Pawity Back

Privacy Notice

Effective: July 10, 2026

Scope: this notice applies to the Pawity mobile application (iOS and Android). Last updated: 23 June 2026.


1. The Data Controller

Company nameRetroscope Kreatív és Fejlesztő Szolgáltató Kft. (Retroscope Ltd.)
Registered office6500 Baja, Mészáros Lázár u. 57., Hungary
Company registration numberCg.03-09-118864
Tax number14917514-2-03
RepresentativeBedekovits Tibor, Managing Director
User contactwoof@pawity.app
Data protection / legal contactwoof@pawity.app
Phone+36 20 421-77-82

Retroscope Ltd. has not appointed a data protection officer, as it is not required to do so under Article 37 of the GDPR. For data protection matters, you can reach us at the contact details above.

2. Introduction

Pawity is a community application for dog owners that offers walk tracking, map-based features, community elements (feed, packs, chat) and gamified elements (treats, badges, leaderboards). Its operation requires the processing of certain personal data.

This notice has been prepared in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.).

A separate data processing applies to the pawity.app website / campaign landing page — that is governed by the privacy notice published on the website.

3. What data we process, for what purpose and on what legal basis

Abbreviations for the legal bases: Contract = GDPR Article 6(1)(b) (provision of the service); Legitimate interest = Article 6(1)(f); Consent = Article 6(1)(a); Legal obligation = Article 6(1)(c).

3.1 Account and identification

3.2 Profile and dog data

3.3 Location data

3.4 Communication

3.5 Community (user-generated) content

3.6 Connections network and groups

3.7 Gamification and view statistics

The Application does not make any solely automated decisions producing legal effects concerning the User. The leaderboards and content recommendations are based on automatic calculation, but these do not constitute automated decision-making within the meaning of Article 22 of the GDPR.

3.8 Device, presence and notification data

3.9 Purchase (premium subscription)

3.10 Analytics, telemetry and error reporting

3.11 Local data storage on the device (cookie-like technologies)

3.12 Source of the data and its provision

We receive most of the data directly from you. In the case of social sign-in (Apple, Google, Facebook), we receive the identifier and the basic profile (name, email) from the relevant provider, with your consent. Creating an account requires providing an email address (or social sign-in); without this, the service cannot be used. Providing profile, dog and location data is voluntary, but certain features work only in a limited way without them.

4. Data processors and third-party providers

We use the following providers; they act in accordance with their own privacy policies:

ProviderFunctionData concerned
Google Ireland Ltd. / Google LLC (Firebase, App Check)Authentication, push (FCM), realtime database, device attestationuser identifier, push token, realtime events, device integrity token
Google Ireland Ltd. / Google LLC (Google sign-in)"Sign in with Google"Google identifier, basic profile (name, email)
Google LLC (Google Photos)Photo synchronization explicitly authorized by the useruploaded walk/dog/alert photos, Google account identifier
Apple Inc."Sign in with Apple", App Store payment, App AttestApple identifier, purchase data, device attestation
Meta Platforms Ireland Ltd.Facebook sign-inFacebook identifier, basic profile (name, email)
RevenueCat, Inc.Subscription management (when the premium subscription is introduced)user identifier, transaction/receipt data
Functional Software, Inc. (Sentry)Error and crash reportingerror data, device info, user identifier (without IP address and session replay)
Expo (650 Industries, Inc.)Application update delivery (OTA), build infrastructureapplication/runtime version, platform, update identifier
Netfabrik Kft.Server hosting (VPS)data stored in the backend

Google Maps forwards display requests to Google's servers in order to render the map (with the coordinates related to the map view).

5. Transfer of data to third countries

Some providers — the services of Google/Firebase (e.g. Realtime Database, Cloud Messaging, App Check), Google sign-in and Google Photos, Apple, Meta, Sentry, RevenueCat and certain infrastructures of Expo — may also process data in the United States. In these cases, the data transfer takes place with appropriate safeguards (e.g. the European Commission's Standard Contractual Clauses – SCC, or certification under the EU–US Data Privacy Framework). The safeguard may differ from provider to provider; for details, the privacy policy of the relevant provider is authoritative.

6. Data retention

7. Rights of the data subject (user)

Under the GDPR, you have the right to:

You can submit your requests at woof@pawity.app. We will respond without undue delay, but no later than within the time limit prescribed by law.

8. Location data – detailed information

9. Minors

The application is intended for persons who have reached the age of 16. We do not knowingly process the data of users under 16. If we become aware that we are processing the data of a person under 16 without an appropriate legal basis, we delete the data concerned. Our detailed rules on the safety of children are set out in the Child Safety Standards.

10. Data security

We transmit personal data over an encrypted connection (HTTPS); we keep the authentication tokens in secure storage (Secure Store) on the device. Access to the backend is restricted and password-protected. To prevent abuse, we use Firebase App Check device attestation. We protect the data against unauthorized access with appropriate organizational and technical measures.

If you detect a data protection incident, you can report it at woof@pawity.app. In the case of a high-risk incident, we will inform the data subjects without undue delay and — in accordance with the law — the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

11. Tracking and personalization

The application does not carry out cross-site tracking: it does not combine user data with the data of other companies for advertising purposes, and it does not pass data to data brokers. Therefore the application does not display an App Tracking Transparency (ATT) prompt and does not use an advertising identifier (IDFA, or the Android advertising ID). The attribution hash used to correctly credit invitations, which exists solely within our own system (see 3.6), is not advertising-related and not cross-site tracking.

If we personalize the recommended content (for example, based on location data or the dog's data), we do so solely from the (first-party) data processed within our own system.

12. Amendment of this notice

We update the notice as needed. We will inform you in the application about material changes. The version in force at any given time is available from the application and on pawity.app.

13. Remedies

You can submit a data protection complaint to the supervisory authority:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH) 1055 Budapest, Falk Miksa utca 9–11. · ugyfelszolgalat@naih.hu · +36 1 391 1400 · naih.hu

If your rights are infringed, you can also turn to the courts.