Pawgloo
Pawgloo Help
Official Policy

Privacy Policy

Learn how Pawgloo collects, processes, and protects your personal data in compliance with the DPDP Act 2023, including sensitive data handling and data retention practices.

Effective FromMay 04, 2026
StatusActive & Enforced

On this page

Effective Date: 2026-05-04
Applies To: Users of the Pawgloo Consumer Application ("Consumers") and the Pawgloo-Partners Service Application ("Partners").

The Bottom Line Up Front (BLUF): At Pawgloo, we take your privacy seriously. We are compliant with the Digital Personal Data Protection (DPDP) Act, 2023. This policy explains what data we collect (profile, pet info, location), how we store it securely using AWS, and your rights to access or delete your data, including details on sensitive data handling and retention.

1. Introduction and DPDP Act Compliance

Pawgloo Technologies ("Company," "we," "us," or "our") acts as a Data Fiduciary under the Digital Personal Data Protection (DPDP) Act, 2023. This policy comprehensively outlines the methodology by which we collect, store, process, and securely transfer your personal data across our cloud infrastructure. By utilizing our applications, you provide explicit, informed consent for the processing of your data as defined within this policy.

2. Data Segmentation and Flow Architecture

We operate a strictly segmented data architecture to ensure data minimization and purpose limitation. Data is routed and isolated based on the registered user type:

A. For Pet Parents (Consumer App Users)

  • Profile Data: Upon registration via OTP, your Name, Email, and Phone Number are securely stored in the users collection within our primary database (meetnmate).
  • Pet Data: Information regarding your pet (breed, age, vaccination status, temperament) is stored to power the matchmaking algorithm and provide essential context to Partners during bookings.
  • Media & Object Storage: Photographs and media files are transmitted directly to secure cloud object storage (AWS S3). We do not store raw media files or base64 payloads within our operational databases to ensure optimal performance and security.
  • Geospatial Data: To connect you with geographically proximate services, we process your device's location. This data is utilized dynamically by our matchmaking queries and is expressly not archived to track historical movements.

B. For Service Providers (Pawgloo-Partners)

  • Professional Profiles: Specialty, biography, and scheduling data are isolated in a dedicated database (partners, under vetProfile or groomerProfile).
  • Verification Documents (KYC): Sensitive identity documents (e.g., Aadhaar, PAN, Veterinary Licenses) are uploaded directly to an encrypted, private AWS S3 bucket. Access is restricted via strict Identity and Access Management (IAM) policies to authorized compliance personnel only.
  • Service Telemetry: We record transactional metadata, including slot_bookings (appointment timestamps) and call_sessions (duration of audio/video calls), to ensure auditable, accurate payout calculations.

3. Third-Party Data Processors (Sub-Processors)

To operate the platform efficiently, we securely transmit limited data subsets to the following enterprise-grade infrastructure partners:

  • Amazon Web Services (AWS): Our primary backend infrastructure—including databases, object storage, and compute instances—is hosted exclusively within the ap-south-1 (Mumbai) region, ensuring strict adherence to Indian data localization mandates.
  • GetStream: For in-app chat and video consultations, we securely pass a generated, temporary user token to GetStream. We expressly do not record, store, or archive the raw video streams of your consultations on our servers.
  • Novu: For transactional communications (e.g., booking confirmations, OTPs), your contact details and device tokens are transmitted securely to Novu's notification infrastructure.
  • Cashfree Payments: All financial transactions are processed via Cashfree. We do not store your bank account numbers, UPI PINs, or credit card details on our primary databases.

4. Temporary Caching and System State Management

To maintain application performance and prevent concurrent booking conflicts, we employ an in-memory caching layer (Valkey/Redis).

  • Idempotency & Concurrency Locks: When a booking is initiated, a temporary digital lock (temp_slot_lock) is generated in the cache. This lock contains minimal identifier data and is engineered with a strict Time-To-Live (TTL) to automatically self-destruct after 10 minutes.
  • Non-Persistence: Our caching infrastructure is strictly utilized for transient state management and is never used for the persistent archiving of personally identifiable information (PII).

5. Data Retention and Deletion (The Right to be Forgotten)

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable Indian law.

