Privacy Policy
Effective date: April 15, 2026
This privacy policy applies to Stantinel Pets, Stantinel Care, and Stantinel Sitter (the "Application") for iOS and Android, and the QR tag landing pages accessed via stnt.be (which redirects to qr.stantinel.com, the "Tag Pages"). The Application is operated by Stantinel ("we", "us", "our") as a freemium service.
Stantinel is a safety check-in and pet recovery platform. You create check-in schedules, and if you miss one, your designated emergency contacts are automatically notified. You can also create two types of QR tags:
- Pet Tags — attached to your pet's collar. If your pet is found, anyone can scan the tag to see pet details and contact you or your emergency contacts.
- Personal Emergency Tags — carried on your person (keyring, bag, etc.). If you are incapacitated or unresponsive, anyone who finds you can scan the tag to see your emergency contacts and call for help on your behalf. Your emergency contacts are notified immediately and can acknowledge the scan.
Different people interact with Stantinel in different ways, so this policy is organized by role. You can jump to the section that applies to you:
1. All Registered Users
When you create a Stantinel account — whether as a pet owner or by accepting an emergency contact invitation — we collect:
Account & Profile
- Email address, display name, and profile photo
- Phone number (optional, for SMS/voice notifications)
- Sign-in method (email/password, Google, or Apple)
- Account timestamps (creation date, last login)
Why: To authenticate you, identify you in alerts and notifications, and match you with emergency contacts who invite you.
Preferences
- Theme, language, notification sound, and notification toggle
Why: To personalize your app experience.
Device Identifiers
- Push notification token and device type (iOS/Android)
- We store up to 3 tokens per account. When a 4th device is registered, the oldest token is automatically removed.
Why: To deliver check-in reminders and emergency alerts to the correct devices. Tokens are removed when you log out.
2. Pet Owners
In addition to the data described above, pet owners provide the following information to power safety check-ins, pet recovery, and emergency response.
Safety Groups
- Group name and member list (with assigned roles, trust tiers, and permissions)
- Subscription tier
Why: To organize your emergency contacts into monitoring groups and control who sees what level of emergency information.
Check-In Schedules & History
- Schedule configuration (frequency, time, timezone, days of week)
- Completion records (completed, missed, or snoozed; scheduled and actual times)
- Location at check-in time (latitude, longitude) — only if you grant location permission
- Device info (platform, OS version)
Why: This is the core safety feature. We detect missed check-ins, trigger escalation to your emergency contacts, and provide last-known location context during emergencies. Location is never collected continuously — only at the moment you check in, and only if you grant permission.
Emergency Information
You may optionally provide emergency information that becomes visible to your contacts during an alert, gated by their trust tier:
- Home address and access instructions (visible to trust tier members)
- Access codes for doors, gates, parking, and security (visible to Family tier only)
- Medical information: conditions, medications, allergies, doctor contact (visible to trust tier members)
- Key contacts and general notes (visible to trust tier members)
Why: To provide your emergency contacts with the information they need to help during an emergency — how to reach your home, your medical conditions, who else to call.
Pets
- Name, species, breed, color, sex, age, and photo
- Feeding instructions, medications, and allergies
- Microchip number, license number, and registry ID
- Veterinarian contact information
- Rabies vaccination details
Why: To identify and help reunite lost pets. Pet details are displayed on QR tag landing pages so that finders can assist. Emergency contacts also see pet care information during alerts.
QR Tags & Tokens
- Tag type (Pet Tag or Personal Emergency Tag) and linked pet
- A 16-character secret token that forms the tag's unique URL. This token is stored encoded in the QR code and printed only on the physical tag we produce. Treat the token and the QR code image like a password — anyone who has the token can trigger scan notifications to you and your emergency contacts. See the QR Tag Token Security section for details.
- Tag settings: Lost Mode status, scan notification preferences, and rate limits
- Scan count and last scanned timestamp
Why: Physical QR tags enable pet recovery and emergency identification. The 16-character token prevents anyone who does not physically have the tag from accessing the landing page or triggering notifications.
Alerts & Escalation
- Alert records: severity, status, timestamps, and resolution details
- Escalation rules you configure (steps, delays, notification channels, target contacts)
- Notification delivery log (which contacts were notified, when, and whether delivery succeeded)
Why: To coordinate emergency response and escalate to additional contacts if earlier notifications go unacknowledged.
