Privacy Policy

Last updated: May 6, 2026

Effective: May 6, 2026

This Privacy Policy explains what information Pedigree & Co. (“Pedigree & Co.,” “we,” “us,” or “our”) collects when you use our website and web application (the “Service”), how we use it, who we share it with, and the choices you have. It applies to breeders and their team members, to buyers who use the buyer portal, and to visitors of our marketing site.

1. Information We Collect

1.1 Account information

When you sign up we collect your name, email address, and a password (which we store as a secure hash). If you set up a kennel we also collect the kennel name, slug, and any branding details you choose to add.

1.2 Kennel data you put into the Service

Breeders use the Service to manage records about their dogs and breeding program. The kennel decides what to put in. This typically includes:

• Pedigrees, registration numbers, health and genetic-test results, photos.
• Litters, whelping notes, weight charts, and vet records.
• Buyer details (name, contact info, deposit history, contracts, messages).
• Stud bookings, waitlists, internal notes.

1.3 Buyer portal information

If you are a buyer using a kennel’s portal, we collect your name and email so you can sign in, view your puppy, sign contracts, and pay invoices. The kennel that invited you can see this information; other kennels cannot.

1.4 Payment information

Subscription payments and buyer payments are processed by Stripe. We do not store full card numbers, bank account numbers, or CVCs. We do receive and store metadata about transactions (amount, currency, status, last four digits, charge ID, payout ID) so we can show your accounting in the Service.

1.5 Communications

When you contact us by email, support form, or other channels, we keep a record of the conversation so we can help.

1.6 Automatically collected information

When you use the Service we automatically collect basic technical information: IP address, device and browser type, language, the pages and actions you take, timestamps, referring URL, and error logs. We use this for security, debugging, and to keep the Service running.

2. How We Use Information

We use information to:

• Provide, operate, and maintain the Service, including syncing your data, sending notifications, and showing you your records.
• Authenticate accounts and protect against unauthorized access.
• Process subscription billing and route buyer payments through Stripe.
• Communicate with you about the Service, including transactional emails (receipts, password resets, billing notices) and infrequent product updates.
• Improve the Service: diagnose problems, analyze usage at an aggregate level, and design new features.
• Prevent fraud, abuse, and violations of our Terms.
• Comply with legal obligations.

We do not sell personal information, and we do not share it with third parties for their own advertising.

3. How We Share Information

We share personal information only with the service providers that help us run Pedigree & Co., and only as needed for them to perform their role. We require each one to handle data securely and to use it only on our instructions.

We may also share information when required by law (for example, in response to a valid subpoena), to protect our rights or the rights of others, or in connection with a merger, acquisition, or sale of assets, in which case we will give reasonable notice before personal information becomes subject to a different policy.

4. Buyer Data and Cross-Tenant Isolation

Pedigree & Co. is multi-tenant: each kennel’s records are isolated from every other kennel’s. Database row-level security enforces, on every query, that members of a kennel can only see that kennel’s data, and that buyers can only see records that belong to them. Service-role access is restricted to a small set of trusted server-side jobs (such as Stripe webhook ingestion).

Two notes for buyers using a kennel’s portal:

• The kennel that invited you decides what information to add about you in their records, and is the controller of that information for data-protection purposes. We process it on their behalf.
• If you also create an account credential to sign in to the portal, we are the controller of those sign-in credentials. You can ask us to delete them at any time.

5. Cookies and Tracking

We use a small number of strictly necessary cookies. The most important one is the Supabase authentication cookie that keeps you signed in. We also store short-lived cookies for security (CSRF) and for remembering UI preferences such as theme density.

We do not use third-party advertising cookies, cross-site tracking, or behavioral-targeting pixels. We currently do not run a third-party analytics tool on the marketing site or in the application; if we add one, we will update this policy and, where required, ask for your consent before any non-essential tracking is loaded.

Most browsers allow you to clear or block cookies. If you block essential cookies, parts of the Service (especially sign-in) will not work.

6. Children’s Privacy

The Service is intended for adults running or buying from professional breeding programs. It is not directed to children under 18, and we do not knowingly collect personal information from children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal information, write to hello@pedigreeco.com and we will delete it.

7. International Transfers

Pedigree & Co. is operated from the United States. Our service providers (Supabase, Vercel, Stripe, Resend) host data in the United States and other regions. If you use the Service from outside the United States, your information will be transferred to and processed in the United States and other countries that may have different data-protection laws than your home country. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms made available by our providers.

8. Your Rights (GDPR, UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal information:

• Access — get a copy of the personal information we hold about you.
• Rectification — ask us to correct information that is inaccurate or incomplete.
• Erasure — ask us to delete personal information, subject to legal exceptions.
• Restriction — ask us to limit how we use your information while a request is being reviewed.
• Portability — receive your information in a structured, commonly used, machine-readable format, and ask that it be sent to another provider where technically feasible.
• Objection — object to processing based on our legitimate interests.
• Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting earlier processing.

Our lawful bases for processing are: performance of our contract with you (operating the Service and billing), our legitimate interests (security, fraud prevention, product improvement, business communications), and compliance with legal obligations. For buyer records held inside a kennel’s account, we act as a processor; data-subject requests should typically be sent to that kennel, and we will support them.

To exercise a right, write to privacy@pedigreeco.com. You also have the right to lodge a complaint with your local data protection authority.

9. Your Rights (California, CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it (described above), to request a copy or deletion of your personal information, to correct inaccurate information, and to be free from retaliation for exercising these rights.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. There is no “Do Not Sell or Share My Personal Information” signal we need to honor because we do not engage in those activities. To make a request, write to privacy@pedigreeco.com. You can authorize an agent to make a request on your behalf; we will ask the agent to provide proof of authority.

10. Data Retention

We keep your account and kennel data while your subscription is active. After cancellation or termination, we hold the data in cold storage for 30 days so the account can be restored, then we delete it from our active systems. Encrypted backups age out on their normal rotation. Records we are required to keep for legal, accounting, or fraud-prevention reasons (for example, payment records held by Stripe) may be retained longer in accordance with those obligations.

11. Security

We follow industry-standard practices to protect personal information. In particular:

• Data is encrypted in transit using TLS and at rest by our infrastructure providers.
• Database access is gated by row-level security, so a query can only return rows that belong to the requesting kennel or buyer.
• Service-role credentials are restricted to server-side jobs and are never exposed to the browser.
• Passwords are stored as salted hashes, not in plaintext.
• Access to production systems is limited to a small number of staff and is logged.

No service is perfectly secure. If we ever experience a breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If a change is material we will notify you by email or through the Service before it takes effect. The “Last updated” date at the top of this page will always reflect the current version. Continued use of the Service after the effective date is your acceptance of the updated policy.

13. Contact

For privacy questions, data-subject requests, or to reach our data protection contact, write to privacy@pedigreeco.com. For everything else, hello@pedigreeco.com is the right address.

← Back to home