Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

We collect the following categories of personal information: Account Information • Name, email address, phone number • Profile photo • Authentication credentials (via Google or Apple sign-in) Pet Data • Pet name, species, breed, age, weight • Medical history and veterinary notes • Pet profile photos Appointment & Consultation Data • Hospital and veterinary appointment bookings • Online consultation records (chat and video) • Scheduling preferences and history • Consultation notes (recorded by veterinarians) Payment Information • Payment method details (processed by Stripe; we do not store full card numbers) • Transaction history, amounts, and currencies (THB, SGD, HKD) • Refund records Location Data • Approximate location for displaying nearby hospitals (only when you grant permission) Device & Technical Information • Device type, operating system, and version • Push notification tokens • App version and crash reports Chat Messages • Messages exchanged with hospitals and veterinarians through the in-app chat

2. How We Use Your Information

We use your information to: • Provide and operate the Service — process bookings, facilitate consultations, enable chat and video calls • Payment processing — hold and capture payments, process refunds, maintain financial records • Communications — send appointment reminders, status updates, and service-related notifications • Safety and security — verify user identity, prevent fraud, enforce our Terms of Service • Improvement — analyze usage patterns to improve Service features and user experience • Legal compliance — comply with applicable laws and regulations • Customer support — respond to your inquiries and resolve issues

3. Third-Party Services

We share data with the following third-party service providers: • Stripe — payment processing (hold & capture), refunds • Firebase (Google) — push notifications, crash reporting, analytics • LiveKit — real-time video and audio calls during consultations • Resend — transactional email delivery • Supabase — database hosting, authentication, file storage • Google — user authentication (Google Sign-In) Each provider processes data in accordance with their own privacy policies.

4. Information Sharing

We share your information with: • Veterinary hospitals you book appointments with (name, contact, pet details) • Freelance veterinarians you book consultations with (name, pet details, consultation information) • Service providers who help us operate the platform • Legal authorities when required by law We do not sell your personal information to third parties. We do not share your information for advertising purposes.

5. Data Storage & Security

Your data is stored on servers located in Singapore operated by Supabase (AWS ap-southeast-1 region). Security measures include: • Encryption in transit (HTTPS/TLS) and at rest (AES-256) • Row Level Security (RLS) — database-level access controls • JWT-based authentication with secure token management • OAuth token encryption at rest using pgcrypto • Administrative access restricted with audit logging • Regular security reviews

6. Cross-Border Data Transfer

Our servers are located in Singapore. If you access the Service from Thailand, Hong Kong, or other jurisdictions, your data will be transferred to and processed in Singapore. • Thailand users — transfers comply with PDPA B.E. 2562, Section 28 • Singapore users — data remains within Singapore; processing complies with PDPA 2012 • Hong Kong users — transfers comply with PDPO (Cap. 486), Data Protection Principle 3

7. Data Retention

We retain your data for the following periods: • Active account data — retained while your account is active • Data after account deletion — permanently deleted within 30 days • Payment and transaction records — 7 years (legal and tax compliance) • Application logs — 90 days • Audit logs — 2 years • Anonymized analytics — indefinite (no personal identifiers)

8. Your Rights — Thailand (PDPA B.E. 2562)

Under the Thailand Personal Data Protection Act B.E. 2562, you have the right to: • Access your personal data • Correct inaccurate or incomplete data • Delete your personal data • Receive your data in a machine-readable format (data portability) • Restrict processing in certain circumstances • Object to processing based on legitimate interests or direct marketing • Withdraw previously given consent at any time • Lodge a complaint with the Personal Data Protection Committee (PDPC) To exercise these rights, use the in-app settings or contact us at [email protected].

9. Your Rights — Singapore (PDPA 2012)

Under the Singapore PDPA 2012, you have the right to: • Access your personal data held by us • Correct errors or omissions in your data • Withdraw consent for collection, use, or disclosure of your data • Request a copy of your data in a commonly used format We will respond within 30 days. For complaints, contact the PDPC of Singapore.

10. Your Rights — Hong Kong (PDPO)

Under the Hong Kong PDPO (Cap. 486), you have the right to: • Access your personal data • Correct inaccurate personal data • Withdraw consent for use of your data in direct marketing Data access requests may be subject to a reasonable fee. We will respond within 40 days. For complaints, contact the PCPD of Hong Kong.

11. Account Deletion

You can delete your account at any time from the Profile settings in the App. When you request account deletion: • Your profile, pet profiles, appointment history, and notifications are permanently deleted within 30 days • Your chat messages and uploaded files are removed • Payment transaction records are retained for 7 years as required by law • Anonymized analytics data may be retained indefinitely This action cannot be undone. You may also request deletion by contacting [email protected].

12. Cookies & Analytics

The Paawrent mobile app does not use cookies. We use Firebase Analytics to collect anonymous usage data including screen views, feature interactions, app performance metrics, and crash reports. This data is anonymized and used solely to improve the Service. The admin web dashboard uses essential cookies for authentication and session management only.

13. Push Notifications

We send push notifications via Firebase Cloud Messaging (FCM) for appointment reminders, consultation status updates, chat message notifications, and system announcements. You can manage notification preferences in the App settings or disable them through your device settings.

14. Children's Privacy

Thailand (PDPA B.E. 2562): We do not knowingly collect personal data from individuals under 20 years of age without parental or guardian consent. Singapore and Hong Kong: We do not knowingly collect personal data from children under 13 years of age. If you believe a child has provided us with personal data, please contact us at [email protected].

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions or concerns: Email: [email protected] Data Protection Officer Paawrent Co., Ltd. Bangkok, Thailand We will acknowledge your request within 7 business days and respond within 30 days.