Privacy Notice
Effective: July 10, 2026
Scope: this notice applies to the Pawity mobile application (iOS and Android). Last updated: 23 June 2026.
1. The Data Controller
| Company name | Retroscope Kreatív és Fejlesztő Szolgáltató Kft. (Retroscope Ltd.) |
| Registered office | 6500 Baja, Mészáros Lázár u. 57., Hungary |
| Company registration number | Cg.03-09-118864 |
| Tax number | 14917514-2-03 |
| Representative | Bedekovits Tibor, Managing Director |
| User contact | woof@pawity.app |
| Data protection / legal contact | woof@pawity.app |
| Phone | +36 20 421-77-82 |
Retroscope Ltd. has not appointed a data protection officer, as it is not required to do so under Article 37 of the GDPR. For data protection matters, you can reach us at the contact details above.
2. Introduction
Pawity is a community application for dog owners that offers walk tracking, map-based features, community elements (feed, packs, chat) and gamified elements (treats, badges, leaderboards). Its operation requires the processing of certain personal data.
This notice has been prepared in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.).
A separate data processing applies to the pawity.app website / campaign landing page — that is governed by the privacy notice published on the website.
3. What data we process, for what purpose and on what legal basis
Abbreviations for the legal bases: Contract = GDPR Article 6(1)(b) (provision of the service); Legitimate interest = Article 6(1)(f); Consent = Article 6(1)(a); Legal obligation = Article 6(1)(c).
3.1 Account and identification
- Data processed: email address, password (only in encrypted/hashed form), email verification (OTP) code, optional phone number, and, in the case of social sign-in (Apple, Google, Facebook), the identifier token and basic profile (name, email) received from the provider.
- Purpose: registration, sign-in, account security, change of email address.
- Legal basis: Contract.
3.2 Profile and dog data
- Data processed: nickname, profile picture, bio, linked accounts; the coordinates of the configured home zone (the reference point for map browsing); the name and phone number of an emergency contact (if you provide one); the dog's name, breed, date of birth, sex and picture; household/family members.
- Purpose: displaying the user and dog profile, operating the community features, displaying nearby content by default.
- Legal basis: Contract. Providing an emergency contact is voluntary; if you provide the contact details of a third person, you do so on your own responsibility and after informing them.
3.3 Location data
- Data processed: precise GPS positions recorded during a walk (latitude, longitude, accuracy, altitude, timestamp) and the route assembled from them; the current position used to query nearby walks/places when browsing the map; the coordinates of places and reviews created by the user.
- Purpose: recording and displaying a walk, displaying nearby walks/places/pals, proximity invitations, safety (hazard) alerts, the territorial ("local") classification derived from the starting location of walks for local leaderboards, making your profile discoverable to nearby users, and gating location-based chat access (all of these are described in detail in Section 8).
- Details: see Section 8. Location data.
- Legal basis: Contract (for the operation of the walk feature) and Consent (the device's location permission).
3.4 Communication
- Data processed: the content of chat messages, shared images, reactions, "treats", typing and presence indicators.
- Purpose: messaging between users, walk and pack chat.
- Legal basis: Contract.
3.5 Community (user-generated) content
- Data processed: feed posts (events, classified ads, hazard alerts, general posts), comments, uploaded photos, created places and reviews, alerts during a walk (photo, description, location). For lost/found dog reports: the microchip number, the location and time of the last sighting, and the contact phone number provided (which may also be the contact detail of a third person).
- Purpose: operating the community features, content sharing.
- Legal basis: Contract; for published (public) content, the display is based on Legitimate interest / the user's setting.
- Google Photos (optional): if you explicitly authorize it, we synchronize the photos associated with your walks, dogs or alerts to your own Google Photos storage. This is optional, can be turned off at any time, the access is stored as an encrypted token, and we only carry out the uploads you initiate.
3.6 Connections network and groups
- Data processed: pal (acquaintance) connections, invitation codes and their usage, pack (group) memberships and roles, blocking/muting settings.
- Purpose: managing community connections and groups.
- Legal basis: Contract.
- Invitation attribution: to link the opening of an invitation link with the installation, we store a short-lived, salted IP hash and a fingerprint hash derived from the device's characteristics (without the raw IP address and device identifier), solely within our own system, in order to correctly credit the invitation. This is not advertising-related and not cross-site tracking.
3.7 Gamification and view statistics
- Data processed: treat balance and history, earned badges, leaderboard rankings; a log of profile and post views (who viewed your profile or post, with a timestamp) for the view statistics and the premium "who viewed my profile" feature.
- Purpose: operating the gamified elements and motivational features, providing view feedback.
- Local leaderboard classification: for the "local" (nearby) leaderboards, the system derives a territorial classification from the starting location of your walks (the centroid of the starting points of your recent walks, or, if it is close to it, your configured home zone), solely so that you are classified to your real neighborhood and so that the ranking cannot be manipulated by arbitrary location-setting. Details are in Section 8.
- Legal basis: Contract (for the operation of the gamified features and the leaderboard); with regard to the manipulation-prevention purpose of the local classification, Legitimate interest.
