izyPetDisclaimer: This document is a translation of the original French version of the Privacy Policy, provided for reference purposes only. In the event of any discrepancy between this translation and the French version, the French version shall prevail.
Privacy Policy
Last updated: March 24, 2026
Article 1 — Introduction
This Privacy Policy describes how SARL DAMONI (hereinafter "izyPet", "We"), publisher of the izyPet platform accessible at https://izypet.co, collects, uses, stores, and protects the personal data of Platform users.
This policy applies to all Platform Users, whether they are Professionals ("Pros") or End Customers ("Customers"), as defined in our Terms of Use.
izyPet is committed to respecting the privacy of its Users and protecting their personal data in accordance with:
- Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation — GDPR);
- Law No. 78-17 of 6 January 1978 on information technology, data files, and civil liberties (Loi Informatique et Libertés);
- And any other applicable data protection legislation.
Article 2 — Identity of the data controller
2.1 izyPet as data controller
For processing operations related to the operation of the Platform and management of User accounts, the data controller is:
SARL DAMONI 3 chemin de la Font — 87510 Saint-Jouvent — France RCS Limoges 982 444 580 Email: contact@izypet.co
2.2 The Professional as data controller
For the personal data of End Customers collected and processed via the Platform in the course of the Professional's activity (customer records, animals, bookings, contracts, invoices), the Professional is the data controller.
In this context, izyPet acts as a data processor within the meaning of Article 28 of the GDPR. The respective obligations are set out in the Data Processing Agreement (DPA) entered into between izyPet and the Professional.
2.3 GDPR Contact
For any questions regarding the protection of your personal data, you may contact:
Email: contact@izypet.co
Article 3 — Data collected and purposes of processing
3.1 Processing for which izyPet is the data controller
A. Management of Professional accounts
| Data collected | Purpose | Legal basis |
|---|---|---|
| Email, password | Account creation, authentication | Performance of a contract (Art. 6(1)(b) GDPR) |
| First name, last name | User identification | Performance of a contract |
| Phone number | Inclusion on contracts, invoices, and quotes | Performance of a contract |
| Address (street, postal code, city, country) | Inclusion on contracts, invoices, and quotes | Performance of a contract |
| Time zone | Adapted display of dates and times | Performance of a contract |
| Company name, SIRET, VAT number, RCS, share capital, entity type | Company identification, billing, legal notices on documents | Performance of a contract / Legal obligation (Art. 6(1)(c)) |
| IBAN / bank details | Inclusion on invoices and contracts | Performance of a contract |
| Company logo | Document customization | Performance of a contract |
| Stripe customer ID, subscription ID | Subscription and payment management | Performance of a contract |
| Electronic signature (handwritten drawing on screen, stored as an image) | Contract signing | Performance of a contract |
B. Management of Customer accounts
| Data collected | Purpose | Legal basis |
|---|---|---|
| Email, password | Account creation, authentication | Performance of a contract (Art. 6(1)(b) GDPR) |
| First name, last name | Identification | Performance of a contract |
| Phone number | Contact by the Professional | Performance of a contract |
| Address (street, postal code, city, country) | Inclusion on contracts and invoices | Performance of a contract |
| Time zone | Adapted display | Performance of a contract |
| Emergency contact (first name, last name, phone, address) | Safety of animals during services | Legitimate interest (Art. 6(1)(f)) |
| Electronic signature (handwritten drawing on screen, stored as an image) | Contract signing | Performance of a contract |
C. Animal data
| Data collected | Purpose | Legal basis |
|---|---|---|
| Name, breed, identification number | Animal identification | Performance of a contract |
| Date of birth, sex, color | Descriptive record | Performance of a contract |
| Type (dog, cat, exotic pet) | Service adaptation | Performance of a contract |
| Sterilization status | Veterinary information for boarding | Legitimate interest |
| Deceased status | Record update | Performance of a contract |
