Privacy Policy

1. Who We Are

ZendPaw is a SaaS platform for pet service businesses, operated by CardoCore, based in the Yucatán Peninsula, Mexico.

Data Controller (for data we collect directly from you):

Company: CardoCore / ZendPaw
Email: hello@zendpaw.com
Website: www.zendpaw.com

Data Processor (for personal data you upload about your clients):

ZendPaw acts as a data processor on behalf of you, the business owner, who acts as the data controller for your clients' data. Your obligations as a data controller toward your clients are described in our Terms of Service.

2. What Data We Collect

We collect personal data in the following categories.

We do not collect: government ID numbers, social security numbers, financial account numbers, health insurance information, biometric data, or racial/ethnic origin data.

3. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

We do not use your data for:

• Selling personal information to third parties
• Targeted advertising
• Automated decision-making that produces legal effects without human review
• Building profiles for resale or data brokerage

4. Client and Pet Data - Your Responsibility

ZendPaw is a tool you use to manage your own clients' data. When you enter your clients' names, contact details, pet health records, or any other personal information into ZendPaw, you are the data controller for that data under applicable privacy laws.

As the data controller, you are responsible for:

• Having a lawful basis to collect and store your clients' personal data (e.g. consent, contract performance)
• Informing your clients about how their data is used
• Responding to your clients' data access or deletion requests
• Complying with LFPDPPP 2025, CCPA, GDPR, or other laws applicable to your jurisdiction and your clients' jurisdictions

ZendPaw processes this data only on your behalf and according to your instructions. We do not use your clients' data for our own purposes beyond what is necessary to operate the platform.

Pet health records (vaccinations, medical notes) may constitute sensitive personal data under some jurisdictions. You are responsible for handling these records with appropriate care and obtaining consent from your clients where required.

5. Who We Share Your Data With

We share personal data only with the following trusted third-party service providers who process data on our behalf. We do not sell your data.

All third-party providers are contractually required to:

• Process data only for the specified purpose
• Maintain appropriate security measures
• Not sell or disclose your data to other parties
• Comply with GDPR, CCPA, and LFPDPPP as applicable

We may also disclose personal data if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of ZendPaw, our users, or the public.

6. International Data Transfers

ZendPaw is operated from Mexico and serves users in Mexico, the United States, and internationally. Our infrastructure (Neon, Vercel, Resend, Stripe, Cloudflare) is located primarily in the United States.

By using ZendPaw, you acknowledge that your data may be transferred to and processed in the United States, which may have different data protection laws than your country.

For Mexican users: Cross-border data transfers are made to service providers who maintain equivalent data protection standards as required by LFPDPPP 2025.

For EU/UK users: We rely on Standard Contractual Clauses (SCCs) where applicable for transfers of EU personal data to third countries.

7. Data Retention

We retain your personal data for the following periods:

After the retention period, data is deleted from active systems within 30 days and from backup systems within 90 days, unless legally required to retain it longer.

8. Your Privacy Rights

All Users

Mexican Users - Derechos ARCO (LFPDPPP 2025)

US Users - CCPA/CPRA Rights

EU/UK Users - GDPR Rights

9. Security Measures

We implement commercially reasonable technical and organizational security measures to protect your data, including:

• HTTPS/TLS encryption for all data in transit
• Bcrypt password hashing (passwords are never stored in plain text)
• Rate-limited authentication endpoints to prevent brute-force attacks
• Cloudflare Turnstile CAPTCHA on all authentication flows
• Role-based access control within the platform
• Isolated per-tenant data architecture
• Regular security reviews and dependency updates

Despite these measures, no internet transmission or electronic storage system is 100% secure. If you discover a potential security vulnerability, please report it responsibly to hello@zendpaw.com.

10. Children's Privacy

ZendPaw is a business management tool intended for adults operating pet service businesses. We do not knowingly collect personal data from individuals under the age of 18.

If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@zendpaw.com and we will delete it promptly.

Note: Pet data (names, breeds, vaccination records) relates to animals, not children. Client contact data entered by business owners for scheduling purposes does not constitute children's data.

11. Cookies

We use cookies and similar tracking technologies on our websites. For full details about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy at www.zendpaw.com/cookies.

In summary:

• Essential cookies: always active, required for login and security
• Analytics cookies: only loaded after you accept cookies
• Security cookies (Cloudflare Turnstile): active for bot protection on authentication flows
• Third-party cookies: Stripe (payment), Cloudflare (security)

12. Marketing Communications

We may send you marketing emails if you have opted in during registration or via account settings. Each marketing email includes an unsubscribe link. You can also opt out at any time by emailing hello@zendpaw.com.

Transactional emails (receipts, appointment confirmations, security alerts, password resets) are sent as part of the Service and cannot be opted out of while your account is active.

We do not use your data for third-party advertising networks or sell your email address to any party.

13. Automated Decision-Making

ZendPaw does not make automated decisions that produce legal or significant effects about you without human review.

Our platform uses automation for:

• Sending appointment reminders (triggered by your configured settings)
• Spam and bot detection (Cloudflare Turnstile)
• Rate limiting (to protect against abuse)

None of these processes make decisions that affect your legal rights, access to services, or create legally binding obligations without human oversight.

14. Aviso de Privacidad - Resumen (LFPDPPP 2025)

15. Changes to This Privacy Policy

We may update this Privacy Policy when our practices change or when required by law. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send an email notification to registered users at least 14 days before changes take effect
• Display a notice in your account dashboard for significant changes

We encourage you to review this policy periodically. Your continued use of ZendPaw after the effective date of any changes constitutes acceptance of the updated policy.