宠伴 AI 隐私政策 / PetPal Privacy Policy
生效日期 Effective Date:2026-06-20 · 最近更新 Last Updated:2026-06-20 运营主体 Controller:PetPal · 联系邮箱 Contact:support@petpal.ai
中文版
0. 一句话承诺(数据最小化优先)
我们只收集为你提供识别与健康管理服务所必需的数据;你上传的宠物照片默认仅用于即时 AI 推理、用完即弃,不长期留存——除非你主动把照片保存进宠物档案。所有数据在传输与存储全程加密。
⚠️ 重要医疗免责:宠伴 AI 提供的品种识别、情绪解读、健康初筛均为辅助参考(screening aid),不构成兽医诊断、治疗或处方。任何健康结果均附带置信度与免责声明;出现异常或不确定结果时,App 会引导你联系持牌兽医。情绪解读仅供娱乐,不承诺准确。
1. 我们收集哪些数据
| 数据类别 | 具体内容 | 是否必需 | 收集时机 |
|---|---|---|---|
| 宠物照片 / 影像 | 你拍摄或从相册选取、用于识别与健康初筛的图片 | 使用对应功能时必需 | 你主动拍照/上传时 |
| 识别与健康查询数据 | 品种识别请求、情绪解读请求、健康初筛请求及其返回结果 | 功能必需 | 调用 AI 功能时 |
| 宠物档案数据 | 你录入的宠物昵称、物种、品种、年龄/生日、体重、性别、疫苗/驱虫/用药记录、历次扫描历史 | 可选(使用档案功能时) | 你主动创建/编辑档案时 |
| 设备标识与技术信息 | 设备型号、操作系统版本、App 版本、语言、匿名设备/安装标识、崩溃日志、IP(用于安全与就近接入) | 必需(运行与安全) | 自动 |
| 订阅状态 | 经 RevenueCat 管理的订阅/试用状态、购买凭证标识、续订/取消状态(我们不接触、不存储你的完整银行卡号——支付由 Apple/Google 处理) | 使用付费功能时必需 | 购买/试用/续订时 |
| 分析与产品事件 | 漏斗与功能使用事件(如打开、扫描、查看结果、生成分享卡、付费墙曝光、试用/订阅转化等),用于改进产品 | 可在系统设置中限制(详见第 7 条) | 使用 App 时自动 |
| 账户与联系信息(如启用) | 邮箱(用于登录/找回/支持) | 仅在你创建账户或联系支持时 | 你主动提供时 |
我们不会故意收集与养宠/健康服务无关的敏感个人信息,也不收集精确地理位置(除非未来你授权"查找附近兽医"等可选功能)。
2. 我们如何使用这些数据
- 提供核心功能:把照片发送至 AI 推理网关以返回品种 Top-3 + 置信度、情绪趣味解读、健康初筛"建议就医"提示。
- 健康档案与提醒:存储你录入的档案,生成疫苗/驱虫/体检提醒与月度健康回顾。
- 订阅与计费:经 RevenueCat 校验你的试用/订阅权益,解锁付费功能。
- 安全与防滥用:防止欺诈、滥用、限频、保障服务可用性。
- 产品改进与分析:以聚合/匿名方式分析功能使用与漏斗转化,优化体验。
- 合规与法律义务:在法律要求时配合留存与披露。
我们不会将你的宠物照片或个人数据出售给第三方,也不会用于与上述无关的广告画像出售。
3. 数据最小化、加密与留存
- 数据最小化:仅收集实现功能所需的最少数据。
- 传输加密:所有客户端↔服务器、服务器↔第三方处理者的传输使用 TLS/HTTPS 加密。
- 存储加密:静态数据(对象存储中的图片、数据库中的档案)采用业界标准加密(at rest)。
- 照片留存(关键):你上传用于识别/初筛的照片,默认仅在推理过程中被瞬时使用,处理完成后即从推理链路删除,不做长期留存;仅当你主动将某张照片保存进宠物档案时,该照片才会被加密存储,直至你删除档案或照片。
- 其他数据留存:档案与历史数据在你使用期间保留;账户删除后,我们在合理且法律允许的期限内删除或匿名化(用于反欺诈/财务/法律义务的最小必要记录除外)。
4. 第三方处理者(子处理者)
我们与以下类别的服务商共享实现功能所必需的最少数据;他们仅按我们的指示处理数据:
| 处理者类别 | 用途 | 共享的数据 |
|---|---|---|
| AI 推理网关 / 多模态视觉模型供应商(经 OpenAI 兼容视觉网关调用,如 Gemini 系列) | 品种 / 情绪 / 健康初筛推理 | 宠物照片(瞬时)、查询文本 |
| RevenueCat | 订阅与试用状态管理 | 订阅/购买凭证标识、设备/安装标识 |
| 应用商店(Apple App Store / Google Play) | 支付与结算 | 由商店处理的支付信息(我们不接触卡号) |
| 分析服务商 | 产品与漏斗分析 | 匿名/伪匿名事件、设备标识 |
| 云对象存储与基础设施供应商 | 加密存储与运行 | 已加密的档案数据、技术日志 |
具体子处理者清单可应要求经 support@petpal.ai 提供。我们会通过合同约束其安全与保密义务。
5. 跨境传输
为提供 AI 推理与云服务,你的数据可能在你所在地以外的服务器(含美国)被处理。我们采取合同与技术措施保障该等传输符合适用法律。
6. 儿童隐私
宠伴 AI 并非面向 13 岁(部分地区为 16 岁)以下儿童,我们不会有意收集儿童个人信息。若你认为儿童向我们提供了个人信息,请通过 support@petpal.ai 联系我们删除。
7. 你的权利与选择
- 访问与导出:你可请求获取我们持有的你的个人数据副本。
- 更正:你可在 App 内编辑宠物档案;其他更正可联系我们。
- 删除:你可在 App 内删除单张照片、宠物档案,或请求删除账户与关联数据。
- 撤回与限制:你可在系统设置中关闭分析/广告标识(如 iOS ATT、Google 广告 ID),并可随时通过 App Store/Google Play 管理或取消订阅。
- 行使方式:通过 support@petpal.ai 提交请求,我们将在适用法律规定的期限内响应。加州(CCPA/CPRA)、欧盟/英国(GDPR)等地区用户享有当地法律赋予的附加权利(如反对、可携带、申诉)。
8. 健康与情绪功能的特别说明(合规红线)
- 健康初筛与品种识别为辅助性筛查工具,绝不等同诊断/治疗/处方;每个健康结果均展示置信度与免责声明。