| Veterinary information (name, address, phone, email of the veterinarian) | Emergency veterinary contact | Legitimate interest |
D. Transactional emails and notifications
| Data used | Purpose | Legal basis |
|---|---|---|
| Recipient email | Sending notifications (confirmations, reminders, contracts, invoices) | Performance of a contract |
| Animal name, booking dates | Notification content | Performance of a contract |
| Notification preferences | Frequency customization | Consent / Legitimate interest |
E. Messages and notes
| Data collected | Purpose | Legal basis |
|---|---|---|
| Booking messages (reasons for refusal, cancellation) | Communication between Professional and Customer | Performance of a contract (Art. 6(1)(b) GDPR) |
| Animal notes (written by the Professional) | Behavioral tracking by the facility | Performance of a contract |
F. AI Voice Assistant (Professionals only)
| Data collected | Purpose | Legal basis |
|---|---|---|
| Voice audio (microphone input) | Voice interaction with the assistant | Performance of a contract (Art. 6(1)(b) GDPR) |
| Generated audio (AI output) | Voice response from the assistant | Performance of a contract |
| Text transcription of conversations | History and diagnostics | Legitimate interest (Art. 6(1)(f) GDPR) |
| Tool calls (searches, creations) | Command execution | Performance of a contract |
| Pro's first name, hotel location, service/pricing catalog | Assistant contextualization | Performance of a contract |
AI data retention period: ninety (90) days, followed by automatic deletion of conversations and associated audio files.
G. Automatically collected browsing data
When you use the Platform, the following data is collected automatically:
Data collected for error tracking and security (always active):
| Data collected | Purpose | Legal basis |
|---|---|---|
| IP address | Security, diagnostics, approximate geolocation | Legitimate interest (Art. 6(1)(f)) |
| Browser type and version, operating system | Technical compatibility, diagnostics | Legitimate interest |
| Screen resolution, device type | Technical compatibility | Legitimate interest |
Data collected via session recordings (session replays — only with your consent):
| Data collected | Purpose | Legal basis |
|---|---|---|
| Pages visited, navigation transitions | Interface issue diagnostics | Consent (Art. 6(1)(a) GDPR) |
| Viewing duration | Service improvement | Consent |
| Referrer (source URL) | Technical analysis | Consent |
| Navigation interactions, page content | Visual reproduction of the session for diagnostics | Consent |
H. Security and technical diagnostics
| Data collected | Purpose | Legal basis |
|---|---|---|
| Login logs (date, time, user ID) | Security, fraud detection, diagnostics | Legitimate interest (Art. 6(1)(f)) |
| Login attempt logs (IP address, date, time) | Brute-force attack protection, rate limiting | Legitimate interest (Art. 6(1)(f)) |
| Session logs (date, time, activity) | Activity monitoring | Legitimate interest |
| Booking logs (action history, identity of participants) | Operations traceability, diagnostics | Legitimate interest |
| Billing logs (action history, identity of participants) | Operations traceability, diagnostics | Legitimate interest |
| Terms acceptance logs (date, time, user ID, document version) | Proof of acceptance of legal terms | Legal obligation (Art. 6(1)(c)) |
| Errors and technical traces | Diagnostics and bug fixing | Legitimate interest |
| User ID, email (Sentry) | Correlation of errors with user accounts | Legitimate interest |
| Session replays (Sentry) | Interface issue diagnostics, service improvement | Consent (Art. 6(1)(a) GDPR) |
I. Customer support
| Data collected | Purpose | Legal basis |
|---|---|---|
| Email, name, phone, company name | Identification in the support chat (Crisp) | Consent (Art. 6(1)(a) GDPR) — the support chat is only activated after acceptance of functional cookies |
| Chat messages | Processing of support requests | Consent |
J. Marketing communications (where applicable)
| Data collected | Purpose | Legal basis |
|---|---|---|
| Sending newsletters and promotional offers related to izyPet services | Consent (Art. 6(1)(a) GDPR) for prospecting; Legitimate interest for communications relating to similar services to existing customers (Art. L.34-5 of the French Postal and Electronic Communications Code — CPCE) |
You may unsubscribe from marketing communications at any time via the unsubscribe link included in each email or by contacting contact@izypet.co.
