Privacy Policy
Last updated: May 23, 2026
1. Introduction
Smash Tech Group ("Company", "we", "us", "our"), registered in Athens, Greece, operates the Tails Up platform, including the website at https://tailsup.gr and the Tails Up mobile application (iOS and Android) (collectively, the "Service").
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Service. It also describes your rights under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Greek data protection laws, including Law 4624/2019.
We are committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently. Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller of the personal data processed through the Service is:
Smash Tech Group Athens, Greece
If you have any questions or concerns about how we process your personal data, please contact us at privacy@tailsup.gr.
3. Personal Data We Collect
We collect and process the following categories of information relating to users and their pets:
3.1. Data You Provide Directly
| Category | Data Elements | Purpose |
|---|---|---|
| Account Information | Email address, password (encrypted), display name | Account creation and authentication |
| Profile Information | Phone number, location (city/address), bio, website URL, avatar/profile photo, timezone, preferred language, emergency contact details (where you choose to provide them) | Profile personalisation and communication |
| Pet Information | Pet name, species, breed, date of birth, gender, colour/markings, medical notes, microchip number | Pet profile management |
| Pet Media | Pet photos, medical documents (vaccination certificates, insurance, registration, pedigree, licences) | Pet record-keeping |
| Pet Care Information | Veterinary appointment records, vaccination history, medication schedules, treatment notes, feeding plans, weight tracking | Pet health management and event scheduling |
| Business Information | Business name, description, email, phone, full address (street, city, postal code, country), geographic coordinates, business hours, business type, service tags, logo/images | Business profile and discovery |
| Review Content | Ratings, written reviews of businesses | Community trust and business evaluation |
| Payment Information | Subscription tier, billing period (monthly/yearly) | Subscription management |
| Communication | Support requests, feedback messages | Customer support |
3.2. Data Collected Automatically
| Category | Data Elements | Purpose |
|---|---|---|
| Usage Data | Pages/screens visited, features used, actions taken, timestamps, session duration | Service improvement and analytics |
| Device Information | Device type, operating system, app version, device identifier, screen resolution | Technical support and compatibility |
| Log Data | IP address, browser type, user agent, request timestamps, request identifiers | Security monitoring, system administration, debugging, and fraud prevention |
| Location Data | GPS coordinates (mobile, where you have granted permission), approximate location derived from IP address | Nearby business discovery and map features |
| Analytics Events | Feature usage events, subscription events, navigation patterns | Product analytics and improvement |
3.3. Data from Third Parties
We may receive personal data from third-party service providers and platforms that you use to access or purchase our Services, as described below:
| Source | Data Elements | Purpose |
|---|---|---|
| Google OAuth | Email address, display name, Google account identifier | Account creation via Google Sign-In |
| Apple Sign-In | Email address (may be relayed), Apple account identifier | Account creation via Apple Sign-In |
| Stripe | Payment status, subscription status, invoice data (we do not receive or store full card numbers) | Payment processing and subscription management |
| RevenueCat (mobile) | Subscription status, entitlements, purchase history | Mobile subscription management |
| Apple App Store / Google Play Store | Transaction receipts, subscription status | In-app purchase verification |
Important clarification: We do not receive or store full payment card details (such as card numbers or CVC codes). All payment processing is handled directly by the relevant payment service providers.
3.4. Special Categories of Data
We may process information relating to pet health and care (veterinary records, vaccination history, medical notes). While information relating to animal health is not classified as a special category of personal data under the GDPR (which applies to natural persons), we treat such information with appropriate safeguards due to its sensitive nature.
We do not intentionally collect special categories of personal data as defined under Article 9 of the GDPR (including data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data for identification, health data of natural persons, or data concerning sex life or sexual orientation).
Biometric authentication features such as Face ID, Touch ID, fingerprint are processed entirely on your device by the operating system. We never collect, receive, or store biometric data.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Performance of Contract (Art. 6(1)(b)) | Account creation and management, providing the Service features, processing subscriptions and payments, pet profile management, pet sharing, event scheduling, business listings |
| Consent (Art. 6(1)(a)) | Push notifications, marketing communications, analytics tracking (PostHog, Firebase Analytics), location data collection (GPS), cookies (non-essential) |
| Legitimate Interests (Art. 6(1)(f)) | Service improvement and analytics, fraud prevention and security monitoring, error tracking and debugging (Sentry), enforcing our Terms and Conditions, protecting our legal rights |
| Legal Obligation (Art. 6(1)(c)) | Tax and accounting records for financial transactions, responding to lawful requests from public authorities, data retention requirements under applicable law |
Where we rely on consent, you may withdraw your consent at any time (see Section 9). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms.
5. How We Use Your Data
We use your personal data for the following purposes:
5.1. Service Delivery
- Creating and managing your account.
- Providing pet profile management, event scheduling, and reminder features.
- Enabling pet sharing between users with role-based permissions.
- Displaying business listings and enabling reviews.
- Processing payments and managing subscriptions.
- Providing training programs and content.
- Delivering push notifications, email notifications, and in-app notifications.
5.2. Communication
- Sending transactional emails (account verification, password resets, payment receipts).
- Sending event reminders and pet care notifications.
- Responding to support requests and feedback.
- Sending marketing communications (with your consent).
5.3. Service Improvement
- Analysing usage patterns and feature adoption.
- Identifying and fixing technical issues.
- Developing new features and improving existing ones.
- Conducting A/B testing for product improvements.
5.4. Safety and Security
- Detecting and preventing fraud, abuse, and security threats.
- Monitoring for unauthorised access and suspicious activity.
- Enforcing our Terms and Conditions.
- Maintaining audit logs for accountability and compliance.
- Rate limiting to protect service integrity.
