1. Introduction
This Privacy Policy explains how LetzPaws Ltd (“LetzPaws”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you use the LetzPaws platform at letzpaws.com and related services (the “Platform”).
We are committed to protecting your privacy and processing personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) as incorporated into UK law by the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (“PECR”).
This policy should be read together with our Cookie Policy, Terms of Service, and Provider Terms (where applicable).
2. Who is the data controller?
The data controller responsible for your personal data is:
- Legal entity: LetzPaws Ltd
- Registered address: United Kingdom
- General enquiries: support@letzpaws.com
- Data protection contact: privacy@letzpaws.com
Providers who receive your personal data to deliver booked services act as separate data controllers in respect of that data for their own business purposes. Their use of your data is governed by their own privacy practices and legal obligations.
3. Scope of this policy
This policy applies to personal data we process about:
- customers (pet owners) who register for or use the Platform;
- visitors who browse the Platform without registering;
- providers who offer services through the Platform; and
- individuals who communicate with us by email or other channels.
It does not apply to third-party websites or services linked from the Platform, which are governed by their own privacy policies.
4. Personal data we collect
Depending on how you use the Platform, we may collect the following categories of personal data:
4.1 Identity and contact data
- name, email address, telephone number, and postal address;
- account credentials (encrypted passwords); and
- profile photograph, where you choose to upload one.
4.2 Booking and pet data
- pet names, species, breed, age, medical or behavioural information you provide;
- booking dates, times, service selections, and special instructions;
- messages exchanged with providers through the Platform; and
- reviews, ratings, and feedback you submit.
4.3 Payment and transaction data
- billing address and transaction history;
- payment method details processed by Stripe (we do not store full card numbers); and
- refund, chargeback, and dispute records.
4.4 Provider-specific data
If you register as a provider, we may additionally collect:
- business name, service descriptions, pricing, and availability;
- identity verification documents and proof of address;
- insurance certificates and professional qualifications;
- Stripe Connect account identifiers and payout status; and
- background screening results where applicable and permitted by law.
4.5 Technical and usage data
- IP address, browser type, device identifiers, and operating system;
- log files, session data, and security event records;
- pages viewed, features used, and referral sources; and
- cookie and similar technology data (see our Cookie Policy).
4.6 Communications
- correspondence with our support team;
- complaint and dispute records; and
- marketing preferences and consent records.
5. How we collect personal data
We collect personal data:
- directly from you when you register, create profiles, make bookings, send messages, or contact us;
- automatically when you use the Platform through cookies, logs, and similar technologies;
- from payment processors such as Stripe in connection with transactions; and
- from providers or customers where information is shared through bookings or messaging on the Platform.
6. Lawful bases for processing
Under UK GDPR, we must have a lawful basis for processing personal data. We rely on the following bases:
6.1 Contract (Article 6(1)(b))
Processing necessary to perform our contract with you or to take steps at your request before entering into a contract, including:
- creating and managing your account;
- facilitating bookings, messaging, and payments;
- providing customer support; and
- onboarding providers and processing payouts via Stripe Connect.
6.2 Legitimate interests (Article 6(1)(f))
Processing necessary for our legitimate interests, balanced against your rights, including:
- platform security, fraud prevention, and abuse detection;
- service improvement, analytics, and troubleshooting;
- enforcing our terms and protecting legal rights; and
- internal administration and business planning.
6.3 Legal obligation (Article 6(1)(c))
Processing necessary to comply with legal obligations, including tax, accounting, anti-money laundering, and regulatory record-keeping requirements.
6.4 Consent (Article 6(1)(a))
Where required, we rely on your consent for:
- non-essential cookies and similar technologies;
- direct marketing communications where consent is the appropriate lawful basis; and
- any other processing for which we have specifically requested and you have given consent.
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
6.5 Special category and criminal data
We do not ordinarily seek to collect special category data (such as health data) about you. Pet health information you provide is processed to facilitate safe care of your animal and is handled with appropriate care. Provider verification may involve processing identity documents; where criminal offence data arises in verification contexts, we rely on substantial public interest or other applicable conditions under UK law.
