Privacy Policy
How we collect, use, and protect your personal data
Last updated: 7 March 2026 | Version 1.2
1 Introduction
Go Rocco Ltd ("Go Rocco", "we", "us", or "our") operates the Go Rocco mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2 Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address - to identify your account and send important communications
- Username - to identify you to other users
- Password - stored securely using bcrypt hashing (we cannot see your password)
- Display name - to personalize your profile
- Phone number (optional) - for two-factor authentication and emergency contacts
- Profile photo (optional) - to personalize your profile
- Date of birth - to verify age requirements (16+ years in the UK)
2.2 Pet Information
When you add pets to your profile, we collect:
- Pet name, species, and breed
- Pet photos, date of birth, and weight
- Microchip ID (optional) - for lost pet identification
- Medical information (optional) - including allergies, medications, and veterinarian details
- Vaccination records (optional)
2.3 Location Data
With your explicit consent, we collect:
- GPS coordinates during walks - to track distance and route
- Walk history - walk summaries stored for your account lifetime; GPS route points deleted after 12 months
- Current location - for nearby features and lost pet alerts (not stored long-term)
- Proximity data - when walking, your approximate location (within ~100 metres) may be visible to other nearby walkers in real time. Your precise coordinates are never shared with other users.
- Aggregated walk patterns - to improve lost pet alert distribution (30-day rolling window)
- Hazard report locations - GPS coordinates when you report trail hazards (stored until hazard expires or is resolved)
- SOS alert locations - GPS coordinates during emergency alerts (shared with your emergency contacts)
2.4 Social & Communication Data
When you use social features, we collect:
- Posts, comments, and stories
- Direct messages
- Likes, follows, and interactions
- Group memberships and event RSVPs
2.5 Lost Pet Alert Data
If you report a lost pet:
- Last seen location and time
- Contact phone number - encrypted for your protection
- Pet description and photos
- Sighting reports from other users
2.6 Hazard & Safety Data
When you use safety features, we collect:
- Hazard reports - type, severity, location, description, and optional photos
- Hazard confirmations/dismissals - your votes on whether a reported hazard still exists
- Emergency contacts - names, phone numbers, and linked Go Rocco accounts
- SOS alerts - trigger type, location, and notification delivery status
2.7 Error & Diagnostic Data
To improve App stability, we automatically collect:
- Crash reports - stack traces, device model, OS version, app version
- Error logs - anonymized error details sent to our error reporting service
- This data does not contain your personal content (messages, photos, etc.)
2.8 Payment Information
For purchases and subscriptions:
- Billing and shipping addresses
- Order history
- We do NOT store your card details - payments are processed securely by Stripe
- In-app purchases on iOS are processed by Apple; on Android by Google. We receive transaction receipts but not your payment method details.
2.9 Device & Technical Data
We automatically collect:
- Device information - type, operating system, app version
- IP address - for security and fraud prevention
- Session data - login times and activity
- Push notification tokens - to send you notifications
2.10 Health & Wellness Data
With your consent:
- Pet activity logs - steps, distance, duration
- Pet weight history
- Medication schedules and logs
- Wellness scores (calculated by our app)
3 How We Use Your Information
We process your personal data for the following purposes:
- Contract Provide and maintain the App
- Contract Create and manage your account
- Contract Process transactions and orders
- Contract Send notifications and updates
- Track walks and pet health
- Display nearby places and users
- Legitimate Interest Distribute lost pet alerts
- Legitimate Interest Content moderation and safety
- Legitimate Interest Prevent fraud and abuse
- Legal Obligation Comply with legal obligations
- Legitimate Interest Improve our services
4 How We Share Your Information
4.1 With Other Users
- Your public profile is visible to other users
- Your posts are visible according to your privacy settings
- Your location during walks is only visible if you enable sharing
4.2 With Service Providers
We share data with trusted third parties who help us operate the App:
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | CDN, security | EU/Global |
| Stripe | Payment processing | EU/US |
| Firebase (Google) | Push notifications | EU, Frankfurt |
| Apple (APNs) | iOS notifications | Global |
| Sentry | Error monitoring & crash reporting | EU |
| Google AdMob | In-app advertising | EU/US |
| OpenAI | AI-assisted content moderation | US |
4.3 With Our Staff
A limited number of authorised staff (moderators and administrators) may access your personal data when necessary to respond to reports, investigate abuse or fraud, or provide customer support. All access is subject to role-based access controls and logged in an append-only audit trail.
4.4 For Legal Reasons
We may disclose your information to comply with legal obligations, respond to lawful requests from authorities, or protect our rights and safety.
4.5 Business Transfers
If Go Rocco is acquired or merged, your information may be transferred. We will notify you before this occurs.
5 Data Security
We implement robust security measures to protect your data:
- Encryption in transit - All data transmitted using TLS 1.3
- Encryption at rest - Sensitive data encrypted using AES-256 (pgcrypto)
- Password security - Passwords hashed with bcrypt (12 rounds)
- Two-factor authentication - Available for additional account security
- Secure infrastructure - Hosted on private Kubernetes cluster with network isolation
Encrypted data includes: email addresses, phone numbers, two-factor authentication secrets, lost pet alert contact phone numbers, and database backups.
6 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 2 years |
| Walk GPS data | 12 months (then deleted; walk summaries retained) |
| Posts and messages | Until you delete them |
| Payment records | 7 years (legal requirement) |
| Security logs | 90 days |
| Analytics | 2 years (then anonymized) |
| Backups | 30 days |
7 Your Rights
Under UK GDPR, you have the following rights:
Right of Access
Request a copy of all personal data we hold about you. Use the "Download My Data" feature in Settings > Privacy.
Right to Rectification
Correct inaccurate data through your profile settings or by contacting us.
Right to Erasure
Delete your account and all associated data through Settings > Delete Account.
Right to Restriction
Request we limit how we use your data by contacting our DPO.
Right to Data Portability
Export your data in a machine-readable format (JSON) through Settings > Privacy > Download My Data.
Right to Object
Object to processing based on legitimate interests by contacting us.
Right Regarding Automated Decisions (Art. 22)
We use automated decision-making for content moderation. Our AI systems may automatically remove content, restrict account features temporarily, or flag content for human review. You have the right to request human review of any automated moderation decision via the in-app appeal process and receive a response within 72 hours. No solely automated decisions are made about account deletion or permanent bans.
To exercise your rights, contact: privacy@go-rocco.com
8 Children's Privacy
Go Rocco requires users to be at least 16 years of age in the UK, in accordance with UK GDPR Article 8 and the ICO Age Appropriate Design Code. Users aged 16-17 have restricted access to certain features. We do not knowingly collect data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately.
9 International Transfers
Your data is primarily processed in the United Kingdom on our self-hosted infrastructure. Where data is transferred outside the UK (e.g., to Stripe or Google in the US), we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTAs), UK adequacy decisions (including the UK-US Data Bridge), and Data Processing Agreements with all processors.
10 Cookies and Tracking
The Go Rocco App uses local storage to save your preferences, session tokens to keep you logged in, and analytics to understand App usage (can be disabled in Settings).
We display ads through Google AdMob. AdMob may collect your device advertising ID and IP address to serve relevant ads. You can opt out of personalised ads in your device settings. We do NOT sell your personal data to advertisers.
11 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through in-app notifications, email (if you've opted in), or a notice on our website.
12. Contact Us
General Inquiries: privacy@go-rocco.com
Data Protection Officer: dpo@go-rocco.com
Post: Go Rocco Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Complaints: If you're unsatisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO).