Skip to content
Pawderful

Privacy policy

Updated May 2026

Pawderful respects your privacy. This document outlines what data we collect, how we use it, and how you can control your information.

What data we collect

We collect your email, name, shipping address, phone number, and order history to fulfil orders and communicate about delivery.

How we use the data

  • To process and ship your orders
  • For customer support and communication
  • For marketing (only with your explicit consent)

Third parties

Some data is shared with trusted partners that help us run the shop. They act as data processors and only see what they need.

Meta Platforms Ireland Ltd

  • Purpose: Conversion measurement and personalised advertising on Facebook and Instagram.
  • Data shared: Hashed email, hashed phone, hashed name, IP address, user agent, page URL, content IDs, order value, transaction ID.
  • Legal basis: Your marketing consent (cookie banner toggle). You can change it any time.
  • Retention: Up to 180 days at Meta. We keep raw events for 30 days for debugging, then delete them.

Meta privacy policy

PostHog (EU host)

  • Purpose: Site analytics, heatmaps, and session replay so we can improve the user experience.
  • Data shared: Page views, clicks, anonymised UI interactions, performance metrics, distinct ID. No raw form input is captured.
  • Legal basis: Your analytics / marketing consent (cookie banner toggle).
  • Retention: Event data: 1 year. Session recordings: 30 days, then deleted automatically.

Sentry (Functional Software, Inc.)

  • Purpose: Error monitoring — when something on the site breaks, we receive an anonymised report so we can fix it.
  • Data shared: Stack trace, browser + OS version, the URL where the error happened, an anonymous customer id. Email, phone number, password reset tokens, and shipping addresses are stripped before the report leaves your browser.
  • Legal basis: Legitimate interest (GDPR Recital 49) — keeping the site running. Non-critical reports also require your analytics consent.
  • Retention: Error events: 90 days at Sentry, then deleted automatically.
  • Region: Region depends on the Sentry organisation: EU (Frankfurt) or US (Virginia). The picked region is documented in docs/INTEGRATIONS.md once the org is provisioned.

Session replay

We may record anonymised user-interface interactions to improve the user experience. Recordings include cursor movement, clicks, and page navigation — never raw input.

  • Form inputs are masked by default — we never see what you type.
  • PII regions (addresses, profile data, account details) are explicitly redacted.
  • Payment iframes (Montonio) are isolated and never captured.

Recordings are kept for 30 days, then deleted automatically.

Manage your data

Signed-in customers can export every piece of data we hold or delete the account from the privacy page in your account.

Your rights

Under the GDPR you have the right to access, correct, delete, or restrict the processing of your data. Email [email protected].

Contact

For privacy questions: [email protected]