3.2 Processing on behalf of the Professional (izyPet as data processor)
For the following processing operations, izyPet acts as a data processor on behalf of the Professional (data controller):
| Processing | Data involved |
|---|---|
| Storage of the Professional's customer records | Identity, contact details, emergency contact |
| Storage of animal records | Descriptive and veterinary information |
| Booking management | Dates, animals, status |
| Generation and storage of contracts | Customer data, animal, prices, signatures |
| Generation and storage of invoices | Customer data, amounts, payment status |
| Generation and storage of quotes | Customer data, animal, prices |
| Sending emails on behalf of the Pro | Confirmations, reminders, contracts, invoices |
| Animal notes | Free-text notes from the Pro about each animal |
Processing instructions and respective obligations are detailed in the DPA.
Article 4 — Cookies and similar technologies
4.1 What is a cookie?
A cookie is a small text file placed on your device (computer, tablet, smartphone) when you visit a website or use an application. It enables the site to remember information about your visit, such as your preferences or login status, in order to facilitate your subsequent browsing.
4.2 Strictly necessary cookies
These cookies are essential for the operation of the Platform. They do not require your prior consent in accordance with Article 82 of the Loi Informatique et Libertés and the guidelines of the CNIL (Commission Nationale de l'Informatique et des Libertés — the French Data Protection Authority).
| Cookie | Purpose | Retention period | Issuer |
|---|---|---|---|
ip_s | Authentication session cookie. Keeps you logged in to your izyPet account. | 1 year | izyPet (first-party) |
ip_cc | Consent cookie. Records your cookie preferences (acceptance or refusal of third-party cookies). | 395 days | izyPet (first-party) |
NEXT_LOCALE | Stores your language preference (fr, en, es, ja). | 1 year | izyPet (first-party) |
Technical characteristics:
ip_s:httpOnly: yes,secure: yes in production,SameSite: not set (browser default),path:/ip_cc:httpOnly: no,secure: yes in production,SameSite: Lax,path:/NEXT_LOCALE:httpOnly: no,secure: no,SameSite: Lax,path:/
4.3 Functionality and support cookies
| Cookie / Technology | Purpose | Retention period | Issuer |
|---|---|---|---|
| Crisp cookies | Live chat customer support. Displays the chat widget and maintains the conversation. | Variable (see Crisp's privacy policy) | Crisp IM SAS (third-party) |
The loading of the Crisp widget is subject to your consent, collected via the cookie management banner displayed on your first visit.
Crisp details:
- The Crisp widget is loaded only after acceptance of functional cookies.
- The data transmitted to Crisp (email, name, phone, company name) is detailed in Article 3.1.I above.
- Crisp privacy policy: https://crisp.chat/fr/privacy/
4.4 Analytics and monitoring cookies
| Cookie / Technology | Purpose | Retention period | Issuer |
|---|---|---|---|
| Sentry | Technical error tracking, performance monitoring, and session recording for diagnostics. | According to Sentry configuration (see below) | Functional Software, Inc. (Sentry) |
Sentry includes two distinct features:
- Error and performance tracking: always active in the production environment, on the basis of legitimate interest (ensuring the stability and security of the Platform). This tracking does not require your consent.
- Session recording (session replays): visual reproduction of your browsing for diagnostic purposes. This feature is subject to your consent, collected via the cookie management banner displayed on your first visit.
Sentry details:
- Data is sent to a server located in the European Union (
de.sentry.io— Germany). - Data collected (error tracking): user ID, email, username, error logs, performance traces (see also Article 3.1.H above).
- Data collected (session replays, with consent): navigation interactions, visited page content, console logs (see also Article 3.1.G above).