The Application does not make any solely automated decisions producing legal effects concerning the User. The leaderboards and content recommendations are based on automatic calculation, but these do not constitute automated decision-making within the meaning of Article 22 of the GDPR.
3.8 Device, presence and notification data
- Data processed: push notification (FCM) token, the device's operating system and platform (iOS/Android), the application version, the last active time per device, and the account's last activity (last seen) timestamp for the presence indicator. To prevent abuse, we use Firebase App Check device attestation (Play Integrity on Android, Apple App Attest on iOS), during which a device integrity token is generated.
- Purpose: delivering push notifications (walk, community and system notifications), presence indication, abuse prevention.
- Legal basis: Contract (system notifications, presence) and Legitimate interest (abuse prevention); for marketing-type notifications, Consent (which can be turned off at any time in the application settings).
3.9 Purchase (premium subscription)
- Data processed: if we make a premium subscription available in the future, the management of the purchase will involve the processing of data by RevenueCat and the Apple/Google payment systems (user identifier, transaction and receipt data, entitlement status). The application does not see or store any bank card data — the payment is handled by the App Store / Google Play.
- Purpose: when a premium subscription is introduced, managing the subscription and verifying the premium entitlement.
- Legal basis: Contract.
3.10 Analytics, telemetry and error reporting
- Data processed: usage events (e.g. screen view, button press, API call metadata, walk completion), session identifier; error reports and crash data, and the associated device information and user identifier. Our error diagnostics provider (Sentry) receives the error reports with PII minimization: we attach the user identifier, but we remove the IP address and the email address before sending to Sentry. No screen recording (session replay) is made.
- Purpose: measuring the operation of the application, detecting and fixing errors, improving the service.
- Legal basis: Legitimate interest (the stable operation and improvement of the application).
3.11 Local data storage on the device (cookie-like technologies)
- Data processed: the application stores data in the device's local storage for its operation: authentication and session tokens, application settings and preferences (e.g. language, theme, notification settings), and a performance cache (offline availability and faster loading). The application does not use browser cookies and does not place any advertising or cross-site tracking technology on the device.
- Purpose: maintaining the signed-in state, preserving settings, ensuring offline operation and faster loading.
- Legal basis: Contract, or legitimate interest — storage that is strictly necessary for the provision of the service and serves operational purposes only. Since the application does not place any non-essential (e.g. marketing or tracking) storage technology, no separate cookie consent banner appears in the application. The locally stored data can be removed by uninstalling the application or by deleting your account. The cookies used on the website are governed by the Cookie Policy.
3.12 Source of the data and its provision
We receive most of the data directly from you. In the case of social sign-in (Apple, Google, Facebook), we receive the identifier and the basic profile (name, email) from the relevant provider, with your consent. Creating an account requires providing an email address (or social sign-in); without this, the service cannot be used. Providing profile, dog and location data is voluntary, but certain features work only in a limited way without them.
4. Data processors and third-party providers
We use the following providers; they act in accordance with their own privacy policies:
| Provider | Function | Data concerned |
|---|---|---|
| Google Ireland Ltd. / Google LLC (Firebase, App Check) | Authentication, push (FCM), realtime database, device attestation | user identifier, push token, realtime events, device integrity token |
| Google Ireland Ltd. / Google LLC (Google sign-in) | "Sign in with Google" | Google identifier, basic profile (name, email) |
| Google LLC (Google Photos) | Photo synchronization explicitly authorized by the user | uploaded walk/dog/alert photos, Google account identifier |
| Apple Inc. | "Sign in with Apple", App Store payment, App Attest | Apple identifier, purchase data, device attestation |
| Meta Platforms Ireland Ltd. | Facebook sign-in | Facebook identifier, basic profile (name, email) |
| RevenueCat, Inc. | Subscription management (when the premium subscription is introduced) | user identifier, transaction/receipt data |
| Functional Software, Inc. (Sentry) | Error and crash reporting | error data, device info, user identifier (without IP address and session replay) |
| Expo (650 Industries, Inc.) | Application update delivery (OTA), build infrastructure | application/runtime version, platform, update identifier |
| Netfabrik Kft. | Server hosting (VPS) | data stored in the backend |
Google Maps forwards display requests to Google's servers in order to render the map (with the coordinates related to the map view).
5. Transfer of data to third countries
Some providers — the services of Google/Firebase (e.g. Realtime Database, Cloud Messaging, App Check), Google sign-in and Google Photos, Apple, Meta, Sentry, RevenueCat and certain infrastructures of Expo — may also process data in the United States. In these cases, the data transfer takes place with appropriate safeguards (e.g. the European Commission's Standard Contractual Clauses – SCC, or certification under the EU–US Data Privacy Framework). The safeguard may differ from provider to provider; for details, the privacy policy of the relevant provider is authoritative.
6. Data retention
- We process the data associated with your account for as long as the account exists.
- Account deletion: can be initiated from the application (Settings → Delete account) and also at https://pawity.app/fiok-torles. The deletion becomes final after a 30-day grace period; during this time the account can be restored by signing in again. After the grace period, we permanently delete the data or irreversibly anonymize it.