Shop Orders (Physical Merchandise)
If you purchase a physical item through the in-app shop (for example, a customized pet Pet Tag or Personal Emergency Tag), we collect and process the following additional information to fulfill your order:
- Shipping address — full name, street address, city, province/state, postal/ZIP code, country, and an optional phone number for delivery.
- Customization details — pet name, the QR code short token for the tag, the tag ID, the TAG-SAFE number, and the design you selected. The pet name is snapshotted from your existing pet profile at the moment you approve the customization, so that your order is fulfilled with exactly what you approved even if you later rename the pet.
- Purchase history — order ID, amount, currency, product selection, status history, and acknowledgment of our Returns Policy (including a snapshot of the exact policy text you accepted at checkout).
- Payment metadata — a Stripe PaymentIntent ID and the last four digits of your card (if applicable). We never see or store your full card number, CVC, or banking credentials. All payment data is handled directly by Stripe.
Who sees your shop order data:
- Your shipping address and customization details are shared with our fulfillment partners strictly to manufacture and ship your item. See the list of fulfillment partners below for the current roster and what each partner receives.
- Your payment is processed by Stripe, Inc., which receives the charge amount, currency, and your card or digital wallet information directly from your device. See Stripe's privacy policy for details.
- If a tracking number is available for your shipment, we may send it to a shipment tracking service to provide you with delivery updates. The tracking service receives only the tracking number and carrier name, not your name or address.
Why: To manufacture your personalized item, ship it to you, process your payment, provide delivery updates, and keep accurate business records for tax and warranty purposes. See the Data Retention section for how long we keep order records.
What You See About Finders
When someone scans one of your QR tags, you receive:
- Scan time and running scan count
- Finder's approximate location (city, region, country) — derived from their IP address
- Finder's precise GPS coordinates — only if the finder grants browser location permission
- Finder's name, phone, email, and message — only if the finder voluntarily submits the contact form
- Finder's browser and device type (anonymized after 90 days)
Emergency contacts are people designated by a pet owner to receive alerts when check-ins are missed.
What We Collect
- Your name, email, phone number, and photo — either from your own account (if you register) or as entered by the pet owner who added you
- Your assigned role, trust tier (Family, Friend, or Service Provider), and permissions
- Invitation and acceptance status
If you register your own Stantinel account, the data described in Section 1 also applies to you.
Why: So the pet owner can designate who should be notified during emergencies, at what trust level, and through which channels.
When you are notified: When a pet owner adds you as an emergency contact, you receive an email and/or push notification immediately informing you that your information has been entered and inviting you to accept or decline the invitation.
What You See During Alerts
When a pet owner misses a check-in and an alert is triggered, you receive:
- The pet owner's name, which check-in was missed, and when
- Last known location and activity data (if captured at check-in time)
- Emergency information (address, medical details, pets) — gated by your trust tier. Family tier sees everything; Friend and Service Provider tiers see progressively less. Home access codes are visible to Family tier only.
What You See When a Keychain Is Scanned
If someone scans the pet owner's Personal Emergency Tag, you are notified immediately with:
- The scan location (city, region, country)
- The time the Personal Emergency Tag was scanned
You can acknowledge the scan on the Personal Emergency Tag landing page. When you do, your name and acknowledgment time become visible to the finder and to other emergency contacts, so everyone involved knows who is responding.
4. Finders (QR Tag Scanners)
If you scan a Stantinel QR tag, you interact through a web page — no account or app download is required. Here is what happens with your data:
What We Collect Automatically
- IP address — used to determine your approximate location (city, region, country). Your IP address is automatically deleted after 90 days.
- Browser and device information (user agent) — automatically deleted after 90 days.
- Approximate location (city-level) — derived from your IP address. Retained at city-level only.
What You May Choose to Share
- Precise GPS location — only if you grant browser location permission when prompted. Precise coordinates are reduced to city-level after 90 days.
- Contact form (name, phone, email, message) — entirely voluntary. You are never required to fill this out. This information is shared with the tag owner to facilitate pet recovery or emergency response.
What You See
Pet Tag (normal mode): You see the pet's name, breed, age, photo, and the owner's display name. You do not see the owner's email, phone, or emergency contacts.
Pet Tag (Lost Mode): You see full pet details, the owner's name, phone, and email, plus emergency contact names and phone numbers so you can call for help immediately.
Personal Emergency Tag: You see the owner's name, emergency contact names and phone numbers, and pets-at-home information (names, feeding instructions, medications). You do not see the owner's email or phone directly.
5. Data Protection
Encryption
- In transit: All communication between the app and our servers uses HTTPS/TLS encryption.
- At rest: All data stored in our database is encrypted using AES-256 encryption managed by Google Cloud.
- Photos: Profile and pet photos are encrypted at rest in Google Cloud Storage.
- On your device: Locally cached data is protected by your device's operating system encryption.
Access Controls
- All API requests require an authenticated session.
- Database security rules enforce that you can only access data you are authorized to see.
- Emergency information visibility is gated by trust tier — Family sees everything; Friend and Service Provider see progressively less.
QR Tag Token Security
Each QR tag (Pet Tag or Personal Emergency Tag) contains a 16-character secret token encoded in the QR code itself. This token forms the unique URL of the tag's landing page. Because the token is the only thing that identifies a specific tag to our servers, you should treat it like a password.
Why token secrecy matters: Anyone who has the token — whether by physically holding the tag, scanning it, or seeing a photo of the QR code — can open the landing page and trigger scan notifications to you and your emergency contacts. For Pet Tags in Lost Mode and Personal Emergency Tags, a scan also reveals your contact information and your emergency contacts. A publicly shared QR image effectively removes the privacy of the tag.
What you should do:
- Keep the physical tag attached to the intended object (pet collar, keyring) and treat it as a private item.
- Do not post a photograph of the QR code on social media, messaging apps, marketplaces, or any public surface. The token in the image is a credential.
- Do not share the tag URL (for example stnt.be/xxxxxxxxxxxxxxxx) with anyone you do not want to be able to scan it.
- If your tag is lost or compromised, delete it in the app and create a new one. The old token is invalidated immediately and cannot be scanned again.
How the token is secured against guessing:
- Large keyspace: The token is 16 characters drawn from 36 possible characters (lowercase letters and digits), giving roughly 7.9 × 1024 possible values — about 82 bits of entropy. It is not practically guessable by automated enumeration.
- Notification rate limiting: Even if an attacker somehow obtained a valid token, the number of scan notifications we send per tag per hour is rate-limited to prevent notification spam.
- No data leakage on invalid URLs: A request to an invalid or unknown tag URL reveals nothing about whether any tag exists.
- Deletion invalidates the token: When you delete a tag in the app, its token is removed from our database and any subsequent scan of the old URL returns a "tag not found" response.
Scan Event Anonymization
Scan events older than 90 days are automatically anonymized:
- IP addresses are deleted entirely
- Browser and device information is deleted entirely
- Precise GPS coordinates are reduced to city-level
6. Your Rights & Data Deletion
Pet Owners & Registered Users
- Delete your account and all associated data* — available in Settings within the app, or by contacting [email protected].
- Delete individual pets — available in the app. Linked QR tags are also deleted.
- Delete QR tags — available in the app.
- Remove emergency contacts — available in the app via contact management.
* Exception for shop orders. Canadian business-record and tax regulations require us to retain shop order records for 7 years, even after account deletion. See Section 7 — Data Retention.
Emergency Contacts
- If you have a registered account, you have the same deletion rights as pet owners.
- Remove yourself from a safety group — available in the app. You can also ask the pet owner to remove you directly.
Finders
- You can choose not to share your contact information by simply not filling out the contact form.
- You can deny browser location permission to prevent sharing your precise GPS coordinates.
- Your IP address and browser information are automatically deleted after 90 days.
- If you are a finder and you want us to delete a specific scan event that recorded your IP address, browser information, GPS location, or contact form submission, email [email protected] with the tag URL and approximate scan time. This is your right under GDPR Article 17 and PIPEDA.
7. Data Retention
- Account data is retained until you delete your account.
- Pets are retained until you delete them.
- QR tags are retained while active and, after deletion, the tag's token is kept in our records indefinitely to prevent token collisions with newly generated tags. The deleted tag's token cannot be re-used, and any subsequent scan of a deleted tag's URL returns a "tag not found" response. Other fields on the deleted tag (linked pet, settings, scan count) are removed.
- Check-in history and alert records are retained for the lifetime of your account.
- Scan events are anonymized after 90 days (IP address, browser info, and precise GPS removed).
- Push notification tokens are removed on logout; oldest token is automatically removed when a 4th device is added.
- Shop orders and related support tickets are retained for 7 years from the date of the order, as required by Canadian business-record and tax regulations (Canada Revenue Agency). This applies even if you delete your Stantinel account before the 7 years have elapsed — the retention is a legal obligation that overrides the right to erasure under GDPR Article 17(3)(b) and PIPEDA. Retained order data is used only for tax, accounting, and dispute-resolution purposes, and is not used for marketing, profiling, or any other purpose.
- Account deletion and shop orders (scrub pattern). When you delete your Stantinel account, we automatically scrub the most sensitive personal identifiers from your retained shop orders approximately 30 days after deletion. Specifically, we remove your display name and shipping address. What we continue to retain for the remainder of the 7-year period is limited to: the email address associated with the order (used as the primary customer identifier for tax-audit and dispute-resolution purposes), the order details themselves (order ID, date, amount, currency, product, customization spec, status history, payment reference), the QR tag token associated with the order (retained indefinitely anyway to prevent token collisions with newly generated tags), and the pet name that was snapshotted onto the order at the time of purchase. The 30-day grace period after account deletion exists so that recent orders can still be disputed or resolved before the scrub takes effect. We do not retain any other data about you, your contacts, or your check-in history from a deleted account.
8. Third-Party Services
Stantinel uses the following third-party services to operate. Each has its own privacy policy:
- Google Firebase — authentication, database, file storage, push notifications, cloud functions, and hosting
- Google Cloud Platform — task scheduling and infrastructure
- Cloudflare — DNS, edge routing, and HTTPS redirect for the stnt.be short domain. When a QR tag is scanned, Cloudflare processes the request headers (IP address, user agent) to issue an HTTP 302 redirect to the tag landing page. Cloudflare does not receive or process any form input, finder-submitted data, or landing-page content.
We also use ipinfo.io to determine approximate scan locations from IP addresses. Finder IP addresses are sent to ipinfo.io to resolve city-level geolocation; they are not stored by ipinfo.io beyond what is described in their privacy policy.
Payment Processor (Shop)
If you purchase a physical item from the in-app shop, your payment is handled by:
- Stripe, Inc. — payment processor. Stripe receives your payment amount, currency, and the card or digital wallet (Apple Pay / Google Pay) information you provide directly from your device when you complete checkout. Stantinel never sees or stores your full card number, CVC, or banking credentials. Stripe may retain payment records for its own legal and regulatory compliance purposes in accordance with its privacy policy.
Fulfillment Partners (Shop)
The following partners manufacture and ship the physical items you order. They receive only the information necessary to produce and ship your specific order, and are contractually prohibited from using it for any other purpose (including their own marketing).
- Big Jerk Custom Products Ltd. (operating as CanadianPetTags), based in Canada. Manufactures and ships personalized pet Pet Tags and Personal Emergency Tags. Receives: your shipping address, the customization details (pet name, QR code / short token, TAG-SAFE number, and design choice), and an order reference. Does not receive: your email address, payment information, or any Stantinel account data beyond what is required to fulfill your specific order.
If we add additional fulfillment partners in the future (for example, for additional products), we will update this list with their legal entity name and role before any of your data is shared with them.
What we do NOT use:
- No advertising SDKs or ad networks
- No data brokers
We do not sell, rent, or trade your data to any third party.
We may disclose information if required by law, such as to comply with a subpoena or similar legal process, or when we believe in good faith that disclosure is necessary to protect rights, safety, or respond to a government request.
9. Data We Do NOT Collect
- We do not continuously track your GPS location. Location is captured only at the moment of a check-in (if you grant permission) or a QR tag scan.
- We do not continuously access your device's address book. When you tap "Pick from contacts" while adding an emergency contact, your device prompts you for one-time read permission, the system's own contact picker is shown (we do not see your full contact list), and only the specific contact you select is returned to Stantinel. We store the name, phone number, and email of the contact you chose; we do not store, scan, or transmit any other contact.
- We do not collect advertising identifiers (IDFA/GAID).
- We do not collect biometric data, clipboard contents, or browsing history.
- We do not access call recordings or SMS content. We may trigger calls or SMS for escalation, but we do not access their content.
- We do not see or store full card numbers, CVC codes, or banking credentials. In-app subscriptions are processed entirely by Apple App Store or Google Play. Physical merchandise purchases (tags, keychains) are processed by Stripe; Stantinel receives only a payment reference and the last four digits of the card.
10. Required vs. Optional Data
Not all data we collect is mandatory. This section clarifies what you must provide to use the service and what is entirely optional.
Required to Use the Service
Without this data, the core features cannot function.
| Data |
Why It's Required |
| Display name, email, password |
Cannot create an account without these |
| Pet name, species, breed |
Cannot create a pet profile without these |
| Check-in time and schedule |
Cannot create a safety check-in without these |
| Contact email or phone (at least one) |
Cannot add an emergency contact without a way to reach them |
| Escalation rule name and at least one step |
Cannot create an escalation rule without these |
Optional — Service Works Without It
You can skip all of the following. The table shows what changes if you do.
| Data |
If Not Provided |
| Phone number |
No SMS or voice notifications; push and email only |
| Profile photo |
Default avatar shown in the app |
| Pet color, sex, age, date of birth |
Less detail shown to finders on the QR tag landing page |
| Pet feeding, medications, allergies |
Emergency contacts won't see pet care instructions during alerts |
| Pet microchip, license, registry ID |
No official pet identification available to authorities or finders |
| Pet veterinarian info |
Finders and contacts cannot reach your vet |
| Pet rabies vaccination |
No proof of vaccination available |
| Pet photo |
No photo on QR tag landing page |
| Emergency info (address, medical, access codes, key contacts, notes) |
Emergency contacts see no home, medical, or access information during alerts. All emergency info fields are optional. |
| Contact display name |
Contact shown by email or phone number in the app |
| Finder contact form (name, phone, email, message) |
Tag owner cannot reach finder directly; pet recovery may be harder |
| Shipping address & customization details (shop) |
Only collected if you place an order in the in-app shop. If you never purchase a physical Pet Tag or Personal Emergency Tag, this data is never collected and all app features still work. |
Optional Permissions
These device permissions are never required. The app works without them.
| Permission |
If Denied |
| Push notifications |
No check-in reminders or alert notifications on your device |
| Location (GPS) |
No last-known location captured during check-ins. Location is off by default — you must explicitly enable it per check-in. |
| Camera / photo library |
Cannot upload profile or pet photos |
| Browser location (finders only) |
Tag owner receives only city-level location from IP address, not precise GPS |
11. Children's Privacy
Stantinel is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will post the revised policy on this page with an updated effective date. For material changes — such as collecting new categories of data, sharing data with new third parties, or changing the legal basis for processing — we will notify you via in-app notification or email before the changes take effect and give you a reasonable opportunity to review them. If a change affects processing based on your consent, we will obtain fresh consent where required.
13. Governing Law
This Privacy Policy is governed by the laws of the Province of British Columbia, Canada, without regard to conflict of law principles.
14. Legal & Regulatory
The plain-language sections above describe what data we collect, why, and how you can control it. This section provides the additional legal disclosures required by privacy regulations.
Data Controller
Stantinel, operating from Burnaby, British Columbia, Canada, is the data controller for your personal information. Contact: [email protected].
Legal Basis for Processing (GDPR Article 6)
- Contractual necessity — Account data, check-in schedules, emergency contacts, QR tags, and alerts. We need this data to provide the service you signed up for.
- Legitimate interest — Scan event logging, IP geolocation, notification rate limiting, and Signal Fusion correlation. These support pet recovery, emergency response, and security without requiring separate consent.
- Consent — Precise GPS location (check-in or scan), push notifications, and optional contact form submission by finders. You can withdraw consent at any time by revoking device permissions or not submitting the form.
- Explicit consent for health data (GDPR Article 9) — Medical information you enter in your Emergency Information (conditions, medications, allergies, doctor contact) is classified as health data under GDPR. Because you voluntarily enter this data yourself and choose which trust tiers can see it, the legal basis is your explicit consent. You can delete this information at any time in the app.
Your Rights Under Applicable Law
Depending on your jurisdiction (including under GDPR, PIPEDA, BC PIPA, and CCPA), you may have the following rights:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate data. You can also update most data directly in the app.
- Erasure — Request deletion of your data. See Section 6 for self-service deletion options.
- Restriction — Request that we limit how your data is processed.
- Portability — Request your data in a structured, machine-readable format.
- Objection — Object to processing based on legitimate interest.
- Withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Automated decision-making — Stantinel uses automated processing to detect missed check-ins and correlate QR scans with active alerts (Signal Fusion). These automated decisions trigger notifications to your emergency contacts. You can prevent automated alerts by pausing or deleting your check-in schedules.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
International Data Transfers
Stantinel uses Google Firebase, Google Cloud Platform, and Cloudflare, which may store and process data in the United States and other countries. Google and Cloudflare both operate under Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transferred outside the European Economic Area.
Complaint Rights
If you believe we have not handled your data properly, you have the right to lodge a complaint with:
15. Contact Us
If you have questions about this Privacy Policy or your data, contact us at [email protected].