Privacy Policy
Last updated: June 25, 2026
This Policy describes how the StayWise Admin application processes personal data, in compliance with Brazil's General Data Protection Law (LGPD, Law No. 13,709/2018) and the European Union's General Data Protection Regulation (GDPR).
1. Controller and Data Protection Officer
The controller of the data processed for the operation of StayWise Admin is Guilherme Pinzegher Ramos, an individual, acting as controller until the legal entity is incorporated. Full identification details (tax ID and address) can be requested via the email below.
The Data Protection Officer (LGPD, art. 41) is Guilherme Pinzegher Ramos, who can be contacted at privacidade@staywise.pet.
2. Data we collect
- Account data: name, email, username and, when you use social login, Google and Apple identifiers. Passwords are stored only in protected (hashed) form.
- Authentication and security: sessions, tokens and, if enabled, multi-factor authentication (MFA) secrets.
- Subscription data: status, plan and billing cycle of the subscription received from the Apple App Store. We do not collect or store card data — payment is processed by Apple.
- Data you enter (about the business): customer, pet, booking, photo and operational record information. For this data, you are the controller and we are the processor (see section 9).
- Usage and diagnostic data: technical logs and error reports for stability and security.
- Essential cookies: on the web panel we use a session cookie to keep you signed in. We do not use advertising cookies or third-party tracking.
3. Purposes and legal bases
- Provide and maintain the service (authentication, features, support) — performance of a contract.
- Process subscriptions and control access to paid features — performance of a contract.
- Security, fraud prevention and service improvement — legitimate interest, balanced against your rights.
- Comply with legal obligations (for example, keeping tax records) — legal obligation.
4. Sharing and processors (sub-processors)
We do not sell personal data. We share data only with providers that support our operation, under contract and instructions:
- Apple — subscription processing (in-app purchases).
- Google — social login authentication (OAuth).
- MongoDB Atlas — database (hosted in the European Union, Frankfurt).
- Cloudflare R2 — media storage (photos).
- Google Cloud (Cloud Run, europe-west1 region) — application hosting.
- Sentry — error and stability monitoring.
We may also disclose data when required by law or to protect rights, security and the integrity of the service.
5. International transfers and data residency
The main infrastructure is kept in the European Union. Where an international transfer occurs (for example, to sub-processors), it is carried out with appropriate safeguards provided for under the LGPD and the GDPR (such as standard contractual clauses).
6. Retention and deletion
We keep personal data while the account is active and for as long as necessary for the purposes above. When you request account deletion in the app, the account is deactivated immediately and your personal data is anonymized after a 15-day grace period (protection against accidental deletion and fraud). Records the law requires us to keep — for example, tax records — may be retained for the legal period, unlinked from the account. You can export your data from the app at any time.
- Account data (name, email, login identifiers, MFA secrets): kept while the account is active; anonymized within 15 days after the deletion request.
- Financial records (receipts): retained for the period required by applicable tax law, unlinked from the account.
- Security and audit logs: kept for a limited period, for security and legal compliance.
7. Your rights
Under the LGPD and the GDPR, you may request: confirmation of and access to your data; correction; anonymization or deletion; restriction of processing; portability; information about sharing; withdrawal of consent; and objection to certain processing. We do not make decisions based solely on automated processing with significant effects on you. To exercise:
- Account deletion and data export: directly in the app (Settings → Profile).
- Other requests: privacidade@staywise.pet.
You may also lodge a complaint with the competent authority (the ANPD in Brazil; the applicable data protection authority in the EU).
8. Security
Among the technical and organizational measures we adopt:
- encryption in transit (HTTPS/TLS);
- encryption at rest in the database and media storage;
- passwords stored with hashing (bcrypt), never in plain text;
- sensitive fields (social login tokens, MFA secrets) encrypted in the database;
- multi-factor authentication (MFA) available and role-based access control, with audit logs;
- periodic secret rotation and error and security monitoring.
No method is 100% infallible, but we work continuously to mitigate risks. In the event of a security incident involving personal data, we will notify the competent authority (in Brazil, the ANPD) and, where there is high risk to data subjects, the data subjects themselves, within the legal deadlines.
9. Business customer data (processor)
For the customer and pet data you register, the business is the controller and StayWise is the processor, handling it according to your instructions. Requests from data subjects of this data should be directed to the responsible business; we may assist in handling them as per the contract.
10. Children
StayWise Admin is intended for professional use by adults and is not directed to anyone under 18. We do not knowingly collect children's data.
11. Changes
We may update this Policy. Material changes will be communicated by reasonable means, and the "last updated" date will be revised.
12. Contact
Questions about privacy or to exercise your rights: privacidade@staywise.pet.