DriyuDriyu

Privacy Policy

Last updated: April 22, 2026

The web version is always the most current. Any PDF copy provided for convenience may not reflect recent updates.

1. Introduction

Driyu LLC ("Driyu", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password, and contact details.
  • Pet Information: Pet names, species, breed, age, weight, photos, and identifying characteristics.
  • Health Records: Vaccination records, medications, veterinary visits, and medical documents you upload.
  • Payment Information: Billing address and payment method details, which are processed securely by Paddle, our third-party payment processor. Driyu LLC does not store full payment card details on our servers.
  • Communications: Messages you send us and feedback you provide.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers.
  • Usage Information: Pages visited, features used, time spent on the Service.
  • Location Information: General location based on IP address; precise location only with your permission for lost pet features.
  • Log Data: IP address, browser type, access times, and referring URLs.

The above applies to authenticated use of the Service. For the specific case of QR tag scanners, see §2.3 below, which describes the narrower, non-identifying data we record at scan time.

2.3 Information from Third Parties and QR Tag Scanners

We may receive information from third parties, such as when you sign in using a third-party authentication service.

When someone (a "Scanner") scans a Driyu pet QR tag — whether or not they have a Driyu account — we log a small amount of coarse, non-identifying technical data about that scan:

  • Approximate region (typically country-level or broader)
  • Device category (e.g., mobile or desktop), browser family, and operating system family
  • Date, time, and frequency of the scan
  • Whether the pet was in lost mode at the time of scan

Our scan records do not store the Scanner's IP address, precise geolocation, or browser fingerprint. We do not set persistent identifiers for Scanners, and Scanners are not tracked across scans or personally identified in our systems. Like any web service, our hosting and security infrastructure may transiently observe network metadata such as source IP for abuse prevention, but we do not persist it in Driyu's scan records.

Scan data is used only to route the lost pet alert to the registered owner and to support basic product-health diagnostics (for example, confirming that scans are reaching the correct recovery page). Scan records are retained as long as needed for the pet owner's recovery history and product diagnostics, and in any case no longer than 24 months from the scan date, after which they are deleted or de-identified.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Create and manage your account.
  • Process transactions and send related information.
  • Send you technical notices, updates, and support messages.
  • Facilitate lost pet recovery through owner-contact and finder-reporting flows.
  • Provide AI-assisted record organization, summaries, and document processing features.
  • Respond to your comments, questions, and requests.
  • Monitor and analyze trends, usage, and activities.
  • Detect, prevent, and address technical issues and fraud.
  • Comply with legal obligations.

3.1 AI-Assisted Features

Driyu uses AI-assisted technology for tasks such as record organization summaries, document scanning, and knowledge search. When you use these features, relevant data (such as information you enter or documents you upload) is processed by AI systems, which may include third-party AI subprocessors, solely to deliver the feature to you.

We do not use your personal information to train our own generalized AI models. We may use third-party AI service providers to process data in order to provide these features, and we restrict their use of your data consistent with our agreements with them. Data submitted to AI features is used to generate the specific response or analysis you requested.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We may share information when you direct us to do so, such as when sharing pet profiles with family members.

4.2 For Lost Pet Recovery

When someone scans your pet's QR tag, a recovery profile is displayed to help them reunite your pet with you. By default the profile is recovery-first and includes:

  • Your pet's name, photo, breed, and identifying description
  • Your contact information (phone number and email) so the finder can reach you immediately
  • Your general location (city and state, but not your street address)
  • Emergency contact information and medical alerts you have chosen to make visible during scans

Your home address, full medical records, account credentials, billing information, and details about any other pets or household members are never shown to finders.

Visibility controls. You can choose to hide any of the following from the public recovery page at Profile → Public Recovery Visibility in your dashboard: your phone number, your email address, your city, your state, and your emergency / recovery contacts list. Defaults are set to visible so the recovery experience works on day one.

Driyu enforces these settings server-side on Driyu-controlled recovery surfaces (the public tag scan page, the public lost-pet page, and the Driyu finder), so the controls are honored at the data layer, not just the user interface. A safety rule requires that at least one direct contact path (your phone, your email, or at least one emergency contact with a phone or email) remain visible so finders always have a way to reach you.

The Contact Owner and Report Sighting forms on the recovery page are always available and continue to deliver messages to you through Driyu notifications regardless of which fields you have hidden. Pet identification details (name, photo, breed, species, color) and lost-mode instructions are not controllable in this setting because they help a finder identify your pet. Your first and last name also remain visible so a finder knows whose pet they have found. Medical alerts are controlled per-alert on the pet's medical record, not on this Visibility setting.

Changes take effect immediately on Driyu surfaces. Previews of links you have shared on outside social platforms may take time to refresh because those previews are cached by the platform, not by Driyu.

When you activate "Lost Mode," the recovery profile is further enhanced with an urgent alert and additional recovery guidance to maximize your chances of a fast reunion.

4.3 With Service Providers (Subprocessors)

We use a small number of trusted third-party service providers ("subprocessors") to host, operate, secure, and communicate through Driyu. We share information with these providers only as needed to deliver and protect the Service. They are bound by their service terms and applicable data processing commitments to safeguard your information and use it only on our behalf.