  • Account Deletion: Users may request complete account deletion via the application settings. Upon verification, profile data in our primary databases and associated media in AWS S3 will be permanently soft-deleted and subsequently hard-deleted within 30 days.
  • Regulatory Retention: To comply with the Income Tax Act, 1961, and the Prevention of Money Laundering Act (PMLA), 2002, transactional records, ledger entries, and Partner KYC metadata may be securely archived in a restricted state for up to seven (7) years following account termination.

6. Data Security and Internal Access Controls

  • Encryption: All data transmitted between your device and our backend APIs is secured using modern TLS/SSL protocols. Data at rest within our databases and S3 buckets is encrypted utilizing AWS Key Management Service (KMS).
  • Role-Based Access Control (RBAC): We enforce the principle of least privilege. Customer support personnel can only view booking statuses and cannot access private chat histories or financial ledgers. Raw database access is restricted to authorized engineering personnel via secure, audited jump hosts.

7. User Rights and Grievance Redressal

Under the DPDP Act, 2023, you possess the right to:

  • Access & Nominate: Request a summary of your personal data and nominate an individual to exercise your rights in the event of incapacity.
  • Correction: Rectify inaccurate or incomplete profile information directly within the application.
  • Grievance Redressal: If you have concerns regarding our data practices, please contact our designated Data Protection Officer (DPO) at privacy@pawgloo.com. For matters specifically concerning child safety and CSAE, please refer to our Child Safety Standards or contact our Safety Officer at safety@pawgloo.com. We are committed to resolving grievances promptly in accordance with statutory timelines.

Sensitive User Data & Financial Privacy Policy

This section details the handling of sensitive personal data and financial information.

1. Scope of Sensitive Personal Data or Information (SPDI)

This policy strictly governs the collection, transmission, tokenization, and processing of "Sensitive Personal Data or Information" (SPDI), as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, read alongside the Digital Personal Data Protection (DPDP) Act, 2023.

Within the context of the Pawgloo ecosystem, SPDI specifically encompasses:

  • Financial Account Instruments: Full Credit/Debit Card Numbers, Card Verification Values (CVV), Expiry Dates, Bank Account Numbers, and associated IFSC Codes.
  • Payment Identifiers: Unified Payments Interface (UPI) IDs (Virtual Payment Addresses / VPAs).
  • Government-Issued Identifiers (KYC): Unique identification documents, including Aadhaar, Permanent Account Numbers (PAN), and statutory Veterinary/Professional Licenses.

2. Strict Non-Storage Policy (The "Air-Gap" Architecture)

Pawgloo operates on a foundational principle of financial data air-gapping and zero-knowledge architecture. We explicitly do not store, record, archive, or otherwise maintain raw, unencrypted sensitive financial data on any of our proprietary AWS servers, databases, or cloud storage environments.

To guarantee maximum security and ensure absolute compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and regulations issued by the Reserve Bank of India (RBI), we employ a strictly segmented architectural flow:

  • Direct Transmission: When a Consumer initiates a payment (Pay-in) or a Partner provisions financial details for earnings (Pay-out), that SPDI bypasses Pawgloo’s primary databases entirely.
  • Secure Conduits: Data is transmitted dynamically via secure, end-to-end encrypted API tunnels (utilizing TLS 1.2 or higher) directly to our RBI-authorized Payment Aggregator and Identity Verification partner: Cashfree Payments India Pvt. Ltd.

3. Consumer Application: Pay-Ins and Tokenization

A. Transaction Flow & Card-on-File (CoF) Compliance When a user books a service slot (e.g., Tele-vet consultation, Dog Walking), Pawgloo’s backend is exclusively responsible for generating a unique order identifier (order_id) and calculating the transaction payload. The user is then seamlessly handed over to the Cashfree Payments SDK environment to input their SPDI. Pursuant to RBI's Card-on-File tokenization guidelines, Pawgloo does not save card details; users may opt to tokenize their cards through Cashfree for future use.

B. Data Minimization and Webhook Visibility Pawgloo’s backend receives only a cryptographic Webhook (a verified, non-reversible digital receipt) from Cashfree, confirming the terminal status of the transaction (e.g., SUCCESS or FAILED). At no juncture does Pawgloo obtain visibility into the user's raw card number, CVV, or UPI PIN.

