Developer: V&D-Apps
This document supplements the Privacy Policy and explains how PetCare+ Pro complies with Regulation (EU) 2016/679 (GDPR) and your rights as a data subject. It applies where GDPR applies (e.g. if you are in the EU or EEA).
1. Data controller
- Name: V&D-Apps
- Contact email (data protection): purcariu.vlad05@gmail.com
For Article 4(7) GDPR, the above is the data controller. Contact us for access, rectification, erasure, restriction, portability, objection, or to lodge a complaint.
2. Legal basis for processing (Article 6 GDPR)
| Purpose | Data | Legal basis |
|---|---|---|
| Account creation, authentication | Email, password*, name | Performance of contract (Art. 6(1)(b)) |
| User profile | UID, displayName, email, photoURL | Performance of contract |
| Premium subscription | premiumUntil, product IDs | Performance of contract |
| Rewards, XP, avatars | achievements, xp, level, streak, etc. | Performance of contract |
| Referral program | referralCode, referredBy, referralCount | Legitimate interest (Art. 6(1)(f)) |
| Advertising (AdMob) | Device/technical data | Consent or legitimate interest |
| Push notifications | Device token | Contract and/or consent |
| Location (if used) | Coordinates | Consent (Art. 6(1)(a)) |
| Security, legal compliance | Logs, IP (if collected) | Legitimate interest / legal obligation |
* Passwords are not processed by us in readable form; they are processed by Firebase Authentication (Google) as our processor.
3. Processors
We use: Google LLC / Google Ireland – Firebase (Authentication, Firestore, Storage, Cloud Messaging), AdMob, Google Play. They process data only on our instructions and are bound by contract to protect your data and comply with applicable law (including GDPR).
4. International transfers (outside the EEA)
Some processors may store data outside the EEA (e.g. USA). We ensure adequacy decisions or appropriate safeguards (e.g. Standard Contractual Clauses). You may request details at purcariu.vlad05@gmail.com.
5. Retention periods
- Active account: we retain profile and usage data while the account is active.
- After account deletion: we delete or anonymise within 30 days, except where we must retain data for legal reasons.
- Security/abuse logs: only as long as necessary (e.g. 12–24 months).
- Passwords: we do not store them.
6. Your rights (Articles 15–22 GDPR)
You have the right to: (1) Access (Art. 15); (2) Rectification (Art. 16); (3) Erasure – "right to be forgotten" (Art. 17); (4) Restriction of processing (Art. 18); (5) Data portability (Art. 20); (6) Object (Art. 21); (7) Not be subject to automated decision-making (Art. 22). We do not take automated decisions with significant effect.
How to exercise: Send a request to purcariu.vlad05@gmail.com. We respond within 30 days (or inform you if we need more time). We may verify your identity.
Right to lodge a complaint: You may complain to a supervisory authority in your EU/EEA country (e.g. Romania: ANSPDCP – www.dataprotection.ro; others: edpb.europa.eu).
7. Security (Article 32 GDPR)
We implement appropriate measures: encryption in transit (HTTPS/TLS); secure authentication (Firebase Auth, no plain-text passwords); Firestore security rules (user access only to own data); limited access for authorised persons.
8. Email and password collection – summary
Email: Collected at registration; stored in Firestore; used for account, sync, service communications. Not used for third-party marketing without consent.
Passwords: Sent only to Firebase Authentication; hashed and stored by Firebase. We never receive, store, or have access to your password in readable form.
9. Storage
Cloud (Firestore / Firebase Storage): Profile, premium status, rewards, referral data; access restricted by security rules. Device (local): Cache, preferences; we do not use this to send your data to third parties for advertising. AdMob: May use device storage/identifiers per Google’s policies; we do not pass your email or account ID to AdMob.
10. Contact for data protection
Email: purcariu.vlad05@gmail.com · Developer: V&D-Apps (Vlad Purcariu). We process requests in line with applicable law (including the 30-day response time under GDPR).