7. How we use personal data
We use personal data to:
- operate, maintain, and improve the Platform;
- match customers with providers and display relevant listings;
- process payments, refunds, and provider payouts;
- verify provider identity and eligibility where applicable;
- use automated tools, including AI services provided by OpenAI, to assist with document review, content moderation, or service descriptions, subject to applicable safeguards;
- communicate with you about bookings, account matters, and policy updates;
- respond to enquiries, complaints, and disputes;
- comply with legal obligations and cooperate with regulators or law enforcement; and
- send marketing communications where permitted by law and your preferences.
8. Who we share personal data with
We may share personal data with the following categories of recipients:
8.1 Providers
When you make a booking, we share relevant information with the provider (such as your name, contact details, pet information, and booking instructions) so they can deliver the service.
8.2 Service providers (processors)
We use trusted third-party processors who process personal data on our instructions, including:
- Stripe — payment processing and Stripe Connect onboarding for providers;
- hosting and infrastructure providers — secure storage and delivery of the Platform;
- OpenAI — AI-assisted features such as document review or content generation, where enabled;
- email and communication tools — transactional and support communications; and
- identity verification and analytics providers — where used for security, compliance, or service improvement.
We require processors to implement appropriate technical and organisational measures and to process data only on documented instructions.
8.3 Legal and regulatory disclosures
We may disclose personal data where required by law, court order, or regulatory request, or where necessary to protect rights, safety, and property.
8.4 Business transfers
If we undergo a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity subject to equivalent protections.
9. International transfers
Some of our processors (including Stripe and OpenAI) may process personal data outside the United Kingdom, including in the United States and other jurisdictions. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:
- UK International Data Transfer Agreements or Addendum to EU Standard Contractual Clauses;
- adequacy regulations recognised by the UK Government; or
- other lawful transfer mechanisms under UK GDPR.
You may request further information about international transfers by contacting privacy@letzpaws.com.
10. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, including:
- Account data: for the duration of your account and a reasonable period thereafter;
- Booking and transaction records: typically up to seven (7) years for tax, accounting, and legal purposes;
- Provider verification documents: for as long as needed to meet compliance obligations and manage risk;
- Support and complaint records: for as long as needed to resolve matters and defend legal claims;
- Marketing data: until you withdraw consent or object, or for a defined period of inactivity; and
- Technical logs: for a limited period appropriate to security and troubleshooting needs.
When data is no longer required, we delete or anonymise it in a secure manner.
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, secure hosting, and staff training. No method of transmission or storage is completely secure; you use the Platform at your own risk and should keep your credentials confidential.
12. Your rights under UK GDPR
Subject to applicable law, you have the following rights:
- Right of access — to obtain a copy of your personal data and information about how we process it;
- Right to rectification — to correct inaccurate or incomplete data;
- Right to erasure — to request deletion in certain circumstances;
- Right to restriction — to limit processing in certain circumstances;
- Right to data portability — to receive data you provided in a structured, machine-readable format where applicable;
- Right to object — to object to processing based on legitimate interests or for direct marketing;
- Rights related to automated decision-making — including profiling that produces legal or similarly significant effects, where applicable; and
- Right to withdraw consent — where processing is based on consent.
To exercise your rights, email privacy@letzpaws.com. We may need to verify your identity before responding. We aim to respond within one month, which may be extended by a further two months for complex requests.
13. Complaints to the ICO
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:
- Website: ico.org.uk
- Telephone: 0303 123 1113
14. Children
The Platform is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it promptly.
15. Automated processing
We may use automated systems, including AI tools, to assist with tasks such as document verification, fraud detection, content moderation, or generating service descriptions. Significant decisions about your account or bookings are subject to human review where required by law. You may contact us for further information about automated processing that affects you.
16. Changes to this policy
We may update this Privacy Policy from time to time. The current version is shown by the “Last updated” date and version number at the top of this page. Where changes are material, we will provide appropriate notice. Please review this policy periodically.
17. Contact us
For privacy-related questions or to exercise your rights, contact:
Data Protection Officer
LetzPaws Ltd
United Kingdom
Email: privacy@letzpaws.com