1. Introduction

This Privacy Policy explains how Pet Attix collects, uses, stores, shares, and protects personal data when users access the app, website, or related services. Pet Attix launched in the United Kingdom and is expanding internationally territory by territory. The platform is designed to comply with applicable data protection laws, including the UK GDPR, the Data Protection Act 2018, and, where relevant, the EU GDPR and other local privacy laws.

2. Data Controller

Pet Attix's legal entity operating the platform will usually act as the controller of personal data processed through the service, except where third-party partners such as Stripe process data as independent controllers for their own regulated purposes. The published version of this policy should identify the legal name of the operating entity, registered address, support contact email, and, where required, any appointed data protection representative or Data Protection Officer.

3. Personal Data We Collect

Pet Attix may collect: identity data such as name, username, date of birth confirmation, and profile photo; contact data such as email address, phone number, and postal address; transaction data such as purchases, sales, refunds, fees, payouts, shipping details, and order history; payment and payout-related data processed with Stripe or Stripe Connect; verification data such as KYC documentation and sanctions screening results where required; communications data including support requests and in-app messages; user content such as listings, photos, descriptions, reviews, and saved preferences; technical data such as IP address, device identifiers, browser type, crash logs, app version, and cookies; and risk or trust signals generated through security and fraud monitoring.

4. How We Use Personal Data

We use personal data to provide and improve the platform, create and maintain user accounts, process transactions, enable shipping and payouts, apply buyer protection, verify identity, detect and prevent fraud, communicate about orders and disputes, personalise content, maintain community trust, comply with legal obligations, respond to regulators or law enforcement, and defend legal claims. Where permitted, we may also use data for analytics, service improvement, and direct marketing, subject to user choices and applicable law.

5. Lawful Bases for Processing

Where UK GDPR or EU GDPR applies, Pet Attix relies on one or more lawful bases, including performance of a contract, compliance with legal obligations, legitimate interests in operating a secure marketplace, and consent where consent is required. Legitimate interests may include fraud prevention, platform moderation, customer support, service analytics, product improvement, debt recovery, and protecting users, pets, and the business from harm

6. Payments, Stripe, and Identity Checks

Payments are processed through Stripe. Seller onboarding and payouts may be handled through Stripe Connect. Stripe may collect and process payment card information, billing details, device and fraud signals, bank account data, and identity verification information in accordance with Stripe's own privacy notices and regulatory obligations. Pet Attix may receive status information, limited account details, payout information, and risk outcomes from Stripe but does not generally store full payment card numbers. Where identity checks are required for payout access, antimoney laundering compliance, fraud prevention, sanctions screening, or tax compliance, Pet Attix and its providers may request or validate identity documents and related information.

7. Sharing Personal Data

Pet Attix may share personal data with payment providers, shipping and logistics providers, cloud hosting and infrastructure providers, communications tools, analytics providers, fraud prevention partners, legal or professional advisers, insurers, debt recovery providers, law enforcement, regulators, and counterparties to a transaction where necessary to complete an order or resolve a dispute. We may also share limited profile and transaction information with other users to support marketplace functions, such as listing visibility, review systems, transaction messaging, or order fulfilment.

8. International Transfers

Because Pet Attix intends to expand internationally, personal data may be transferred outside the UK or the user's home jurisdiction. Where required, Pet Attix will use appropriate safeguards, which may include adequacy regulations, standard contractual clauses, international data transfer agreements, or other lawful mechanisms. Users understand that service performance, fraud prevention, customer support, or payment processing may require data to be processed in multiple countries.

9. Data Retention

Pet Attix retains personal data for as long as reasonably necessary for the purposes described in this policy, including providing services, managing disputes, complying with tax and accounting obligations, responding to legal requests, preventing fraud, enforcing platform rules, and defending legal claims. Retention periods may differ by data type. Transaction records, payout records, and dispute evidence may need to be kept for several years. When data is no longer required, it will be deleted, anonymised, or securely archived in accordance with legal obligations and internal retention schedules.

10. Security Measures

Pet Attix uses measures such as encryption in transit, role-based access controls, audit logging, vendor due diligence, data minimisation, backup processes, incident management, and monitoring designed to protect personal data. However, no platform can guarantee absolute security. Users should use strong passwords, enable available security features, and report suspected breaches without delay.

11. User Rights

Depending on location, users may have rights to access, correct, erase, restrict, object to, or port their personal data, and to withdraw consent where processing relies on consent. Users may also have the right to complain to the UK Information Commissioner's Office or another competent supervisory authority. Pet Attix may request verification before acting on rights requests and may retain limited data where necessary to comply with law, protect the platform, or prevent fraud.

12. Marketing and Notifications

Pet Attix may send transactional messages necessary to operate the service, including account alerts, order updates, payout notices, buyer protection notices, fraud warnings, and policy updates. Where permitted by law, Pet Attix may also send marketing emails, push notifications, or promotional messages. Users can manage certain communications through app settings or unsubscribe links, though essential service messages cannot always be opted out of while an account remains active.

13. Children's Data

Pet Attix is intended for adults. Users must be at least 18 years old. We do not knowingly permit children to open accounts or intentionally collect personal data from children. If we become aware that a child has provided personal data in breach of this policy, we may close the account and delete the data subject to legal requirements.

14. Changes to this Policy

Pet Attix may update this Privacy Policy from time to time to reflect legal, technical, or commercial changes. Material changes may be notified through the app, website, email, or account notices. The latest version should always be published in the app settings and on the website.