Your Privacy Matters

FitFur Privacy Policy

Last updated: January 5, 2026

FitFur ("FitFur", "we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, app(s), wearables, and related services (collectively, the "Services"). It also explains your rights and choices.

If you do not agree with this Policy, please do not use the Services.

1) Who we are & scope

Controller/Business: FitFur Ltd.
Registered address: IFZA Business Park, Dubai Silicone Oasis, Dubai, United Arab Emirates
Contact: hello@fitfur.com

This Policy applies to:

  • The FitFur website (including waitlist and shop pages).
  • The FitFur app(s) and integrated services (e.g., maps, weather, notifications).
  • Wearable integrations (e.g., pet collar devices) connected to the app.
  • Commerce experiences (e.g., Shopify) when you view products or purchase.

2) What we collect

We collect information in three ways: directly from you, automatically, and from third parties.

A) Information you provide

  • Account & profile: name, email, password, country/region; pet profile details (breed, age, weight, coat type, sensitivities).
  • Waitlist & marketing: name, email, interests/preferences.
  • Forms & support: messages, survey responses, troubleshooting details.
  • Commerce: shipping/billing info (processed by payment providers), order history, returns.
  • Social features (if enabled): photos you upload, captions, reactions, follows.
  • User-generated content: posts, meet-ups, lost-pet alerts, and related metadata.
  • Consents: marketing preferences, cookie choices, data-sharing opt-ins/opt-outs.

B) Information collected automatically

  • Usage & device data: IP address, app version, device identifiers, OS/browser type, language, time zone, crash logs, pages/screens viewed, clicks, referrers.
  • Location data: approximate location (via IP) and, if you opt in, precise location for features like heat-risk alerts, nearby maps, lost-pet notices.
  • Cookies/SDKs: cookies, pixels, local storage, and mobile SDKs for core operations, analytics, and (if enabled) marketing attribution.

C) Information from partners & third parties

  • Wearables: pet biometrics (e.g., activity, sleep, heart/respiratory indicators) and device status when paired.
  • Commerce & logistics: order and fulfillment data from providers (e.g., Shopify).
  • Analytics/ads: aggregated insights, campaign performance.
  • Maps/weather: location POIs and environmental data for safety alerts.

Sensitive information. We do not intentionally collect government IDs or precise financial data. We treat pet health indicators as sensitive within our system and protect them accordingly.

3) How we use information (purposes)

We use information to:

  1. Provide the Services (create/manage accounts, show dashboards, run features).
  2. Offer pet wellness guidance (breed-aware goals, nudges, symptom info, avatar coaching).
  3. Operate wearables (connect devices, display real-time vitals).
  4. Send communications (transactional notices; optional marketing you can opt out of).
  5. Personalize experiences (remember settings, tailor content).
  6. Analytics & improvement (debug, measure performance, A/B test).
  7. Safety & integrity (fraud prevention, abuse detection, content moderation for social features).
  8. Commerce (catalog, checkout, payments, shipping, returns).
  9. Legal compliance (security, recordkeeping, regulatory requests).

Where required, we'll ask for consent (e.g., marketing emails, precise location). Where permitted, we rely on legitimate interests (e.g., site/app operations, fraud prevention, internal analytics). At times we process data to perform a contract (e.g., deliver the Services you request) or to comply with law.

4) Cookies, mobile SDKs, and preferences

We use cookies, pixels, local storage, and SDKs to remember settings, keep you signed in, measure usage, and support marketing attribution (if enabled). You can manage cookies through our Consent Manager and your browser/device settings. Some features may not function without certain cookies or permissions.

  • Do Not Track/GPC: If your browser sends a Global Privacy Control (GPC) signal, we will treat it as a request to opt out of cross-context advertising where required by law.
  • Consent records: Your choices are stored and can be changed at any time in settings.

5) Disclosures & sharing

We do not sell personal information. We share data only with:

  • Service providers / processors (hosting, analytics, email, payments, commerce, identity verification, security, content moderation, LLM vendors with strict safeguards).
  • Commerce partners (e.g., Shopify for store, checkout, fulfillment).
  • Integration partners (maps, weather, wearables) to power requested features.
  • Business transfers (e.g., merger, acquisition).
  • Legal & safety (to comply with law, enforce terms, protect users and pets).

We require processors to handle data per our instructions and apply appropriate security.

6) International transfers

Your information may be transferred to, stored, or processed in countries other than your own. Where required (e.g., EU/UK), we use appropriate safeguards such as Standard Contractual Clauses and conduct transfer risk assessments.

7) Data retention

We keep information only as long as needed for the purposes described above and to meet legal, accounting, or reporting obligations.

User-identifiable data (UID):

  • Account data: Retained for as long as your account is open. When you request account closure, we queue deletion and destroy UID within 90 days of verified closure, subject to lawful holds.
  • Waitlist records: Retained until you unsubscribe or we no longer need them to provide launch/product updates; if you create an account and later close it, associated UID follows the 90-day post-closure rule.
  • Wearable data: Retained while your device is paired to your account. If you unpair or close your account, related UID is deleted within 90 days.
  • UGC / social posts: Retained until you delete them or your account closes; upon closure we delete associated UID within 90 days.
  • Support tickets / communications: Retained for the life of the account, then deleted within 90 days of closure, unless a longer period is required by law.

Obfuscated, de-identified, and aggregate data:

  • We may retain obfuscated data, metadata, or aggregated analytics beyond the 90-day window to operate, secure, and improve back-end systems and to evaluate or train models, consistent with applicable law (including GDPR/UK GDPR principles and emerging EU AI Act requirements).
  • These datasets are not reasonably linkable to an identified or identifiable person. We apply technical and organizational safeguards (e.g., aggregation, hashing, truncation, k-anonymity where appropriate) and prohibit re-identification.

