Privacy Policy

PDPA Compliance Statement

The Animal Retreat Pte Ltd (UEN: 201906637R) is committed to protecting your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, website, and mobile applications.

By using our services, you consent to the collection and use of your personal data as described in this policy.

What Data We Collect

We collect the following categories of personal data:

Personal Information

• Full name, email address, phone number
• Home address and alternative addresses (for transport services)
• Emergency contact details
• Account credentials (encrypted)

Dog Information

• Dog name, breed, date of birth, gender, weight, microchip number
• Vaccination records and certificates
• AVS (Animal & Veterinary Service) license details
• Medical conditions, allergies, medications, and dietary requirements
• Behavioural notes, temperament assessment results
• Photos taken during daycare, boarding, or grooming sessions

Payment Information

• Payment method details (processed securely by Stripe and HitPay — we do not store card numbers)
• Invoice and transaction history

Location Data

• Addresses provided for transport pickup and drop-off services
• We do not track your device location

Why We Collect Your Data

We collect and use your personal data for the following purposes:

• To provide daycare, boarding, grooming, and transport services for your dog
• To ensure the health and safety of all dogs in our care
• To manage bookings, invoicing, and payment processing
• To communicate with you about your dog's visit (report cards, updates, reminders)
• To contact you or your emergency contact in case of a medical or safety incident
• To comply with AVS regulations and veterinary reporting requirements in Singapore
• To improve our services and customer experience

How Your Data is Stored

Your data is hosted on Supabase, a secure cloud database platform that provides:

• Encryption at rest (AES-256) for all stored data
• Encryption in transit (TLS 1.2+) for all data transmission
• Row-level security (RLS) to ensure users can only access their own data
• Hosting in the Singapore region for data residency compliance

We implement industry-standard security measures including secure authentication, role-based access controls, and regular security reviews to protect your data.

AI Usage Disclosure

We use artificial intelligence (Claude API by Anthropic) for the specific purpose of document extraction — automatically reading vaccination certificates and AVS license documents that you upload. Here is how it works:

• What is sent: Only the document image/PDF you upload is sent to the AI service for text extraction. No other personal data is included in the request.
• What is extracted: Vaccination dates, vaccine types, veterinary clinic details, license numbers, and microchip numbers.
• What is stored: The extracted information is stored in your account. Every AI extraction request is logged immutably in our document_extraction_log table for regulatory audit purposes.
• Data retention by AI provider: Anthropic does not retain data sent via their API for model training purposes. Refer to Anthropic's privacy policy for details.

Data Retention

Your personal data is retained for as long as your account remains active and you continue to use our services. Specifically:

• Account and dog data: retained while your account is active
• Booking and invoice records: retained for 7 years for accounting and regulatory compliance
• Document extraction audit logs: retained permanently for regulatory compliance
• Photos: retained for 12 months after the associated visit, then deleted

When you request account deletion, we will delete your personal data within 30 days, subject to regulatory retention requirements.

Right to Access

Under the PDPA, you have the right to request access to the personal data we hold about you. To make an access request, please email us at:

hello@tar-sg.com

We will respond to your request within 30 business days. A reasonable fee may be charged to cover administrative costs for providing access to your data.

Right to Deletion

You may request the deletion of your personal data by emailing us at hello@tar-sg.com. Please note:

• We will process deletion requests within 30 business days
• Some data may be retained where required by law (e.g., financial records, AVS compliance)
• Deletion of your account data is permanent and cannot be reversed
• Anonymised, aggregated data that cannot identify you may be retained for analytics

Third-Party Data Sharing

We do not sell your personal data to any third party. Your data is shared only with the following service providers, strictly for operational purposes:

• Stripe & HitPay — for secure payment processing (card payments and PayNow)
• Resend — for transactional emails (booking confirmations, report cards, reminders)
• Twilio — for SMS notifications (optional)
• Google Maps — for transport route planning (addresses are sent to calculate routes)
• Anthropic (Claude API) — for document extraction (vaccination certs, AVS licenses only)
• Supabase — for data hosting and authentication

Each of these providers is bound by their own privacy policies and data protection obligations. We do not share your data with any marketing or advertising platforms.

Cookies

Our website uses cookies strictly for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

• Authentication cookies: Used to keep you logged in and maintain your session. These are essential for the platform to function.
• No tracking: We do not use Google Analytics, Facebook Pixel, or any other tracking technologies.

Contact — Data Protection Officer

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact our Data Protection Officer:

Last updated: March 2026