5.5. Legal and Regulatory
- Complying with applicable laws, regulations, and legal processes.
- Establishing, exercising, or defending legal claims.
- Maintaining records required by tax and financial regulations.
6. Data Sharing and Disclosure
We do not sell your personal data. We share your data only in the following circumstances:
6.1. Third-Party Service Providers (Data Processors)
We use third-party service providers to support the operation of the Service, including hosting, authentication, payments, analytics, communications, file storage, and AI-based functionality. These providers process personal data on our behalf under appropriate data processing agreements.
Where required, personal data may be processed by providers located outside the European Economic Area, subject to appropriate safeguards in accordance with applicable data protection laws.
A list of key subprocessors may be made available upon request and may be updated from time to time as the Service evolves.
6.2. Other Users
When you use pet sharing features, the users you share with will have access to your pet's data. Your display name and avatar may be visible to users you interact with (e.g., when leaving reviews or sharing pets).
6.3. Business Information
If you register as a business owner, your business profile information (name, address, contact details, hours, services) will be publicly visible to other users of the Service.
6.4. Legal Requirements
We may disclose your personal data if required to do so by law, or if we believe in good faith that such action is necessary to:
- Comply with a legal obligation or valid legal process.
- Protect and defend our rights or property.
- Prevent fraud or protect the safety of our users or the public.
- Respond to requests from competent public authorities.
6.5. Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have regarding your data.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly the United States, where some of our third-party service providers are located.
When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision (EU) 2021/914).
- Adequacy decisions by the European Commission, where applicable.
- EU-US Data Privacy Framework certification of the receiving entity, where applicable.
For uploaded file content (including pet documents, photos, and similar files), our R2 storage bucket with Cloudflare, Inc. is configured with an EEA location hint, so that file content is normally stored in European data centres. Cloudflare is a US-established processor; transfers are governed by the Standard Contractual Clauses incorporated into our data processing agreement with Cloudflare.
You may request a copy of the safeguards in place by contacting us at privacy@tailsup.gr.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.
After the retention period, data is permanently deleted or anonymised so that it can no longer be associated with you.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
9.1. Right of Access (Art. 15)
You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
9.2. Right to Rectification (Art. 16)
You have the right to request correction of inaccurate personal data or completion of incomplete data. You can update most of your data directly through your account settings.
9.3. Right to Erasure ("Right to Be Forgotten") (Art. 17)
You have the right to request deletion of your personal data. You can delete your account through the Service, which will trigger deletion of your data in accordance with our retention schedule. Note that we may retain certain data where we have a legal obligation or legitimate interest to do so.
9.4. Right to Restriction of Processing (Art. 18)
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
9.5. Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or contract and is carried out by automated means.
9.6. Right to Object (Art. 21)
You have the right to object to processing of your personal data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your rights. You have an absolute right to object to processing for direct marketing purposes.
9.7. Right to Withdraw Consent (Art. 7(3))
Where processing is based on your consent, you may withdraw consent at any time.
9.8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority in Greece is:
Hellenic Data Protection Authority (HDPA) Kifissias 1-3, 115 23, Athens, Greece Website: www.dpa.gr Email: contact@dpa.gr Phone: +30 210 6475600
You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence or place of work.
9.9. Exercising Your Rights
To exercise any of these rights, please contact us at privacy@tailsup.gr. We will respond to your request within 30 days, as required by the GDPR. If your request is complex, we may extend this period by a further 60 days, in which case we will inform you of the extension and the reasons for it.
We may need to verify your identity before processing your request. We will not charge a fee for exercising your rights, except in cases of manifestly unfounded or excessive requests, where we may charge a reasonable fee or refuse to act on the request.
10. Data Security
10.1. Security of Processing
We implement appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk of processing personal data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of individuals.
Such measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
10.2. Inherent Risks of Data Transmission
You acknowledge that the transmission of information over the internet is not completely secure. While we implement appropriate safeguards to protect your personal data, we cannot guarantee absolute security of information transmitted to or from our Services.
Accordingly, any transmission of personal data is at your own risk to the extent permitted by applicable law.
10.3. Payment Security
We do not store your full payment card details. All payment processing is handled by Stripe (PCI-DSS Level 1 certified) on the web and by Apple and Google on mobile. Only transaction references and subscription status are stored in our systems.
11. Children's Privacy
The Service is not intended for individuals under 16 years of age (the minimum age for digital consent under GDPR Art. 8). We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without valid parental consent, we will take steps to delete that data promptly.
If you believe we have inadvertently collected data from a child under 16, please contact us at privacy@tailsup.gr.
12. Automated Decision-Making
We do not use your personal data for automated decision-making that produces legal effects or similarly significant effects on you, as described in Article 22 of the GDPR.
13. Cookies and Similar Technologies
We use cookies and similar technologies on our website. For detailed information about the cookies we use, how we use them, and how you can manage your preferences, please refer to our Cookies Policy.
On our mobile application, we use similar technologies including local storage (AsyncStorage) and secure encrypted storage (SecureStore) for essential functionality such as authentication tokens and user preferences.
14. Push Notifications
We send push notifications to your mobile device for event reminders, appointment notifications, pet sharing updates, and other Service-related communications, only when you have provided your consent. You can manage your push notification preferences through:
- In-app notification preferences: Granular control over notification categories.
- Device settings: Disable push notifications entirely through your device's operating system settings.
15. Third-Party Links and Services
The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Service.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
- Posting the updated Privacy Policy on the Service with a new "Last Updated" date.
- Sending a notification through the Service or to your registered email address.
We encourage you to review this Privacy Policy periodically.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Smash Tech Group Athens, Greece
- Privacy Inquiries: privacy@tailsup.gr
- Website: https://tailsup.gr