C. Virtual Ledger Security In-app wallet balances, promotional credits, and refund logs are maintained on an internal, immutable double-entry ledger. This ledger employs non-identifiable, transactional tokens (e.g., idempotency_keys) to audit and reconcile financial activity without establishing any link to the user's raw SPDI.

4. Partner Application: Pay-Outs and Statutory KYC

To facilitate the lawful disbursement of professional earnings and comply with the Prevention of Money Laundering Act (PMLA), 2002, Pawgloo is statutorily obligated to verify the Partner's identity and banking credentials.

A. Beneficiary Creation & Mandatory Verification When a Partner inputs their Bank Account or UPI ID, our Partner-backend acts solely as a secure conduit, transmitting the SPDI instantly to Cashfree Payments to instantiate a "Beneficiary" profile. We utilize Cashfree's "Secure ID" suite to execute a Penny Drop verification (remitting a nominal ₹1). Cashfree returns the nameAtBank status, which our algorithms compare against the Partner's registered profile to substantiate ownership and mitigate financial fraud.

B. Post-Verification Data Scrubbing Upon the successful confirmation of verification, Pawgloo executes an automated routine to immediately and permanently scrub the raw account number and IFSC code from its memory caches. We retain only non-sensitive, operational routing identifiers:

  • A system-generated, encrypted Cashfree Beneficiary Identifier (e.g., cashfree_bene_id: VET_12345).
  • The binary verification status (verified / failed).
  • Masked UI display strings (e.g., account_last4: 1234, ifsc: SBIN...) strictly for the Partner's recognition within the app dashboard.

C. Archival of Government Identifiers Government-issued identifiers (Aadhaar/PAN) required for statutory KYC and Section 194-O TDS compliance are subjected to advanced encryption protocols and stored in an isolated, access-restricted AWS S3 bucket. Access is governed by strict Identity and Access Management (IAM) policies, limited exclusively to the designated Grievance/Compliance Officer for the sole purposes of statutory auditing, tax reporting, and dispute resolution.

Because Cashfree Payments executes all sensitive financial processing, nodal account settlement, and identity validation on behalf of Pawgloo, their operations are governed by independent, RBI-audited security protocols.

  • Explicit Consent: By executing a financial transaction or submitting payout credentials through the Pawgloo or Pawgloo-Partners applications, you hereby acknowledge and provide explicit, affirmative consent for the secure transmission of your SPDI to Cashfree Payments India Pvt. Ltd.
  • Review of Partner Protocols: Users are strongly advised to review the official security architecture and privacy practices of our regulated payment aggregator: Cashfree Privacy Policy.

6. Security Incident Response Protocol (CERT-In Mandate)

While Pawgloo does not retain raw financial data, we maintain rigorous, tamper-evident logging of all API requests (with sensitive payloads systematically obfuscated). In the unlikely event of a cybersecurity incident, unauthorized access, or data breach affecting our retained operational routing data (e.g., cashfree_bene_id mappings), Pawgloo is bound by the following mandatory response protocol:

  • Reporting Mandate: We will notify affected users and report the incident to the Indian Computer Emergency Response Team (CERT-In) within six (6) hours of identifying the anomaly, in strict adherence to the directives issued under subsection (6) of section 70B of the Information Technology Act, 2000.

Data Retention & Deletion Policy

This section outlines Pawgloo’s data lifecycle management practices, including retention schedules and the right to data erasure.

1. Purpose and Statutory Alignment

This policy articulates the data lifecycle management practices of Pawgloo Technologies. It defines the specific durations for which varying categories of personal and operational data are retained, our automated purging cycles, and the mechanisms through which users may exercise their right to data erasure (the "Right to be Forgotten") pursuant to the Digital Personal Data Protection (DPDP) Act, 2023.

