with you.
- To send service emails (order confirmation, activation code, password reset) — necessary for the contract. We do not send marketing email unless you have separately agreed to it [PLACEHOLDER: confirm — delete this sentence if no marketing exists at all].
- To keep the service secure and prevent abuse — our legitimate interests.
- To meet legal obligations — e.g. keeping order records for tax purposes.
5. Who we share data with
We do not sell your data. We share it only with the service providers who run the platform for us, acting as our processors:
- Stripe and Shopify — payment and order processing (they act as independent controllers for the payment itself).
- Postmark or Resend — sending service emails.
- Vercel — hosting, and Neon — our database.
Some of these providers process data in the United States. Where they do, the transfer is protected by UK-approved safeguards (the UK Extension to the EU–US Data Privacy Framework, or the ICO's International Data Transfer Agreement/Addendum).
6. Cookies
We use only essential cookies: a session cookie that keeps you logged in to your dashboard, and a CSRF protection cookie. Because these are strictly necessary for the service, no consent banner is required. We do not use advertising or analytics cookies [PLACEHOLDER: confirm no analytics tool is in use — update this if one is added].
7. How long we keep data
- Account and profile data — for as long as your account exists. If you ask us to delete your account, we delete the profile and account data within 30 days.
- Order records — 6 years, as required for UK tax and accounting purposes.
- Server logs — [PLACEHOLDER: log retention, e.g. 30 days].
8. Your rights
Under UK GDPR you have the right to:
- access a copy of the personal data we hold about you;
- have inaccurate data corrected (you can edit your profile yourself at any time);
- have your data erased ("right to be forgotten");
- restrict or object to our processing;
- receive your data in a portable format;
- withdraw consent where processing is based on consent.
To exercise any of these, email [PLACEHOLDER: support/contact email address]. You also have the right to complain to the Information Commissioner's Office at ico.org.uk, though we'd appreciate the chance to resolve any concern first.
9. Children
The service is intended for people aged 18 and over (you must be an adult to buy). We do not knowingly collect data from children.
10. Changes to this policy
If we make material changes we will notify you by email or via your dashboard. See also our Terms of sale & service and Returns & cancellation policy.
Last updated: [PLACEHOLDER: date, e.g. 7 July 2026]