Logs and diagnostics:

  • Operational logs and telemetry are retained for a limited period and then aggregated or de-identified for longer-term reliability, security, anti-abuse, and analytics needs.

Legal holds and disputes:

  • If we receive a legal request or need to preserve records for a dispute, we may retain specific data beyond the periods above for as long as necessary to comply with legal obligations and then delete it promptly.

Your controls:

  • You can request deletion of your account or specific UID at any time. Where required by law, you may object to or opt out of certain processing, including the use of de-identified data for model evaluation or improvement. See Your rights & choices for how to submit a request.

We maintain an internal retention schedule and securely delete or irreversibly de-identify data when the relevant period ends.

8) Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, network monitoring, secure development practices). No system is 100% secure. If we become aware of a data incident, we will notify affected users and regulators as required by law.

9) Your rights & choices

Depending on your location, you may have rights to:

  • Access and port your data.
  • Correct inaccuracies.
  • Delete your data.
  • Object to or restrict processing.
  • Withdraw consent (e.g., marketing, precise location).
  • Opt-out of targeted advertising, sales, and profiling (as defined by law).
  • Appeal a decision (certain US laws).

To exercise rights, contact hello@fitfur.com. We may verify your request and respond within the time required by law. Authorized agents (e.g., for California residents) can submit requests with appropriate proof. You may also update settings directly in the app/website.

10) Children's privacy

Our Services are not directed to children under 13 (or the equivalent age of consent in your region). We do not knowingly collect personal information from children without verifiable parental consent. If you believe a child has provided us data, contact hello@fitfur.com and we will take appropriate action.

11) Third-party services & links

Our Services may link to or integrate with third-party sites and tools (e.g., maps, weather, payment providers, social platforms). Their privacy practices are governed by their policies. Review those policies before using their services.

12) Automated decision-making & profiling

We may use rules engines and machine-learning models to personalize guidance (e.g., breed-aware goals, risk nudges). We do not make decisions with legal or similarly significant effects without human review. You can contact us to learn more about how these systems influence your experience.

13) Region-specific notices

A) European Union/United Kingdom (GDPR/UK GDPR)

  • Controller: FitFur Ltd.
  • Legal bases: consent, contract, legitimate interests, legal obligations.
  • International transfers: SCCs and other safeguards as required.
  • Complaints: You may lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or your EU DPA). We encourage you to contact us first.

B) United States (State privacy laws incl. CA/VA/CO/CT/UT and others)

  • "Sale" / "Sharing" / targeted advertising: We do not sell personal information. We honor legal opt-out rights for targeted advertising and will process GPC signals where required.
  • Sensitive personal information: We limit use of sensitive categories to the extent required by law and do not use them to infer characteristics about you.
  • Appeals: If we deny a request, you may appeal by replying to our decision email; we will respond within the timelines required by your state law.

C) Canada (PIPEDA & provincial laws)

  • You may access and correct your personal information, and withdraw consent at any time (subject to legal or contractual restrictions).
  • Contact hello@fitfur.com for questions or complaints; you may also contact the Office of the Privacy Commissioner of Canada or your provincial authority.

D) Australia / New Zealand

  • We comply with applicable principles under the Privacy Act 1988 (Cth) and the NZ Privacy Act 2020.
  • Contact hello@fitfur.com to access/correct information or raise a complaint. We will respond promptly and outline steps for escalation if needed.

E) Brazil (LGPD)

  • Controller: FitFur Ltd.
  • Legal bases include consent, contract, legitimate interests, and compliance with legal obligations. You may exercise LGPD rights by contacting hello@fitfur.com.

14) Commerce & integrations notices

Shopify (commerce)

If you interact with our Shop pages or complete a purchase, Shopify may process certain data (catalog, checkout, payments, taxes, orders). Shopify acts as our service provider/processor. Review Shopify's privacy documentation for more details.

Analytics & crash reporting

We use analytics to understand performance and improve the Services. Where required, analytics runs with your consent.

Maps, weather, and location

Location data is used to provide features such as heat-risk alerts, nearby places, and lost-pet notifications. You can disable precise location in device settings; core features may still function with approximate location.

LLM/assistant services

If we use LLMs to support symptom guidance or chat features, prompts and responses may be processed by vetted vendors under processor terms and strict safeguards. We do not allow vendors to train on your identifiable content.

Wearables & device data

When you pair a wearable, we process device identifiers and pet biometrics to display readings, alerts, and reports. You can unpair at any time.

15) Community & moderation (if social features are enabled)

We aim to maintain a kid-friendly environment. We use a combination of automated checks and human review to moderate content, reactions, and profiles. You can report content in-app; we may remove posts that violate community guidelines. We reserve the right to suspend accounts that repeatedly violate policy.

16) How to exercise your rights or contact us

  • Email: hello@fitfur.com
  • Postal: IFZA Business Park, Dubai Silicone Oasis, Dubai, United Arab Emirates
  • In-app: Settings → Privacy/Help → "Request my data," "Delete my account," "Manage consents."

We will verify your identity before fulfilling requests. If we cannot honor a request, we will explain why and how to appeal (if applicable).

17) Changes to this Policy

We may update this Policy from time to time. The "Last updated" date shows when changes were made. Material changes will be communicated on this page and, where required, via notice in the app or by email.

Questions about this policy?

hello@fitfur.com
IFZA Business Park, Dubai, UAE