2. Dynamic Data Retention Schedules

We adhere to the principle of data minimization. Data is retained strictly for the duration necessary to fulfill its operational purpose or to comply with statutory mandates in the Republic of India:

  • Active Account Data: Profile information, pet dossiers, and algorithmic matchmaking preferences are retained in our primary databases (meetnmate and partners) for the continuous duration of your active account status to provide uninterrupted service functionality.
  • Media and Object Storage (AWS S3): Profile pictures, pet imagery, and uploaded chat attachments are retained while the account is active. Upon the user-initiated deletion of a pet profile or the overriding of an existing image, the legacy media file is permanently and irrevocably purged from our AWS S3 buckets within a standard 30-day automated garbage-collection cycle.
  • Ephemeral State Data (Valkey/Redis Cache): Transient operational data—such as active video call tokens, temporary booking holds (temp_slot_lock), and cryptographic idempotency keys utilized to prevent duplicate transactions—are strictly ephemeral. This data is engineered with automated Time-To-Live (TTL) triggers and is permanently flushed from our caching layer within 10 minutes to 7 days, contingent upon the specific microservice requirement.
  • Customer Support & Grievance Logs: Communications directed to our support or Trust & Safety teams are retained for a period of two (2) years to ensure quality assurance, facilitate dispute resolution, and maintain auditability for consumer protection claims.

To comply with stringent Indian financial and taxation frameworks—including the Income Tax Act, 1961, the Companies Act, 2013, the Central Goods and Services Tax (CGST) Act, 2017, and the Prevention of Money Laundering Act (PMLA), 2002—Pawgloo is legally prohibited from expunging data integral to financial reconciliation.

  • Financial Ledgers & Transactional Invoices: All data recorded within our double-entry accounting architecture (including ledger_transactions, ledger_entries, and payout_batches) must be retained for a mandatory minimum period of eight (8) years from the culmination of the relevant financial year.
  • Cryptographic Anonymization: Upon the successful execution of an account deletion request, the user's profile is "soft-deleted." However, the financial metadata linked to historical bookings, automated payouts, TDS deductions, and Cashfree order_ids remains preserved. This data is irreversibly pseudonymized or stripped of direct identifiers (Name, Exact Location) to ensure platform ledgers remain balanced and legally auditable without compromising ongoing privacy.
  • Partner KYC Archival: For Service Partners, statutorily mandated identity verification logs (Aadhaar/PAN) and corresponding tax deduction histories are archived in an isolated, encrypted, and access-restricted vault for eight (8) years post-account termination.

4. Data Erasure Protocol (The Right to be Forgotten)

Subject to the exceptions outlined in Section 5, users possess the statutory right to request the permanent erasure of their personal data.

A. Initiation of the Erasure Request:

  1. Navigate to the Settings interface within the Pawgloo or Pawgloo-Partners application.
  2. Access Account Security > Delete Account.
  3. Alternatively, a formal, verifiable data erasure mandate may be transmitted via email to privacy@pawgloo.com from the user's registered email address.

B. The Erasure Execution Lifecycle: Upon the authentication of a deletion request, and contingent upon the absence of active bookings or pending financial settlements:

  • Immediate Action (0-7 Days): The account is instantly deactivated, authentications are revoked, and the user is immediately delisted from search indexing, partner directories, and the social Playdate feed.
  • Database Purge (30 Days): Personally Identifiable Information (PII), including Name, Phone Number, and Email, is permanently scrubbed or irreversibly hashed from the primary operational databases. All associated media assets residing in AWS S3 are subjected to a hard delete.
  • Ledger Preservation: As articulated in Section 3, numeric transaction logs are preserved solely for statutory tax audits, fully decoupled from the user's identity.

5. Legal & Trust Holds (Exceptions to Erasure)

Pawgloo explicitly reserves the right to deny, suspend, or delay a data erasure request under the following circumstances:

  • Active Litigation or Disputes: The existence of an unresolved dispute, active insurance claim, or pending litigation involving the account (e.g., a reported canine injury or property damage incident).
  • Financial Delinquency: The account exhibits a negative wallet balance, or the user owes an outstanding refund or financial penalty to the platform or a counterparty.
  • Trust & Safety Violations: If the account has been permanently suspended for severe breaches of the Terms of Service (e.g., violating the Anti-Circumvention Policy or engaging in abusive behavior). In such instances, a cryptographic "hashed fingerprint" of the user's device ID and mobile number will be retained permanently on an internal blocklist to prevent fraudulent re-registration and protect the ecosystem.

    🐾 Find your pet's perfect match on Pawgloo

    Join the community of thousands of pet parents in India. Play dates, tele-vet access, and verified dog walkers-all in one app.

    Download PawglooArrow Right

Was this policy clear?