← Back

Privacy Policy

Last updated: 2026-05-10

1. Who We Are

GOGI - Pets Management is a web-based pet management service available at https://gogi.pet. We help pet owners track their pets' health records, events, vaccinations, vet visits, and documents.

We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law.

2. Data We Collect

We collect only the data necessary to provide our service. Here is what we store:

Account Information

Username, email address, phone number (optional), and display name
Password (stored as a secure one-way hash - we never store your actual password)
Two-factor authentication secret (if enabled)
Preferences: language, timezone, date/time format, theme, notification settings

Pet Data

Pet profiles: name, species, gender, dates (birth, death, neutering), vet details, notes, and links
Events: vet visits, vaccinations, grooming, and other recorded events
Health records: weight, temperature, and other measurements over time
Photos: pet profile photos and gallery images
Documents: uploaded files such as vet records, insurance papers, and certificates

Technical Data

IP address and browser user agent (recorded in security logs and session data)
Session information (login times, session duration)
Activity logs (actions performed within the application for security and audit purposes)

Payment Data

Subscription status and amount (if subscribed)
We do not store credit card numbers or bank details - all payment processing is handled by PayPal

3. Why We Collect Data and Legal Basis

Purpose	Legal Basis
Providing the pet management service	Contract performance - necessary to deliver the service you registered for
Sending email notifications (birthday reminders, event alerts)	Consent - you opt in to notifications and can disable them at any time
Processing subscription payments	Contract performance - necessary to manage your subscription
Security logging (login attempts, password changes)	Legitimate interest - protecting your account and the service from abuse
Responding to contact form messages	Legitimate interest - responding to your enquiries

4. Data Storage and Security

We take the security of your data seriously. Measures we employ include:

All data is transmitted over HTTPS (TLS encryption in transit)
Passwords are hashed using bcrypt with a unique salt per user
Two-factor authentication (TOTP) is available and recommended
Session management with configurable automatic timeouts
Rate limiting on login attempts to prevent brute-force attacks

5. Document Encryption

You may optionally enable document encryption for files uploaded to your pet profiles. When enabled, documents are encrypted using AES-256-GCM with a key derived from your password. This means only you can access the content of encrypted documents - even we cannot read them.

Important: if you lose your password and reset it, encrypted documents cannot be recovered. You are solely responsible for your encryption password.

6. Cookies

We use a single session cookie (PHPSESSID) which is strictly necessary for the application to function. This cookie identifies your login session and is deleted when you close your browser or when your session expires.

We do not use any tracking cookies, analytics cookies, or advertising cookies. We do not track you across websites.

7. Third Parties

We share data with the following third parties only as necessary to provide the service:

PayPal - for subscription payment processing. PayPal receives your payment details directly. See PayPal's privacy policy at paypal.com/privacy.
Email service provider - for sending notification emails (password resets, birthday reminders, contact form responses). Only your email address and message content are shared.

We do not sell, trade, or rent your personal data to anyone. We do not share your data with advertisers or data brokers.

8. Data Retention

We retain your data for as long as your account is active. Specifically:

Account and pet data - retained until you delete your account
Security logs - retained according to the system's configured retention period, then automatically purged
Session data - automatically cleaned up after session expiry

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access - You can request a copy of all personal data we hold about you.
Right to Data Portability - You can export all your data (pets, events, health records, documents, photos) in a portable format from your account settings.
Right to Rectification - You can correct or update your personal data at any time through your account profile and pet management pages.
Right to Erasure - You can request permanent deletion of your account and all associated data. This action is irreversible.
Right to Restriction of Processing - You can request that we limit how we process your data in certain circumstances.
Right to Object - You can object to processing based on legitimate interest.
Right to Lodge a Complaint - You have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

To exercise any of these rights, contact us at admin@gogi.pet.

10. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top reflects the most recent revision. We encourage you to review this page periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at admin@gogi.pet.