- Sentry privacy policy: https://sentry.io/privacy/
4.5 Integrated third-party services
When you use certain features of the Platform, third-party services may place cookies or collect information through their own technologies:
| Service | Feature | Technology used | Data potentially collected |
|---|---|---|---|
| Adobe Document Cloud | PDF document viewing (contracts, invoices) | Cookies | Browsing data, interactions with the document |
| Stripe | Online payment for subscriptions | Cookies | Data necessary for payment security (see Stripe's privacy policy) |
| Google Gemini | AI voice assistant (for Professionals) | WebSocket | Audio and text data (see Article 3.1.F above) |
These third-party services are subject to their own privacy policies. Only services that use cookies are covered by the cookie management banner. The AI assistant (Google Gemini) uses a direct WebSocket connection and does not place cookies; its use is governed by the Terms of Use (Article 10.3).
4.6 Managing your preferences
4.6.1 Via the cookie management banner
On your first visit to the Platform, a banner allows you to accept or refuse cookies that are not strictly necessary. You can change your preferences at any time via the "Manage cookies" link accessible in the Platform footer.
4.6.2 Via your browser
You can also configure your browser to accept, refuse, or delete cookies.
4.6.3 Consequences of refusing cookies
Refusing the session cookie (ip_s) will prevent any login to your izyPet account, as the Platform will be unable to maintain your authentication.
Refusing third-party cookies may limit certain features:
- Without Crisp: live chat support will not be available.
- Without Sentry (analytics cookies): session recordings will not be activated. Error tracking remains active (legitimate interest).
4.7 Similar technologies
4.7.1 Local storage
The Platform does not use the browser's local storage mechanisms (localStorage, sessionStorage) to store personal data.
4.7.2 Service Worker
The Platform uses a Service Worker as part of its Progressive Web App (PWA) nature. This Service Worker is used exclusively for caching application resources to enable offline use and improve performance. It does not collect or transmit any personal data.
Article 5 — Data recipients
5.1 Internal access
Access to personal data is strictly limited to authorized izyPet personnel, to the extent necessary for the performance of their duties (development, support, maintenance).
5.2 Technical sub-processors
izyPet uses the following sub-processors for the operation of the Platform:
| Sub-processor | Role | Data location | Transfer safeguards |
|---|---|---|---|
| Fly.io, Inc. | Application hosting | Paris, France (EU) | EU-based servers |
| Neon Inc. | PostgreSQL database | Frankfurt, Germany (EU) | EU-based servers |
| Amazon Web Services (AWS) | File storage (S3), email queues (SQS), serverless functions (Lambda) | Paris, France (eu-west-3, EU) | EU-based servers |
| Stripe Payments Europe, Ltd | Subscription payment and billing | Dublin, Ireland (EU) | European entity |
| Resend, Inc. | Transactional email delivery | United States | Standard Contractual Clauses (SCCs) |
| Functional Software, Inc. (Sentry) | Monitoring, error tracking, session replays | Frankfurt, Germany (EU) — de.sentry.io | EU-based servers (consent required for session replays) |
| Crisp IM SAS | Customer support chat | France (EU) | European entity |
| Google LLC (Gemini) | AI voice assistant | United States | Standard Contractual Clauses (SCCs) / Data Privacy Framework |
| Adobe Inc. | PDF document viewing | United States | Standard Contractual Clauses (SCCs) |
| Cloudflare, Inc. | File backup (R2), disaster recovery | European Union (EU) | EU-based servers |
5.3 Sharing with Professionals
Customer data is accessible to the Professional with whom they interact, within the following limits:
- A Professional may only access the data of their own Customers (isolation by facility);
- Accessible data includes: identity, contact details, emergency contact, animal records, booking history, contracts, and invoices.
5.4 Other recipients
izyPet does not sell, rent, or transfer Users' personal data to third parties for commercial purposes.
Personal data may be disclosed:
- To competent authorities where required by law (judicial request, administrative investigation);
- To a potential acquirer in the event of a sale, merger, or acquisition of izyPet, subject to prior notification of Users.
