privacy policy

Last updated: May 15, 2026

caresheet.app is operated from Portugal and processes personal data under the EU General Data Protection Regulation (GDPR) and the Portuguese Lei n.º 58/2019. This page explains what we collect, why, where it goes, and how long we keep it.

who we are

caresheet.app is operated by an independent sole trader based in Portugal. For any data-protection question, write to privacy@caresheet.app.

the data we hold

Account data. Your email address and, optionally, a display name, collected when you sign in. Lawful basis: Article 6(1)(b) GDPR, contract.

Pet caresheet data. Anything you enter into a caresheet: species, husbandry parameters, feeding and medication schedules, vet and emergency contacts, photos, notes. You decide what goes in. Lawful basis: Article 6(1)(b), contract.

Payment data. If you upgrade, Stripe processes the payment. We never see your card number. We store your Stripe customer ID and subscription status to manage your account. Lawful basis: Article 6(1)(b), contract. Billing records are retained for 10 years under Portuguese tax law.

Caresheet view analytics. When someone opens a shared caresheet, we record a salted, one-way hash of their IP and a timestamp so you can see view counts. The hash cannot be reversed to identify a visitor. Lawful basis: Article 6(1)(f), legitimate interest in providing share analytics.

Security and rate-limiting. Public routes are rate-limited by IP via Upstash. IP addresses live in short-window keys for 1 to 15 minutes and are then dropped. Lawful basis: Article 6(1)(f), legitimate interest in protecting the service.

Aggregate web analytics. We use Vercel Web Analytics, which is cookieless and aggregates page views server-side. No tracking pixel runs in your browser; no user-level profile is built. Lawful basis: Article 6(1)(f), legitimate interest.

Error telemetry. Sentry receives error reports when something breaks. We have disabled default PII, scrubbed IPs, and added a server-side filter that strips emails, user identifiers, cookies, and request headers before events leave the device. Lawful basis: Article 6(1)(f), legitimate interest in fixing bugs.

cookies and similar storage

The site sets only strictly-necessary cookies and storage. We do not use Google Analytics, Mixpanel, advertising cookies, or session-replay tools. There is no consent banner because there is nothing to consent to beyond the items below.

  • sb-*, Supabase authentication cookies. Set when you log in. Required to keep you signed in.
  • pet-auth-* and group-auth-*, short-lived session cookies set after you enter the correct password on a protected caresheet.
  • Service worker cache, pet caresheets and photos cached on your own device for offline access. Pages expire in 24 hours, photos in 30 days. You can clear them at any time in your browser.
  • caresheet-locale, a small localStorage entry remembering your language preference.

sub-processors

Personal data may be processed by the following providers, each under a data-processing agreement:

  • Supabase (Singapore-incorporated, EU-region database), authentication, database, photo storage.
  • Vercel Inc. (United States, certified under the EU-US Data Privacy Framework), hosting, serverless functions, aggregate web analytics.
  • Stripe Payments Europe Ltd. (Ireland, with US affiliate), payment processing.
  • Functional Software, Inc., dba Sentry (United States, DPF certified), sanitised error telemetry.
  • Upstash, Inc. (United States, DPF certified), Redis-backed rate-limit keys.

Transfers of personal data to United States processors rely on the EU-US Data Privacy Framework, with Standard Contractual Clauses as a fallback safeguard.

what we do with the data

  • Run the service: store your caresheet, deliver it to people you share it with, accept payments, secure the platform.
  • Send transactional emails: magic-link sign-in, collaborator invites.
  • Show you basic view statistics for your caresheets.
  • Diagnose errors when something breaks.

We do not sell, rent, or trade personal data. We do not run advertising or build marketing profiles.

how long we keep it

  • Account and pet data: until you delete your account, plus up to 30 days in encrypted database backups.
  • Caresheet view analytics: 90 days, then aggregated.
  • Rate-limit IP hashes: 1 to 15 minutes.
  • Sentry error events: 90 days (Sentry's default retention).
  • Stripe invoices and billing records: 10 years, as required by Portuguese tax law.

your rights

Under GDPR you have the right to:

  • access the personal data we hold about you,
  • correct anything inaccurate,
  • delete your account and the data tied to it,
  • export your data in a portable format,
  • object to processing based on legitimate interest,
  • restrict processing while a dispute is being resolved.

Write to privacy@caresheet.app to exercise any of these. We aim to respond within 30 days.

You also have the right to lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD).

security

We use SSL for database connections, row-level security in Supabase, scoped storage paths per user, rate-limited public endpoints, hashed share-link passwords, and signed Stripe webhooks. Nothing is unhackable, but the security posture is documented in the project repository.

changes to this policy

If we update this page we will bump the “Last updated” date at the top. Material changes will be flagged in the dashboard.

contact

Questions about this policy: privacy@caresheet.app.