- 多数美国州要求在远程诊断/开处方前建立 VCPR(兽医-客户-患者关系,通常需近 ~12 个月内的当面检查),因此宠伴 AI 仅做转诊/分诊(referral/triage),不做诊断或开方。任何异常/不确定结果都会引导你联系持牌兽医。
- 情绪解读仅供娱乐,不作任何准确性承诺。
9. 安全
我们采用加密、访问控制、最小权限与日志监控等措施保护数据。但没有任何系统能保证 100% 安全。
10. 政策变更
我们可能更新本政策;重大变更将通过 App 内通知或更新本页"最近更新"日期告知你。
11. 联系我们
数据控制者:PetPal · 邮箱:support@petpal.ai · 地址:Available on request at support@petpal.ai
English Version
0. Our Promise (Data Minimization First)
We collect only the data necessary to provide identification and health-management services. The pet photos you upload are used transiently for AI inference and discarded — not retained long-term, unless you choose to save a photo to a pet profile. All data is encrypted in transit and at rest.
⚠️ Medical disclaimer: PetPal's breed identification, emotion reading, and health pre-screening are an assistive screening aid — NOT a veterinary diagnosis, treatment, or prescription. Every health result carries a confidence score and disclaimer; abnormal or uncertain results route you to a licensed veterinarian. Emotion reading is for entertainment only and makes no accuracy claim.
1. Data We Collect
| Category | What it includes | Required? | When |
|---|---|---|---|
| Pet photos / images | Images you capture or pick for identification and health pre-screen | Required for those features | When you take/upload a photo |
| Identification & health queries | Breed/emotion/health pre-screen requests and their results | Required | When you use AI features |
| Pet profile data | Pet name, species, breed, age/birthday, weight, sex, vaccine/deworming/medication records, scan history you enter | Optional (profile feature) | When you create/edit a profile |
| Device & technical info | Device model, OS version, app version, language, anonymous device/install IDs, crash logs, IP (security & routing) | Required (operation & security) | Automatic |
| Subscription status | Trial/subscription state and purchase-token identifiers managed via RevenueCat (we do not receive or store full card numbers — payment is handled by Apple/Google) | Required for paid features | On purchase/trial/renewal |
| Analytics & product events | Funnel and feature events (open, scan, view result, share-card, paywall view, trial/subscribe, etc.) used to improve the product | Limitable in system settings (see §7) | Automatic during use |
| Account & contact (if enabled) | Email for login/recovery/support | Only if you create an account or contact support | When you provide it |
We do not knowingly collect sensitive personal data unrelated to pet/health services, and we do not collect precise geolocation unless you later opt into features such as "find a nearby vet."
2. How We Use Data
- Core features: send photos to our AI inference gateway to return breed Top-3 + confidence, an entertainment emotion read, and a health pre-screen "see a vet" prompt.
- Health profile & reminders: store the profile you enter and generate vaccine/deworm/checkup reminders and monthly health recaps.
- Subscriptions & billing: verify trial/subscription entitlements via RevenueCat.
- Security & abuse prevention: fraud prevention, rate limiting, availability.
- Product improvement & analytics: aggregated/anonymized analysis of feature use and funnel conversion.
- Legal & compliance: retain/disclose where legally required.
We do not sell your pet photos or personal data, and do not use them for selling advertising profiles unrelated to the above.
3. Data Minimization, Encryption & Retention
- Minimization: only the minimum data needed to deliver features.
- In transit: all client↔server and server↔processor transfers use TLS/HTTPS.
- At rest: stored images (object storage) and profiles (database) use industry-standard encryption.
- Photo retention (key): photos uploaded for identification/pre-screen are used transiently during inference and deleted from the inference pipeline afterward — not retained long-term. A photo is stored (encrypted) only if you explicitly save it to a pet profile, until you delete the profile or photo.
- Other retention: profile/history data is kept while you use the app; after account deletion we delete or anonymize within a reasonable, legally permitted period (except minimal records required for anti-fraud/financial/legal obligations).
4. Third-Party Processors (Sub-processors)
We share the minimum necessary data with the following categories of providers, who process it only under our instructions:
| Processor category | Purpose | Data shared |
|---|---|---|
| AI inference gateway / multimodal vision model vendor (via an OpenAI-compatible vision gateway, e.g. Gemini family) | Breed / emotion / health pre-screen inference | Pet photos (transient), query text |
| RevenueCat | Subscription & trial state | Subscription/purchase-token IDs, device/install IDs |
| App stores (Apple App Store / Google Play) | Payment & billing | Payment info handled by the store (we never see card numbers) |
| Analytics provider | Product & funnel analytics | Anonymous/pseudonymous events, device IDs |
| Cloud object storage & infrastructure | Encrypted storage & operation | Encrypted profile data, technical logs |
A current sub-processor list is available on request via support@petpal.ai. We bind processors by contract to security and confidentiality obligations.
5. International Transfers
To provide AI inference and cloud services, your data may be processed on servers outside your region (including the US). We use contractual and technical safeguards consistent with applicable law.
6. Children's Privacy
PetPal is not directed to children under 13 (16 in some regions) and we do not knowingly collect their data. Contact support@petpal.ai to request deletion if you believe a child provided us personal information.
7. Your Rights & Choices
- Access/export a copy of your personal data.
- Correct profiles in-app; contact us for other corrections.
- Delete individual photos, pet profiles, or request account + data deletion.
- Withdraw/limit: disable analytics/ad identifiers in system settings (e.g. iOS ATT, Google Ad ID); manage or cancel subscriptions anytime via App Store/Google Play.
- How: submit requests to support@petpal.ai; we respond within statutory timeframes. Users in California (CCPA/CPRA), the EU/UK (GDPR), and similar jurisdictions have additional local rights (e.g. object, portability, complaint).
8. Health & Emotion Features — Special Notice (Compliance Red Lines)
- Health pre-screen and breed ID are an assistive screening tool, never a diagnosis/treatment/prescription; each health result shows a confidence score and disclaimer.
- Most US states require a VCPR (Veterinarian-Client-Patient Relationship, generally an in-person exam within ~12 months) before remote diagnosis/prescribing, so PetPal performs referral/triage only — no diagnosis or prescribing. Abnormal/uncertain results route you to a licensed veterinarian.
- Emotion reading is for entertainment only, with no accuracy claim.
9. Security
We use encryption, access controls, least privilege, and monitoring. No system is 100% secure.
10. Changes
We may update this policy; material changes will be notified in-app or by updating the "Last Updated" date above.
11. Contact
Controller: PetPal · Email: support@petpal.ai · Address: Available on request at support@petpal.ai