- Individual items of content (post, message, dog, walk) can also be deleted separately.
- We process the error and analytics data for a limited time, in accordance with the retention rules of the relevant provider.
- In the case of a legal obligation (e.g. accounting, consumer protection), we retain the relevant data for the period prescribed by law.
7. Rights of the data subject (user)
Under the GDPR, you have the right to:
- access the data we process about you (a data export can also be requested from the application),
- rectify inaccurate data,
- have your data erased ("right to be forgotten"; account deletion provides this),
- restrict or object to the processing,
- request data portability,
- withdraw your consent at any time in the case of processing based on consent.
You can submit your requests at woof@pawity.app. We will respond without undue delay, but no later than within the time limit prescribed by law.
8. Location data – detailed information
- Precise location determination takes place primarily during an active walk. From the start to the end of the walk, the application continues location determination with a foreground service — this records the route of the walk and operates the safety/proximity notifications. This continues even when the phone screen is locked or the application is not in the foreground; in such cases the system indicates the ongoing location determination (a notification, or the location indicator in the status bar).
- For the duration of the walk, the application continues location determination in the background (with the screen locked) as well; on iOS this may also use the system's "Always allowed" location access, which is, however, limited solely to the duration of the active walk. We do not track your location when there is no walk, and continuous location determination ceases when the walk ends.
- Continuous, real-time location tracking takes place only during a walk; the configured home zone, by contrast, is a static reference point provided by you, which we store for the default display of nearby content.
- When browsing the map, we use the current position to query nearby content.
- For the local leaderboards, the system derives a territorial ("local") classification from the recent starting location of your walks: it takes the centroid of the starting points of your most recent walks (at most 10, within 3 months), and if your configured home zone is close to it (roughly within 10 kilometers), it uses that. This serves solely so that you are classified to your real neighborhood and so that the ranking cannot be manipulated by arbitrary location-setting. We do not share your raw GPS coordinates with other users for this, and the classification ceases when your walk history or your account is deleted.
- During discovery (searching for nearby users, dogs, packs), based on your configured home zone, or in its absence your last known position, your profile may appear among other users' "nearby" results, typically within a radius of about 25 km at most. Whether you appear is governed by your profile visibility setting, and in such cases we do not show your exact coordinates to others (we only use the proximity classification).
- The gating of location-based chat access: in the application, certain dog-related places (e.g. dog parks, cafés, parks) have their own chat surface. To read and write in it, the application checks whether your current location (your current GPS position) or the destination of your active walk is connected to the given place. This check uses your location data in real time or from the metadata of the active walk, and serves solely to make the gating decision, not for persistent logging. Its purpose is to keep place chats relevant for users who are actually connected to the location.
- The non-identifying aggregation of on-site presence: on the chat surface of a given dog-related place, a non-identifying, aggregated count may appear showing how many people are currently near the location. This is an aggregated number only, does not reveal the identity or exact position of individual users, and does not count users who are on a privately visible walk.
- You control the visibility of a walk: public / pals only / private. This per-walk setting determines who can see your live position on the map and on the proximity surfaces during your active walk; in the case of a private walk, we do not display your live position to anyone. The visibility of your profile (who can find you in discovery) can be set separately from this, independently.
- The recorded walk route can be removed by deleting the walk or the account.
- The location permission can be withdrawn at any time in the device settings; the location-dependent features will then work in a limited way, but the other parts of the application remain usable.
9. Minors
The application is intended for persons who have reached the age of 16. We do not knowingly process the data of users under 16. If we become aware that we are processing the data of a person under 16 without an appropriate legal basis, we delete the data concerned. Our detailed rules on the safety of children are set out in the Child Safety Standards.
10. Data security
We transmit personal data over an encrypted connection (HTTPS); we keep the authentication tokens in secure storage (Secure Store) on the device. Access to the backend is restricted and password-protected. To prevent abuse, we use Firebase App Check device attestation. We protect the data against unauthorized access with appropriate organizational and technical measures.
If you detect a data protection incident, you can report it at woof@pawity.app. In the case of a high-risk incident, we will inform the data subjects without undue delay and — in accordance with the law — the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
11. Tracking and personalization
The application does not carry out cross-site tracking: it does not combine user data with the data of other companies for advertising purposes, and it does not pass data to data brokers. Therefore the application does not display an App Tracking Transparency (ATT) prompt and does not use an advertising identifier (IDFA, or the Android advertising ID). The attribution hash used to correctly credit invitations, which exists solely within our own system (see 3.6), is not advertising-related and not cross-site tracking.
If we personalize the recommended content (for example, based on location data or the dog's data), we do so solely from the (first-party) data processed within our own system.
12. Amendment of this notice
We update the notice as needed. We will inform you in the application about material changes. The version in force at any given time is available from the application and on pawity.app.
13. Remedies
You can submit a data protection complaint to the supervisory authority:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH) 1055 Budapest, Falk Miksa utca 9–11. · ugyfelszolgalat@naih.hu · +36 1 391 1400 · naih.hu
If your rights are infringed, you can also turn to the courts.