Privacy Policy

1. Introduction

Welcome to NattyPet, a pet nutrition tool operated from Brazil. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform, website, and related services (collectively, the "Service").

This Policy is designed to comply with applicable privacy laws, including:

• Brazil — Lei Geral de Proteção de Dados (LGPD – Law No. 13,709/2018)
• European Union — General Data Protection Regulation (GDPR – Regulation 2016/679)
• United States — California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

By using the Service, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use NattyPet.

2. Data Controller / Operator Identity

NattyPet is operated by its individual founder, based in Brazil. For purposes of applicable law:

• Under the LGPD, NattyPet acts as the Controlador (Data Controller).
• Under the GDPR, NattyPet acts as the Data Controller for users in the European Economic Area.
• Under the CCPA/CPRA, NattyPet acts as the Business collecting personal information of California consumers.

As NattyPet grows, a formal legal entity and a designated Data Protection Officer (DPO / Encarregado) will be appointed. This Policy will be updated accordingly.

3. Information We Collect

3.1 Information You Provide Directly

• Account registration data: full name, email address, and phone number.
• Pet profile data: name, species, breed, age, weight, health conditions, and dietary information of your pets.
• User-generated content: photos and files you upload related to your pets.
• Payment information: billing details processed securely through third-party payment gateways (e.g., Stripe). NattyPet does not store full card numbers or CVV codes.

3.2 Information Collected Automatically

• Usage and behavioral data: pages visited, features used, session duration, clicks, and navigation patterns.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
• Cookies and similar tracking technologies (see Section 7 for details).

3.3 Information from Third Parties

We may receive limited information from analytics and marketing platforms when you interact with NattyPet through third-party channels, such as social media referrals.

4. How We Use Your Information

We process your personal data for the following purposes and legal bases:

5. Sharing Your Information

NattyPet does not sell your personal information. We may share your data with:

5.1 Payment Processors

We integrate with third-party payment gateways (such as Stripe, Inc.) to process transactions. These providers are bound by their own privacy policies and comply with PCI-DSS standards.

5.2 Analytics and Marketing Providers

We use analytics tools (e.g., Google Analytics) and marketing platforms to understand Service usage and reach new users. These providers may receive anonymized or pseudonymized usage data. We ensure Data Processing Agreements (DPAs) are in place where required.

5.3 Infrastructure Providers

We use cloud infrastructure providers to host and operate our Service. These providers act as data processors on our behalf and are contractually obligated to protect your data.

5.4 Legal Requirements

We may disclose your information when required by law, regulation, court order, or government authority, or to protect the rights, property, or safety of NattyPet, its users, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and the choices available to you.

6. International Data Transfers

NattyPet is based in Brazil. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and other countries where our service providers operate.

Where data is transferred from the European Economic Area (EEA) or the United Kingdom to countries that do not provide an equivalent level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

For transfers out of Brazil, we comply with the requirements of the LGPD concerning international data transfers (Art. 33), including transfers to countries with adequate protection or based on appropriate contractual guarantees.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (web beacons, pixel tags) to operate and improve our Service. Cookies may be:

• Essential / Strictly Necessary: Required for the Service to function (e.g., authentication, session management). These cannot be disabled.
• Analytics / Performance: Help us understand how users interact with the Service (e.g., Google Analytics).
• Marketing / Targeting: Used to deliver relevant advertising and measure campaign effectiveness.

You can control or disable non-essential cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of the Service.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, including for legal, accounting, or reporting requirements.

• Active accounts: Data is retained for the duration of your account.
• Account deletion: When you delete your account, we delete your personal data immediately. You may request account deletion at any time by contacting us at [email protected].
• Legal obligations: Certain data may be retained for longer periods where required by law (e.g., financial records, tax obligations).

Anonymized or aggregated data (which cannot identify you) may be retained indefinitely for analytical purposes.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 Rights Under LGPD (Brazil)

• Confirmation of the existence of processing
• Access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion of unnecessary or excessive data
• Portability of data to another service provider
• Deletion of data processed with your consent
• Information about third parties with whom data has been shared
• Right to refuse consent and information about the consequences
• Revocation of consent at any time

9.2 Rights Under GDPR (European Economic Area)

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / "right to be forgotten" (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Rights related to automated decision-making and profiling (Art. 22)
• Right to lodge a complaint with a supervisory authority

EEA users may lodge a complaint with their local Data Protection Authority (DPA). A list of EU DPAs is available at: edpb.europa.eu

9.3 Rights Under CCPA/CPRA (California, USA)

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt out of the sale or sharing of personal information
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

California consumers may submit requests via email to [email protected]. We will respond within 45 days as required by law. NattyPet does not sell personal information as defined under the CCPA.

9.4 How to Exercise Your Rights

To exercise any of the rights above, contact us at [email protected]. We will respond within the timeframes required by applicable law:

We may need to verify your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments
• Use of reputable cloud infrastructure providers

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant authorities and affected users as required by applicable law.

11. Children's Privacy

NattyPet is not directed to children under the age of 13 (or 16 in the EEA, or as otherwise defined by applicable law). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will take steps to delete such information promptly.

12. Third-Party Links and Services

Our Service may contain links to third-party websites, integrations, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy
• Notify you via email or a prominent notice within the Service

Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving your concerns in a timely and transparent manner.