Article 6 — Data transfers outside the European Union
Some of our sub-processors are located outside the European Union, primarily in the United States. For these transfers, izyPet implements the following safeguards in accordance with Chapter V of the GDPR:
| Sub-processor | Country | Transfer mechanism |
|---|---|---|
| Resend, Inc. | United States | European Commission Standard Contractual Clauses (SCCs) |
| Google LLC | United States | EU-US Data Privacy Framework (DPF) adequacy decision and/or SCCs |
| Adobe Inc. | United States | Standard Contractual Clauses (SCCs) |
Regarding Fly.io, Neon, AWS, Sentry, and Cloudflare: although these entities are American companies, data is stored and processed in data centers located within the European Union (Paris or Frankfurt), thereby limiting transfers outside the EU.
You may obtain a copy of the appropriate safeguards by contacting us at contact@izypet.co.
Article 7 — Retention periods
Personal data is retained for the following periods:
7.1 Account and profile data
| Data | Retention period |
|---|---|
| Active account (Professional or Customer) | Duration of the contractual relationship |
| Inactive account | Duration of the contractual relationship. In the event of prolonged inactivity, izyPet may delete the Account after prior notification by email |
| Hashed password | Deleted upon account deletion |
7.2 Contractual and accounting data
| Data | Retention period |
|---|---|
| Contracts (PDF and associated data) | Ten (10) years from the date of signature (legal obligation — Art. L.110-4 of the French Commercial Code) |
| Invoices (PDF and associated data) | Ten (10) years from the date of issuance (legal obligation — Art. L.123-22 of the French Commercial Code) |
| Payment data (Stripe references) | Six (6) years from the date of the transaction (tax obligations — Art. L.102 B of the French Tax Procedures Code) |
7.3 Technical and security data
| Data | Retention period |
|---|---|
Login logs (signin_logs) | Six (6) months |
Login attempt logs (login_attempts) | One (1) month |
Session logs (user_sessions_logs) | Six (6) months |
Booking logs (booking_logs) | One (1) year |
Billing logs (invoice_logs) | One (1) year |
Terms acceptance logs (legal_terms_acceptance) | Five (5) years |
| Active sessions | Duration of session validity (1 year) or until logout |
| Password reset tokens | Ten (10) days, then automatic deletion |
7.4 AI assistant data
| Data | Retention period |
|---|---|
| Text conversations (messages and tool calls) | Ninety (90) days |
| Audio files (input and output) | Ninety (90) days |
7.5 Support data
| Data | Retention period |
|---|---|
| Crisp conversations | According to the retention policy of Crisp IM SAS |
7.6 Monitoring data
| Data | Retention period |
|---|---|
| Sentry errors and traces | According to Sentry configuration (default 90 days) |
| Sentry session replays | According to Sentry configuration (default 90 days) |
Article 8 — Rights of data subjects
In accordance with the GDPR and the Loi Informatique et Libertés, you have the following rights:
8.1 Right of access (Art. 15 GDPR)
You have the right to obtain confirmation that data concerning you is being processed and to obtain a copy of that data.
8.2 Right to rectification (Art. 16 GDPR)
You may request the rectification of inaccurate or incomplete data. You can directly modify certain information from your Account (profile, animals, emergency contact).
8.3 Right to erasure (Art. 17 GDPR)
You may request the deletion of your personal data, subject to legal retention obligations (accounting, tax) and the rights of third parties.
For both Professionals and Customers: account deletion is available in your account settings. It results in the deactivation of access to the Account and the removal of the facility from search results (for Professionals). Data required to comply with accounting and tax obligations, as well as data appearing on issued contracts and invoices, is retained for the legally required period.
8.4 Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. This right applies to data provided by you and processed on the basis of your consent or the performance of a contract. To exercise this right, contact us at contact@izypet.co and we will provide your data as soon as possible.
8.5 Right to object (Art. 21 GDPR)
You may object to the processing of your data based on legitimate interest, on grounds relating to your particular situation. We will cease processing unless there are compelling legitimate grounds.
You may object to certain email notifications:
- Boarding companion (buddy) notifications: unsubscribe via the link in the email or in your Account settings;
- Booking request notifications (Professionals): frequency settings available in your Account settings.
8.6 Right to restriction of processing (Art. 18 GDPR)
You may request the restriction of the processing of your data in the cases provided for by Article 18 of the GDPR (challenge to accuracy, unlawful processing, etc.).
