Privacy Policy

Last updated: May 14, 2026

Heads up: This Privacy Policy is a working draft for our pre-launch period. We will update it with a more thorough version, reviewed by counsel, before opening Philos Pets to the public.

Philos Pets ("we," "us," "our," or the "Service") is a pet-first matchmaking and socialization app. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have about it. By using the Service, you agree to the practices described here.

1. Information we collect

1.1 Account information

When you create an account, we collect your email address and a password (hashed; we never store passwords in readable form). If you sign in with Apple, we receive an Apple-issued identifier and, on first sign-in, the name you choose to share; Apple may also provide a private relay email instead of your real one, which we use as your account identifier.

1.2 Owner profile

You may add a display name, city, biography, interests, and an avatar photo. Display name, avatar, city, bio, and interests are visible to other Philos Pets users who match with one of your pets.

1.3 Pet profiles

For each pet you add, we collect the name, species, breed, date of birth, temperament tags, likes, dislikes, vaccination status, photos, and (optionally) vaccination certificate documents. Photos and vaccination certificates you upload are stored as files in our cloud storage.

1.4 Location

To show you pets near you, we associate a single coordinate point with each of your pets, derived from the city you enter or from your device's GPS when you tap the auto-detect option. We do not collect continuous location tracking. Other users never see your raw coordinates. They only see the approximate distance ("X km away") computed on our servers.

1.5 Activity in the app

We record the swipes you make (like / pass), the matches that result, the conversations you participate in, and the messages and attachments you send within those conversations. Messages and attachments are visible only to members of the conversation.

1.6 Notifications

With your permission, we collect a device-specific push notification token so we can notify you about new matches and messages. You can revoke notification permission in your device's system settings at any time.

1.7 Technical data

Our backend may log the IP address, device type, and timestamps of requests for security and abuse-prevention purposes. We do not currently use third-party analytics or advertising trackers.

2. How we use your information

We use the information described above to:

Operate the core service: create your account, show you nearby pets, record matches, deliver your messages.
Send you notifications about activity that matters to you (new matches, new messages).
Communicate with you about your account or important service updates.
Detect and prevent abuse, fraud, and policy violations.
Comply with legal obligations.

We do not use your information to serve advertisements, and we do not sell it to third parties for marketing purposes.

3. Who we share information with

We share information only with service providers we use to operate Philos Pets, and only to the minimum extent each one needs:

Supabase (Singapore region): hosts our database, authentication, file storage, and realtime infrastructure.
Expo / Expo Push Service: delivers push notifications to your device. Push payloads include a brief title and body (e.g., "Sara: hey, want to meet up?"). You can disable notifications system-wide on your device.
Apple and Google: if you sign in with Apple (or, in future, Google), the respective provider receives a sign-in request and returns an identity token we exchange for a Philos Pets session.
Photon (Komoot): when you type in the city field, we send the partial text you type to Photon's autocomplete API to receive suggested cities. We do not send any account-identifying information along with the query.
Cloudflare: our domain registrar and email-forwarding provider. Email sent to addresses ending in @philos.pet is routed through Cloudflare Email Routing.

We may also share information when required by law, when responding to a valid legal request, or when necessary to protect the safety of our users or the public.

4. International data transfers

Our database is hosted in Singapore. By using Philos Pets, you consent to your data being processed in Singapore and other jurisdictions where our service providers operate. We rely on the standard contractual protections offered by our providers.

5. Your rights and choices

You have control over your data within the app:

Access and edit: View and edit your owner profile and pet profiles at any time from the Profile tab.
Notifications: Turn off push notifications in your device settings.
Delete your account: Tap Profile → Account & app → Delete account in the app. This permanently removes your account, owner profile, pets, photos, vaccination certificates, swipes, matches, push tokens, and conversation memberships. Messages you sent will remain visible to the other party in conversations they're still part of, but your name and avatar will be replaced with "Deleted user."
Request a copy of your data: Email [email protected] and we'll provide a copy in a portable format within a reasonable timeframe.
Object or restrict: If you have additional rights under the Philippine Data Privacy Act, GDPR, or comparable law, contact us and we will honor lawful requests.

6. Children

Philos Pets is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we discover that an account belongs to someone under 18, we will terminate the account and delete the associated data.

7. Data retention

We retain your account data for as long as your account is active. When you delete your account in the app, we remove the data described in Section 5 immediately. Operational logs (e.g., security audit trails) may be retained for a limited period for legal and abuse-prevention purposes. Backup snapshots taken before your deletion may persist on provider infrastructure for a short window before they expire on the normal backup schedule.

8. Security

We use industry-standard practices: data in transit is protected with TLS, stored data is encrypted at rest by our infrastructure provider, and access is gated by row-level security so users can only read data they're authorized to see. No system is perfectly secure; we encourage you to use a strong, unique password and to keep your device secure.

9. Changes to this policy

We may update this Privacy Policy as the Service evolves. When we make material changes, we'll notify you in the app or by email. Continued use of the Service after a change indicates acceptance of the updated policy.

10. Contact us

Questions, requests, or concerns about this Privacy Policy can be sent to [email protected]. We typically respond within a few business days.