Driyu's current subprocessors include:

  • Vercel, Inc. (United States) — web hosting, serverless functions, and scheduled jobs.
  • Supabase, Inc. (United States) — database (Postgres), authentication, and file storage (such as pet photos and pet documents).
  • Paddle.com Market Ltd (United Kingdom) — Merchant of Record for paid subscriptions; handles subscription payment processing, billing, taxes, and refunds.
  • Stripe, Inc. (United States) — payment processing for one-time tag purchases and reseller batch checkouts.
  • Resend, Inc. (United States) — transactional email (account, recovery, family invites, billing receipts).
  • Twilio Inc. (United States) — SMS notifications for tag scans, lost-pet alerts, and recovery messages, only to users who have opted in.
  • Anthropic, PBC (United States) — AI-assisted features (such as record-organization helpers and the AI Guide) when you choose to use them.
  • OpenAI, L.L.C. (United States) — AI-assisted features (such as record summaries and knowledge search) when you choose to use them.
  • Sentry (Functional Software, Inc.) (United States) — error monitoring and crash reports on our internal admin and operations stack; not enabled on consumer-facing surfaces by default.

We do not sell your personal information to advertisers or data brokers. Subprocessors receive only the information needed to perform their service for us — for example, your email address goes to Resend so we can deliver a recovery notification, and your pet records live in Supabase so the Service can read them when a tag is scanned. We update this list when we add or change subprocessors in a material way. Some standard internet infrastructure may also receive normal request metadata when you or a finder use the Service (for example, the OpenStreetMap tile and reverse-geocoding services that draw and label map backgrounds, or the browser push notification gateways operated by Apple, Google, or Mozilla); those are standard internet infrastructure rather than vendors Driyu has contracted with directly.

4.4 For Legal Reasons

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of Driyu LLC, our users, or others.

4.5 Business Transfers

If Driyu LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest.
  • Secure authentication and access controls.
  • Security controls and operational safeguards.
  • Limited employee access to personal information.

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service and understand how it is used. For full details, see our Cookie Policy.

6.1 Essential Cookies

Some cookies are strictly necessary for the Service to function — for example, to keep you logged in, remember your preferences, and protect against cross-site request forgery. These cannot be disabled without breaking core functionality.

6.2 Analytics Cookies

We may use analytics cookies or similar tools to understand how visitors interact with the Service — such as which pages are visited most and how users navigate. This helps us improve the product. Analytics data is aggregated and not used to personally identify you for marketing purposes.

6.3 Your Controls

You can manage cookie preferences through your browser or device settings. Disabling certain cookies may affect the functionality of the Service. See our Cookie Policy for more detail on categories and how to opt out.

7. Data Retention

7.1 Retention Period

We retain your information for as long as your account is active or as needed to provide the Service. After you request account deletion or your account is closed, we will delete or de-identify your personal data within up to 6 months, except where retention is required or permitted for:

  • Billing, tax, or other legal and regulatory obligations.
  • Security incident investigation or fraud prevention.
  • Active or reasonably anticipated dispute resolution or legal enforcement.
  • Backup or archival systems that are not immediately purgeable (data in these systems will be deleted on their normal rotation schedule).

7.2 Reseller Data Processing

Some users of the Service access Driyu through products or QR activations distributed by third-party resellers ("Resellers"). Driyu LLC remains the sole controller of all pet owner personal data processed through the Service.

Resellers:

  • Do not have direct access to pet owner personal data unless explicitly provided by the pet owner.
  • May receive limited, aggregated, or anonymized information related to QR activations associated with their account.
  • Do not receive access to medical records, contact details, location history, or private pet data by default.

Driyu LLC does not sell, license, or otherwise transfer pet owner personal data to Resellers. Resellers act solely as distributors of QR activations and do not process personal data on behalf of Driyu LLC unless expressly authorized in writing.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you as required by applicable law. Notification will be provided via email to the address associated with your account, through a notice posted within the Service, or by another method consistent with legal requirements and the nature of the incident.

We will take prompt steps to investigate, contain, and remediate any confirmed breach and will cooperate with any required regulatory notifications.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the information we hold about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your information (subject to legal obligations and our retention policy in §7).
  • Portability: Request a copy of your data in a portable format.
  • Opt-out: Opt out of marketing communications at any time.
  • Limit public disclosure of recovery contact details: Owners of activated tags may limit which contact fields appear on public recovery pages — see §4.2 for details and the Public Recovery Visibility settings in your dashboard.

To exercise these rights, please contact us at privacy@driyu.com.

9.1 Texas Residents

If you are a Texas resident, you may have additional rights under the Texas Data Privacy and Security Act (TDPSA). These include the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of the processing of your data for targeted advertising or sale. To exercise these rights, contact us at privacy@driyu.com.

9.2 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) may provide you with additional rights.

Categories of personal information collected include: identifiers (name, email, IP address); commercial information (subscription and transaction records); internet activity (usage data, log data); geolocation data (approximate, and precise only with permission); and pet and health-related information you choose to provide.

Purposes for collection include: providing and improving the Service, processing transactions, facilitating lost pet recovery, communicating with you, and complying with legal obligations.

We do not sell your personal information as defined under the CCPA/CPRA.

California residents may have the right to: know what personal information is collected and how it is used; request deletion of personal information; opt out of the sale or sharing of personal information; and non-discrimination for exercising privacy rights. To submit a request, contact privacy@driyu.com.

10. Minors

The Service is intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from someone under 18, we will delete that information promptly. If you believe we may have collected information from a minor, please contact us at privacy@driyu.com.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your own. By using the Service, you consent to the transfer and processing of your information in the United States and other countries where we or our service providers operate.

12. Third-Party and Reseller Links

The Service may contain links to third-party websites or services, including websites operated by Resellers. Driyu LLC does not control and is not responsible for the privacy practices, content, products, or services of third-party websites. Any interactions, purchases, or communications with Resellers occur outside of the Driyu Service and are governed by the Reseller's own policies.

When you click a third-party or Reseller link, you will be leaving the Driyu Service and accessing an external website subject to that third party's own privacy policies and terms. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: