Legal
Privacy Policy
Last updated: 29 April 2026
This policy explains how Hero collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The data controller is Hero Smart Tech Limited, a company registered in England and Wales (Companies House registration number: 17190247), operating the Hero smart pet tag platform at herotag.app.
Data protection contact: hello@herotag.app
2. What Data We Collect
Account data
- Name (optional)
- Email address
- Password (stored as a one-way hash — we cannot read it)
Pet profile data
- Pet name, species, breed, age
- Pet photos
- Medical notes, allergies, special instructions
- Emergency contact details you choose to add
Scan data
- Date and time of each tag scan
- Approximate location of the scan (derived from the finder's device, if permitted by their browser)
- Any message or photo submitted by a finder via the Finder Photo Reports feature
Herogram data (Hero+ only)
- Photos and captions you post to your pet's Herogram feed
Payment data
Payments are processed by Stripe. We do not store your card number, expiry date, or CVV. We receive only a confirmation of payment and your order details.
Technical data
- IP address
- Browser type and version
- Device type
- Pages visited and time spent (analytics)
3. Why We Collect It (Legal Basis)
| Purpose | Legal basis (UK GDPR Art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Displaying your pet profile when the tag is scanned | Performance of a contract (Art. 6(1)(b)) |
| Sending scan alerts and Lost Mode notifications | Performance of a contract (Art. 6(1)(b)) |
| Processing your Tag purchase | Performance of a contract (Art. 6(1)(b)) |
| Managing your Hero+ subscription | Performance of a contract (Art. 6(1)(b)) |
| Preventing fraud and ensuring platform security | Legitimate interests (Art. 6(1)(f)) |
| Improving the Hero platform | Legitimate interests (Art. 6(1)(f)) |
| Sending service emails (receipts, alerts) | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing emails | Consent (Art. 6(1)(a)) — you can withdraw at any time |
4. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account and pet profile data | Until you delete your account, then 30 days |
| Scan history | Until you delete your account or clear your history |
| Herogram photos | Until you delete the photo or your account |
| Finder photo reports | Deleted when the missing report is resolved, or when your account is deleted |
| Payment records | 7 years (HMRC legal requirement) |
| Technical / analytics data | 26 months (Google Analytics default) |
5. Who We Share Your Data With
We do not sell your personal data. We share data only with the following trusted third parties, strictly for the purpose of operating Hero:
- Stripe — payment processing. Stripe Privacy Policy
- Vercel & Google Cloud — cloud infrastructure and data storage
- Resend — transactional emails (scan alerts, account notifications)
If we are required to share data with law enforcement or a regulatory authority, we will do so only where legally obligated.
6. Cookies
Hero uses the following cookies:
- Essential cookies — required for login sessions and security. Cannot be disabled.
- Analytics cookies — Google Analytics, to understand how the site is used. You can opt out via your browser settings or a cookie consent banner.
7. Your Rights Under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at hello@herotag.app. We will respond within 30 days.
8. Data Security
We take reasonable technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), hashed passwords, and access controls. No system is completely secure, and we cannot guarantee absolute security.
9. Children
Hero is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
10. Changes to this Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform. The date at the top of this page shows when it was last updated.
11. How to Complain
If you are unhappy with how we handle your data, please contact us at hello@herotag.app.