8.7 Right to withdraw consent
Where processing is based on your consent (particularly for analytics cookies and session replays), you may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.
8.8 Post-mortem directives
In accordance with the Loi Informatique et Libertés, you may define directives regarding the retention, deletion, and disclosure of your data after your death.
8.9 Exercising your rights
To exercise your rights, contact us:
- Email: contact@izypet.co
- Mail: SARL DAMONI — 3 chemin de la Font — 87510 Saint-Jouvent — France
We will respond to your request within one (1) month of receipt. This period may be extended by two months in the case of complex requests or a high number of requests, in which case you will be informed of the extension.
Proof of identity may be requested to verify your identity.
8.10 Complaint to the CNIL
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) (the French Data Protection Authority):
- Website: https://www.cnil.fr
- Address: 3 Place de Fontenoy, TSA 80715 — 75334 PARIS CEDEX 07
Article 9 — Data security
izyPet implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including:
9.1 Technical measures
- Encryption in transit: all communications between your browser and our servers are encrypted via HTTPS/TLS;
- Password hashing: passwords are hashed using the scrypt algorithm (128-bit random salt, 512-bit key) and are never stored in plain text;
- Secure cookies: the session cookie is marked
httpOnlyandsecurein production (see Article 4.2 for cookie details); - Pre-signed URLs: documents (contracts, invoices) are accessible via temporary URLs that expire after 15 minutes;
- Ephemeral tokens: the AI assistant uses single-use tokens that expire after 30 minutes;
- Server Action encryption: server actions are protected by AES-GCM encryption;
- Brute-force protection: automatic rate limiting of login attempts by IP address (IP addresses are retained for a maximum of one month, then automatically deleted).
9.2 Organizational measures
- Role-based access control: strict data isolation between Professionals (each Pro can only access the data of their own facility);
- Environment separation: development and production environments are separate;
- Monitoring: continuous error and performance monitoring via Sentry;
- Logging: access and sensitive actions (logins, booking modifications, invoices) are logged.
9.3 Breach notification
In the event of a personal data breach, izyPet will notify the CNIL within 72 hours in accordance with Article 33 of the GDPR, and will inform the affected individuals if the breach is likely to result in a high risk to their rights and freedoms (Article 34 of the GDPR).
Article 10 — Processing of minors' data
The Platform is not intended for minors (under 18 years of age). izyPet does not knowingly collect personal data from minors. If we become aware that data from a minor has been collected without the consent of a person with parental authority, we will delete it as soon as possible.
Article 11 — Specific provisions for Users outside the European Union
11.1 Users residing in California (CCPA)
If you reside in California, you benefit from the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know what personal data is collected, used, and shared;
- Right to deletion of your personal data;
- Right to opt out of the sale of your data. izyPet does not sell your personal data;
- Right to non-discrimination: you will not be penalized for exercising your rights.
To exercise these rights: contact@izypet.co.
11.2 Users residing in Japan (APPI)
If you reside in Japan, izyPet complies with the provisions of the Act on the Protection of Personal Information (APPI). Transfers of your data to third countries are governed by safeguards compliant with the APPI. Japan benefits from an adequacy decision by the European Commission.
11.3 Users in other jurisdictions
For Users residing in other countries with specific data protection regulations, izyPet is committed to respecting the fundamental principles of data protection (minimization, purpose limitation, security, individual rights). For any specific questions, contact contact@izypet.co.
Article 12 — Changes to this policy
This Privacy Policy may be amended at any time to reflect changes to the Platform, applicable regulations, or our practices.
In the event of a substantial change, Users will be informed by email or by notification on the Platform. The date of the last update is indicated at the top of this document.
Changes do not apply retroactively. Data processing carried out prior to a change remains subject to the version of the Policy in effect at the time it was performed.
Article 13 — Contact
For any questions regarding the protection of your personal data:
Email: contact@izypet.co Mail: SARL DAMONI — 3 chemin de la Font — 87510 Saint-Jouvent — France