Privacy Policy

Last updated: 1 January 2026

TrustedPets Ltd ("we", "our", "us") is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, password (hashed), phone number when you create an account.
  • Profile Data: Avatar photo, location, business name, and breeding specialties for breeder accounts.
  • Identity Verification: Government-issued ID for breeder verification purposes only.
  • Communications: Messages sent through our platform between buyers and breeders.
  • Payment Data: Payment information is processed securely by Stripe. We do not store full card details.
  • Usage Data: IP address, browser type, pages visited, and interaction data collected via cookies.
  • Pet Listing Data: Pet descriptions, images, pricing, and health information submitted by breeders.

2. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and maintaining our marketplace services
  • Verifying breeder identities and credentials
  • Processing payments and deposits via Stripe
  • Facilitating communication between buyers and breeders
  • Sending service-related notifications (e.g., application status, messages)
  • Improving our platform and user experience
  • Preventing fraud and ensuring platform safety
  • Complying with legal obligations

Legal basis: We process your data based on contractual necessity (providing our services), legitimate interests (platform security, improvement), consent (marketing), and legal obligations (compliance).

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe: For payment processing. See Stripe's Privacy Policy.
  • Other Users: Your public profile information and messages are shared with relevant buyers/breeders on our platform.
  • Service Providers: Hosting (cloud infrastructure), email delivery, and analytics services that process data on our behalf under strict contracts.
  • Legal Requirements: When required by law, court order, or to protect our legal rights.

4. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and basic platform functionality. Cannot be disabled.
  • Functional Cookies: Remember your preferences and settings.
  • Analytics Cookies: Help us understand how visitors use our platform to improve the experience.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

5. Your GDPR Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@trustedpets.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

6. Data Retention

  • Account Data: Retained for the duration of your account plus 2 years after deletion.
  • Messages: Retained for 3 years after the last activity in a conversation.
  • Payment Records: Retained for 7 years as required by HMRC.
  • Verification Documents: ID documents are deleted within 90 days of successful verification.
  • Usage Data: Aggregated analytics data is retained indefinitely; individual records are deleted after 26 months.

7. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and penetration testing
  • Access controls and employee training
  • Incident response procedures

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

9. Contact Us

For any questions about this privacy policy or your personal data: