PawScene

Privacy Policy

Last updated: March 2026

1. Introduction & Scope

This Privacy Policy is published by Denovate, LTD., a company registered in England and Wales doing business as PawScene ("PawScene," "we," "our," or "us"), with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. It describes how we collect, use, share, and protect personal information when you use our iOS and Android mobile applications and the website at pawscene.com (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service. This policy should be read together with our Terms of Service and GDPR & Data Rights page.

2. Information We Collect

2a. Information You Provide Directly

When you create an account or use the Service, you may provide:

  • Email address and display name (via Apple Sign In or Google Sign In)
  • Pet photos you upload for AI generation
  • Prompts and text instructions you submit for AI generation or chat
  • Support messages or feedback you send to us

2b. Information Collected Automatically

When you create an account or use the Service, we automatically collect:

  • Device identifier: Identifier for Vendor (IDFV) on iOS; Android ID on Android (per-app, not advertising ID)
  • Platform (iOS or Android), app version, and operating system version
  • IP address (recorded at account registration and login, stored in consent logs)
  • User-Agent string (recorded at registration and login)
  • Firebase Cloud Messaging (FCM) push token (stored to send notifications)
  • In-app usage patterns: features accessed, AI styles selected, session metadata
  • Crash reports and diagnostic logs via Firebase Crashlytics
  • Usage events via Firebase Analytics (e.g., login, purchase, feature usage)

2c. Information from Apple Sign In

If you authenticate via Apple Sign In, we receive a provider-specific user ID from Apple and, if you choose to share it, your email address and display name. Apple may provide a relay (anonymized) email address. You control whether Apple shares your real email with us. We store the provider user ID and any email/name you choose to share.

2d. Information from Google Sign In

If you authenticate via Google Sign In, we receive your Google account email address, display name, and a provider-specific user ID from Google's OAuth service.

2e. Payment and Subscription Data

All billing is processed exclusively by Apple App Store or Google Play Billing. We use RevenueCat to manage subscription entitlements and credit balances. We pass your account user ID and email address to RevenueCat for entitlement management. RevenueCat receives subscription status, transaction tokens, and purchase timestamps from Apple or Google. We never receive, store, or process your credit card number or full payment method details.

2f. Referral Data

If you use a referral code, we record the referring user, the IP address of the new account at registration, and the device identifier, solely for fraud prevention and reward attribution purposes.

3. How We Use Your Information

We use your information to:

  • Authenticate your identity and maintain your account and session
  • Process AI generation requests using the photos and prompts you submit
  • Store and display AI chat history so you can review past sessions
  • Manage and display your credit balance via RevenueCat
  • Send push notifications about your generations and account
  • Diagnose crashes and improve app reliability via Firebase Crashlytics
  • Understand feature usage and improve the Service via Firebase Analytics
  • Detect and prevent fraud, abuse, and multi-account credit exploitation
  • Respond to support requests and communications
  • Comply with legal and regulatory obligations

We do not use your data for advertising. We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.

4. How We Handle Your Photos — Critical Disclosure

When you upload a pet photo for AI generation:

  • Your photo is transmitted to our backend servers over an encrypted (TLS) connection.
  • Depending on the style or product you select, the photo is forwarded to one of the following AI providers for processing:
  • OpenAI — AI image generation (DALL-E)
  • Anthropic — Language model assistance (e.g., prompt refinement)
  • Google Gemini — Image understanding and generation
  • Replicate — Open-source model hosting and inference

Each provider processes your photo solely to fulfil the generation request under their API terms, which prohibit training on API inputs.

PawScene does not persistently store uploaded photos. Input photos are deleted from our systems upon completion of the generation pipeline. Your text prompts and the metadata of each generation job (model used, credits charged, output URL) are stored in our database. Generated output images are stored in secure cloud storage and remain accessible to you until you delete them from within the app.

5. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Sub-processors: The AI providers and infrastructure services listed in our GDPR page receive data only as necessary to provide their services and are bound by Data Processing Agreements.
  • Legal disclosure: We may disclose data when required by law, court order, or governmental authority, or to protect the rights, property, or safety of PawScene, our users, or others.
  • Business transfer: If Denovate, LTD. is involved in a merger, acquisition, or asset sale, we will provide 30 days' advance notice before your personal data is transferred to a new controller.

6. Data Retention

  • Account data (email, profile): retained while your account is active, plus 90 days after account deletion, then permanently deleted.
  • Uploaded photos (input): zero retention — deleted upon generation pipeline completion.
  • AI prompts and chat history: retained until you delete the session or delete your account.
  • Generated outputs: retained until you delete them from the app.
  • Consent logs (IP, User-Agent, consent timestamps): retained for legal compliance purposes.
  • Support communications: retained for up to 3 years.
  • Legal and financial records: retained for up to 7 years as required by applicable law.

7. Security

We implement industry-standard security measures including TLS encryption for all data in transit, encryption at rest for stored data, least-privilege access controls, and JWT-based session management with per-device token revocation. In the event of a personal data breach, we will notify affected users and the Information Commissioner's Office (ICO) as required by the UK GDPR.

8. Children's Privacy

PawScene is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. In the European Union and United Kingdom, our minimum age is 13 (subject to higher ages set by member state law). Users aged 13–17 require verifiable parental or guardian consent.

If we become aware that we have inadvertently collected data from a child below the applicable minimum age, we will delete that information promptly. Please contact privacy@denovate.app if you have concerns.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale: We do not sell personal information — this right is not applicable.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Submit requests via privacy@denovate.app. Authorized agents may submit requests with written proof of authorization. We verify identity via your registered Apple or Google account.

10. International Data Transfers

We are based in the United Kingdom. When we transfer personal data to sub-processors located outside the UK or EEA, we rely on the following mechanisms:

  • UK → third countries (e.g., USA): International Data Transfer Agreement (IDTA) approved by the UK ICO, or Standard Contractual Clauses (SCCs) with a UK Addendum
  • EEA → third countries: EU Standard Contractual Clauses (Decision 2021/914)
  • Switzerland → third countries: Adapted SCCs under the Swiss nFADP

11. Your Rights

Regardless of your location, you may:

  • Access your personal data by contacting us.
  • Correct inaccurate data by contacting us.
  • Delete your account directly in the app (Settings → Delete Account) or by emailing privacy@denovate.app.
  • Export your data in a machine-readable format on request.
  • Opt out of push notifications via your device settings at any time.
  • Opt out of Firebase Analytics via your device's privacy settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Privacy → Ads).

EEA, UK, and Swiss residents have additional rights under the GDPR/UK GDPR. See our GDPR & Data Rights page for full details.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

13. Changes to This Policy

We will provide at least 30 days' advance notice of material changes via an in-app banner and email to your registered address where available. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact

For privacy-related inquiries:

  • Email: privacy@denovate.app
  • Phone: +44 7349 580908 / +90 537 581 36 36
  • Post: Denovate, LTD., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom