Privacy Policy
Last updated: February 16, 2026
PaoPao ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the PaoPao mobile application and website (the "Service"). This policy complies with the Singapore Personal Data Protection Act 2012 (PDPA).
1. Data Controller
The organisation responsible for your personal data is:
Altbyte Pte. Ltd. (operating as PaoPao)
Email: contact@altbyte.com
2. Data We Collect
2.1 Account Data
When you create an account, we collect:
- Full name — to personalize your profile.
- Email address — for authentication and account recovery.
- Phone number — optional, for account identification.
- Username — your public identifier on the platform.
- Password — stored securely using industry-standard hashing (never in plain text).
- Country — auto-detected from your IP address to show relevant content.
2.2 Pet Data
When you create pet profiles, we collect:
- Pet name, species, breed, sex, color, and birthday.
- Pet avatar photos.
- Optional: microchip number, license number, allergy notes.
2.3 User-Generated Content
We store content you create on the Service, including:
- Chat messages (text only).
- Posts, photos, and comments in the Discover feed.
- Events and event details you create.
- Friend requests and social connections.
2.4 Technical Data
We automatically collect:
- IP address (used for country detection, then discarded).
- Device type and operating system version.
- App version.
- Crash reports and performance metrics (anonymized).
2.5 Data We Do NOT Collect
- We do not collect precise GPS location. Event locations are entered manually by users.
- We do not collect contacts from your phone.
- We do not use tracking cookies or third-party advertising trackers.
3. Purposes for Collecting and Using Your Data
Under the PDPA, we collect and use your personal data for the following purposes:
| Purpose | Basis |
|---|---|
| Account creation and authentication | Contractual necessity |
| Providing the Service (chat, events, feed) | Contractual necessity |
| Country detection for content relevance | Consent (at signup) |
| Notification delivery | Consent |
| Crash reporting and performance monitoring | Reasonable business purpose |
| Enforcing Terms & Conditions | Reasonable business purpose |
4. How We Use Your Data
We use your data to:
- Provide, maintain, and improve the Service.
- Authenticate your identity and secure your account.
- Display your profile and pet information to other users (according to your visibility settings).
- Deliver chat messages and event notifications.
- Show relevant content based on your country and social connections.
- Detect and prevent abuse, fraud, and violations of our Terms.
5. Data Sharing
We do not sell your personal data. We share data only in the following circumstances:
- With other users — Your profile, pet profiles, posts, and event participation are visible to other users based on your privacy settings (public or friends-only).
- Service providers — We use Supabase (hosted on AWS in Singapore, ap-southeast-1) for database and authentication services. Data is processed in accordance with their privacy policies and data processing agreements.
- Legal requirements — We may disclose data if required by law, court order, or to protect our rights and safety.
6. Data Storage and Security
- Your data is stored on servers located in Singapore (AWS ap-southeast-1 region).
- All data in transit is encrypted using TLS 1.2+.
- All data at rest is encrypted.
- Passwords are hashed using bcrypt and never stored in plain text.
- Access to production data is restricted to authorized personnel only.
- We implement Row Level Security (RLS) at the database level to ensure users can only access their own data.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion |
| Pet profiles | Until deleted by user or account deletion |
| Chat messages | Up to 6 months, then automatically purged |
| Posts and feed content | Until deleted by user or account deletion |
| Event data | Until event expiry + 90 days |
| IP addresses | Not stored (used for one-time country detection) |
When you delete your account, we remove your personal data within 30 days. Some data may be retained longer in encrypted backups, which are purged on a rolling schedule.
8. Your Rights (PDPA)
Under the Singapore Personal Data Protection Act, you have the following rights:
- Access — Request a copy of the personal data we hold about you.
- Correction — Correct inaccurate or incomplete data (you can do this directly in the app, or by contacting us).
- Withdraw consent — Withdraw your consent for the collection, use, or disclosure of your personal data at any time (e.g., notification permissions in app settings). Note that withdrawing consent may affect our ability to provide the Service.
To exercise any of these rights, contact us at contact@altbyte.com. We will respond within 30 business days.
9. Children's Privacy
PaoPao is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. International Transfers
Your data is stored in Singapore. If data is transferred outside of Singapore, we ensure that the recipient provides a comparable standard of protection in accordance with the PDPA Transfer Limitation Obligation.
11. Cookies
The PaoPao website does not use cookies. The mobile application uses only essential local storage (for authentication tokens and notification preferences) and does not use tracking technologies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We encourage you to review this page periodically.
13. Supervisory Authority
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority. In Singapore, this is the Personal Data Protection Commission (PDPC):
PDPC — www.pdpc.gov.sg
14. Contact
For any privacy-related questions or requests, contact us at: