Privacy Policy

Last updated: May 28, 2026

This Privacy Notice for Ivan Salgarello (doing business as Sereno) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Visit our website at https://serenopet.com or any website of ours that links to this Privacy Notice;
• Use Sereno, our mobile pet health tracker app for iOS and Android;
• Engage with us in other related ways, including any marketing or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions or concerns, please contact us at supportserenopet@gmail.com.

1. What Information Do We Collect?

Personal information you disclose to us

In short: we collect personal information that you provide to us when you register an account, use the App, or contact us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products, or otherwise contact us. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use.

The personal information we collect may include the following:

Category	What we collect	Why
Account data	Email address, password (hashed), display name, profile photo (optional), preferred language	To create and manage your account
Pet data	Pet name, species, breed, sex, birthdate, weight, microchip number, photo, chronic conditions, allergies, notes	To allow you to track your pet's profile
Health data (pet)	Vaccinations, vet visits and costs, symptoms (intensity 0-5), medications (dose, schedule, log), medical documents (PDFs, photos)	To allow you to record and share your pet's health history
Veterinarian data	Vet name, clinic, phone number, email (provided by you)	To populate the Emergency Card and PDF reports
Family sharing data	Email addresses of invited family members, role (owner / member)	To enable shared pet management
Subscription data	Subscription tier, trial status, expiration date, store transaction ID (anonymous to us, processed by Apple/Google/RevenueCat)	To grant access to paid features
Device data	Push notification token, device platform (iOS/Android), app version, language locale	To deliver push notification reminders and provide localized content
Support communications	Emails you send to supportserenopet@gmail.com	To respond to your inquiries

We do not collect: payment card details (these are handled exclusively by Apple App Store, Google Play, and our subscription provider RevenueCat — we never see your card number), precise location (GPS), biometric data, social security or government ID numbers, browsing history outside the App.

Sensitive information

The pet health data you enter is not considered "sensitive personal data" under the GDPR (which applies to human health data, not animal health data). However, we treat it with the same care and security as if it were sensitive, given its private and personal nature to you.

Information automatically collected

In short: some technical information is collected automatically when you use the Services, but we do not use third-party analytics or advertising trackers.

When you use the App, our backend automatically logs minimal technical information necessary for security and service operation, including:

• IP address (used by Supabase for rate-limiting and abuse prevention; not stored long-term);
• Timestamps of sign-in events and API requests;
• Crash reports and error logs (anonymous, used to fix bugs);
• App version and operating system.

We do not use Google Analytics, Facebook Pixel, advertising SDKs, or any other third-party tracking technology inside the App.

2. How Do We Process Your Information?

In short: we process your information to provide, improve, and secure the Services, to communicate with you, and to comply with legal obligations.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To create and manage your user account. We use your email and password to register and authenticate you.
• To deliver the Services. We store and synchronize the data you enter (pets, medications, symptoms, documents, etc.) across your devices.
• To send push notifications. We use your push token to deliver medication reminders and other in-app notifications you have enabled.
• To enable family sharing. When you invite a family member, we use their email to send the invitation and link the accounts.
• To process subscriptions. We rely on RevenueCat, Apple App Store, and Google Play to manage your subscription status and entitlements.
• To generate PDF reports and Emergency Cards. Generation happens on your device — the resulting PDF is never uploaded to our servers unless you choose to share it.
• To respond to your support requests. We use your email to reply to you.
• To improve the Services. We use aggregated and anonymized crash logs and error reports to fix bugs and improve reliability.
• To comply with legal obligations. We may process your data where required by law, court order, or regulatory authority.

3. Legal Bases for Processing (GDPR)

In short: we only process your personal information when we believe it is necessary and we have a valid legal basis under EU law.

The General Data Protection Regulation (GDPR) requires us to identify the legal bases on which we rely to process your information. We rely on the following:

• Performance of a contract (Art. 6(1)(b) GDPR) — when processing is necessary to provide you with the Services you have signed up for (account creation, data storage, subscription management, push notifications you have enabled).
• Legitimate interests (Art. 6(1)(f) GDPR) — for security monitoring, fraud prevention, debugging crashes, and improving the Services. We have weighed these interests against your privacy rights and consider them proportionate.
• Consent (Art. 6(1)(a) GDPR) — for optional features such as receiving push notifications. You can withdraw consent at any time in app Settings.
• Legal obligation (Art. 6(1)(c) GDPR) — when we are legally required to retain or disclose information (e.g. to comply with tax law or respond to a lawful court order).

4. When and With Whom Do We Share Information?

In short: we share information only with the service providers we need to operate the Services. We never sell your data and we do not share it with advertisers.

We share information with the following categories of third parties (acting as data processors on our behalf under GDPR Art. 28):

Provider	Purpose	Data shared	Location
Supabase	Database, authentication, file storage	All account, pet, and health data	EU (Stockholm, Sweden)
RevenueCat	Subscription management and entitlement	App user ID, subscription status	USA (with Standard Contractual Clauses)
Apple App Store	App distribution and in-app purchases	Apple ID, payment data (handled by Apple)	Worldwide
Google Play Store	App distribution and in-app purchases	Google ID, payment data (handled by Google)	Worldwide
Firebase Cloud Messaging (Google)	Android push notification delivery	Push token, notification payload	Worldwide
Apple Push Notification Service	iOS push notification delivery	Push token, notification payload	Worldwide
Expo (Expo Application Services)	App build distribution and push notification routing	Push tokens, anonymous device identifiers	USA (with Standard Contractual Clauses)
Vercel	Website hosting (serenopet.com)	IP address and basic request logs (website only, not App)	Worldwide edge network

We may also disclose your information:

• In response to legal requests: if required by applicable law, court order, governmental request, or to enforce our legal rights.
• In connection with a business transfer: in the unlikely event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring party under the same protections described here.
• With other family members: if you invite someone to your family group, they will be able to see the pets and health data you have shared with the group.

