Privacy Policy

Last updated: 28 March 2026 · Effective: 28 March 2026

TailWag ("we", "our", "us") is operated by TailWag Pty Ltd, Australia. This policy explains how we collect, use, disclose, and protect personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in the European Economic Area, we also comply with the GDPR.

1. Information We Collect

Category	Examples	Purpose
Account data	Email address, Apple ID token, nickname	Authentication, account management
Dog profile	Name, breed, age, photos	Discovery, matching, breed boards
Location (coarse)	Suburb / area bucket (not GPS)	Proximity-based discovery
Location (precise)	GPS coordinates during walks	Walk tracking (in-session only)
Messages	Chat thread content	In-app messaging between matched users
Walk activity	Distance, duration, route	Walk stats, XP/leaderboards
Device ID (hashed)	SHA-256 of vendor UUID	Anonymous analytics grouping
Usage events	Feature interactions, session start	Product analytics (no cross-app tracking)

We do not collect payment card numbers. Payments are processed by Apple In-App Purchase (governed by Apple's privacy policy).

2. How We Use Your Information

Providing and improving the TailWag app and website
Matching your dog with compatible dogs nearby
Enabling breed boards, leaderboards, and community features
Processing membership subscriptions via Apple IAP
Sending in-app and push notifications (with your permission)
Safety features — lost dog alerts, QR collar identification
Complying with legal obligations

We do not sell your personal information. We do not use your data for targeted advertising.

3. Disclosure of Information

We share data only as necessary:

Supabase Inc. — cloud database and storage (data hosted in AWS ap-southeast-2, Sydney)
Apple Inc. — authentication (Sign in with Apple) and payments (IAP)
Vercel Inc. — website hosting
Law enforcement or regulators — only when required by Australian law or a valid court order

All third-party providers are contractually bound to process data only as instructed and maintain appropriate security.

4. Your Rights

Under the Australian Privacy Act and GDPR, you have the right to:

Access — download a copy of all data we hold (Settings → Privacy → Download My Data)
Correction — update any inaccurate information in your profile
Erasure — permanently delete your account and all associated data (Settings → Privacy → Delete My Account)
Portability — receive your data in JSON format
Withdraw consent — at any time for optional processing (e.g., location, analytics)
Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any right, use the in-app Privacy Settings or email privacy@tailwag.app. We respond within 30 days.

5. Data Retention

Chat messages: automatically deleted after 30 days
Analytics events: retained for 90 days
Walk activity: retained until you delete your account
Account data: retained until account deletion is requested
Legal/compliance logs (e.g., ToS acceptance): retained for 7 years as required by Australian record-keeping obligations

6. Security

We apply defence-in-depth security including:

TLS 1.2+ encryption for all data in transit
AES-256 encryption for data at rest (Supabase infrastructure)
Row Level Security policies — users can only access their own data
EXIF metadata stripped from all uploaded photos
Signed URLs with 1-hour expiry for photo access
Jailbreak and debugger detection in the app
SHA-256 hashed device identifiers (not raw UUIDs)
Regular security audits

In the event of a data breach that is likely to result in serious harm, we will notify affected users and the OAIC within 30 days as required by the Notifiable Data Breaches scheme.

7. Children's Privacy

TailWag is intended for users aged 18 and over only. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has created an account or provided personal information, we will terminate their account and delete their data promptly.

8. Location Data

Coarse location (suburb/area bucket): Used for discovery. Stored in our database against your profile.

Precise GPS location: Collected only during active walks. Route data is stored in your activity history. You can delete all activities via Privacy Settings.

You can withdraw location permission at any time in iOS Settings → TailWag → Location.

9. International Transfers

Your data is primarily stored on AWS servers in Sydney, Australia (ap-southeast-2). Supabase Inc. is headquartered in the United States; data may transit through US infrastructure subject to appropriate contractual safeguards (Standard Contractual Clauses where applicable).

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via in-app notification and update the "Last updated" date above. Continued use after changes constitutes acceptance.

11. Contact

Privacy queries: privacy@tailwag.app
Postal: TailWag Pty Ltd, Australia