Legal

Privacy Policy

Last updated: 14 March 2025

This policy explains how Hero collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller is [COMPANY NAME LTD], registered in England and Wales (company number [COMPANY NUMBER]), with registered address at [REGISTERED ADDRESS].

ICO registration number: [ICO REGISTRATION NUMBER]

Data protection contact: [CONTACT_EMAIL]

2. What Data We Collect

Account data

  • Name (optional)
  • Email address
  • Password (stored as a one-way hash — we cannot read it)

Pet profile data

  • Pet name, species, breed, age
  • Pet photos
  • Medical notes, allergies, special instructions
  • Emergency contact details you choose to add

Scan data

  • Date and time of each tag scan
  • Approximate location of the scan (derived from the finder's device, if permitted by their browser)
  • Any message or photo submitted by a finder via the Finder Photo Reports feature

Herogram data (Hero+ only)

  • Photos and captions you post to your pet's Herogram feed

Payment data

Payments are processed by Shopify. We do not store your card number, expiry date, or CVV. We receive only a confirmation of payment and your order details.

Technical data

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and time spent (analytics)

3. Why We Collect It (Legal Basis)

PurposeLegal basis (UK GDPR Art. 6)
Creating and managing your accountPerformance of a contract (Art. 6(1)(b))
Displaying your pet profile when the tag is scannedPerformance of a contract (Art. 6(1)(b))
Sending scan alerts and Lost Mode notificationsPerformance of a contract (Art. 6(1)(b))
Processing your Tag purchasePerformance of a contract (Art. 6(1)(b))
Managing your Hero+ subscriptionPerformance of a contract (Art. 6(1)(b))
Preventing fraud and ensuring platform securityLegitimate interests (Art. 6(1)(f))
Improving the Hero platformLegitimate interests (Art. 6(1)(f))
Sending service emails (receipts, alerts)Performance of a contract (Art. 6(1)(b))
Sending marketing emailsConsent (Art. 6(1)(a)) — you can withdraw at any time

4. How Long We Keep Your Data

Data typeRetention period
Account and pet profile dataUntil you delete your account, then 30 days
Scan historyUntil you delete your account or clear your history
Herogram photosUntil you delete the photo or your account
Finder photo reports90 days from submission, then deleted
Payment records7 years (HMRC legal requirement)
Technical / analytics data26 months (Google Analytics default)

5. Who We Share Your Data With

We do not sell your personal data. We share data only with the following trusted third parties, strictly for the purpose of operating Hero:

  • Shopify — payment processing and order fulfilment. Shopify Privacy Policy
  • [HOSTING PROVIDER] — cloud infrastructure and data storage. Servers located in [DATA CENTRE LOCATION, e.g. EU/UK]
  • [EMAIL PROVIDER] — transactional emails (scan alerts, account notifications)
  • Google Analytics — anonymised website analytics

If we are required to share data with law enforcement or a regulatory authority, we will do so only where legally obligated.

6. Cookies

Hero uses the following cookies:

  • Essential cookies — required for login sessions and security. Cannot be disabled.
  • Analytics cookies — Google Analytics, to understand how the site is used. You can opt out via your browser settings or a cookie consent banner.

7. Your Rights Under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at [CONTACT_EMAIL]. We will respond within 30 days.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), hashed passwords, and access controls. No system is completely secure, and we cannot guarantee absolute security.

9. Children

Hero is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform. The date at the top of this page shows when it was last updated.

11. How to Complain

If you are unhappy with how we handle your data, please contact us first at [CONTACT_EMAIL]. If you remain unsatisfied, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

← Back to HeroTerms of Service →