We do not sell your personal information and we do not share it with third parties for cross-context behavioral advertising.

5. Cookies and Similar Technologies

In short: the App does not use cookies. Our website uses only essential cookies set by our hosting provider.

The mobile App does not use HTTP cookies. The Sereno website (serenopet.com) may use a minimal number of essential cookies set by our hosting provider (Vercel) for security and basic operation. We do not use analytics, advertising, or tracking cookies.

6. International Data Transfers

In short: most of your data stays in the European Union. When we use US-based providers, we rely on appropriate safeguards.

Your primary data (account, pets, health records, documents) is stored on Supabase servers located in Stockholm, Sweden (EU). Some of our supporting service providers (such as RevenueCat and Expo) are based in the United States. For data transferred to the US, we rely on the Standard Contractual Clauses approved by the European Commission as an appropriate safeguard under GDPR Art. 46.

7. How Long Do We Keep Your Information?

In short: we keep your information only as long as your account is active or as needed to provide the Services and comply with the law.

• Account and health data: retained for as long as your account is active. When you delete your account, all your personal data, uploaded documents, and photos are permanently removed within 30 days, in accordance with GDPR Art. 17 (right to erasure).
• Support correspondence: retained for up to 2 years to enable follow-up support and quality improvement.
• Aggregated and anonymized data: may be retained indefinitely as it no longer identifies you.
• Backups: routine backups of our database are retained for up to 30 days; deleted data is automatically purged from backups within this period.

8. How Do We Keep Your Information Safe?

In short: we implement technical and organizational measures to protect your personal information.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These include:

• Encryption of data in transit (HTTPS / TLS) and at rest (AES-256 on Supabase storage);
• Row-Level Security policies in our database, so that each user can only access their own data;
• Strong password requirements (minimum 8 characters) and bcrypt-hashed password storage;
• Email verification on signup;
• Server-side authentication tokens (JWT) for API access;
• Regular security audits of our codebase and infrastructure.

However, please remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

9. Information From Minors

In short: we do not knowingly collect data from anyone under the age of 18.

The Services are intended for users who are at least 18 years old. We do not knowingly solicit or collect personal information from anyone under the age of 18. If you become aware that a child has provided us with personal information, please contact us at supportserenopet@gmail.com and we will take steps to delete such information.

10. Your Privacy Rights

In short: you have rights that allow you greater access to and control over your personal information. You can exercise them at any time.

Rights under the GDPR (EU/EEA users)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights:

• Right of access (Art. 15) — to obtain confirmation of whether we process your data and a copy of it.
• Right to rectification (Art. 16) — to correct inaccurate or incomplete data. Most fields can be edited directly in the App.
• Right to erasure (Art. 17) — to request deletion of your data. You can delete your account at any time from the App (Settings → Delete Account), which triggers immediate deletion of all your personal data and uploaded files.
• Right to restriction of processing (Art. 18) — to ask us to limit how we use your data in certain circumstances.
• Right to data portability (Art. 20) — to receive your data in a structured, commonly used, machine-readable format. You can request an export by emailing us.
• Right to object (Art. 21) — to object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint — with your local supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).

To exercise any of these rights, please contact us at supportserenopet@gmail.com. We will respond within 30 days, as required by GDPR.

11. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Because no uniform technology standard for recognizing DNT signals has been finalized, we do not currently respond to DNT signals. As stated above, however, we do not use tracking technologies in the App.

12. US State Residents' Specific Rights

If you are a resident of California, Colorado, Virginia, Connecticut, Utah, or other US states with comprehensive consumer privacy laws, you may have additional rights, including the right to:

• Know what personal information is collected about you;
• Access your personal information;
• Request deletion of your personal information;
• Opt out of the sale or sharing of personal information (we do not sell or share for advertising, so this right is already honored by default);
• Limit the use of sensitive personal information;
• Not be discriminated against for exercising your rights.

To exercise these rights, please contact us at supportserenopet@gmail.com.

13. Updates to This Notice

In short: yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this notice. If we make material changes, we will notify you either by sending an email to the address associated with your account or through an in-app notification. We encourage you to review this Privacy Notice frequently to stay informed.

14. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may contact us by email:

Ivan Salgarello (doing business as Sereno)
Italy
Email: supportserenopet@gmail.com
Website: https://serenopet.com

15. How Can You Review, Update, or Delete the Data We Collect From You?

You have several options to manage your personal data:

• Review and update your data: most personal data is editable directly in the App (Settings → Account, and individual pet/medication/document records).
• Request a copy (data export): send us an email at supportserenopet@gmail.com and we will send you a structured copy of your data within 30 days.
• Delete your account and all your data: in the App, go to Settings → Delete Account. This will permanently remove all your personal data, pets, health records, and uploaded files from our database and from our storage buckets, in accordance with GDPR Art. 17.