Privacy Policy – Amico Fido

The data controller is:

Pietro Petrocchi Maestri Comacini 29B, Morbio Inferiore, 6834, Switzerland pietropetrocchi@protonmail.com

This policy applies to the Amico Fido mobile application (iOS and Android), the amico-fido.com website and related services, as well as to registered users and website visitors.

We collect identification data (name, email, username), authentication data (password, identifiers provided by Apple or Google), profile data (photo, language, timezone), dog-related data (name, breed, age, weight, allergies, photo, health status), user-generated content (posts, comments, stories, chat messages, reports), location data (GPS coordinates, routes), technical data (notification tokens, IP address, error and app version information) and subscription-related data.

Registration and account. Registration requires name, email and password. Access via Google or Apple is also available; in that case we receive the data returned by the provider (e.g. email and name) according to the user's chosen settings. Timezone and push notification tokens may also be collected during registration.

Profile. The user may provide profile photo, preferred language, username and privacy and notification settings.

Dog profiles. For each dog, the user may enter name, breed, age, weight, colour, allergies, diet, medications, notes, microchip, sterilisation and photo. For lost dogs, last known location and date may be indicated.

Content. The user creates posts, comments, stories, chat messages, reports and other community content, including images, videos and, where available, voice messages.

Toxicity check. The feature to verify toxicity of foods and plants for dogs and cats requires sending images or the name of the substance to be checked.

Contacts. The website has a contact form that collects name, email and message.

Location. When the user consents, we collect location to display the map, nearby reports and lost dogs. Safe Walk also requires background location during the walk.

Technical data. We collect IP address, push notification tokens, error and crash information (message, technical context, app version, platform) to ensure the service works and improve its quality.

Website. On the website we may use analytics tools oriented towards privacy protection and designed to limit or exclude tracking cookies, where technically possible.

When accessing via Google or Apple, we receive the data returned by these providers. For subscriptions and in-app purchases we receive membership status information from specialised platforms that interface with digital stores (App Store, Google Play).

Data is processed to enable registration and authentication, service delivery, user profile and dog profile management, community participation (posts, stories, comments, chat), reports and geolocation features, Safe Walk, AI-based features, push notifications, subscription and in-app purchase management, moderation and security, assistance and user contact, as well as for analysis and service improvement and to comply with legal obligations.

Processing is based on contract performance for the main service features, on consent when required (e.g. for certain notifications or optional features), on legitimate interest for moderation, security and analysis, and on legal obligations when applicable.

Registration requires name, email and password. Access via Google or Apple uses data returned by the provider. IP address, timezone and push notification tokens may be recorded at registration. Acceptance of the Terms and Conditions and this Privacy Policy is mandatory and is recorded with date and version.

User profile. The user may manage name, profile photo, language, timezone, username and privacy settings (e.g. profile and username visibility) and location settings (geolocation activation, notification radius).

Dog profiles. For each dog, the user may enter and update personal data, health data, diary and memories (events, media, audio). For lost dogs, last known location and date may be indicated.

Sharing. The dog profile and diary may be shared via link or QR code. Shared content is visible to anyone with the link.

Visibility. Posts and stories are visible to community users according to settings. Comments are associated with posts and visible to users. Chat allows private messages between users. Reports are visible on the map according to service settings. Content visibility may vary depending on the feature used, account settings, content nature and sharing methods provided by the service.

Moderation. Text and images are subject to automatic checks to prevent inappropriate content. Content that violates the rules may be rejected or reported.

Location is required to create reports (dangers, lost dogs, etc.). Reports are displayed on the map and associated with the account. The map uses location to show clusters and nearby reports and to filter lost dogs based on the area of interest configured by the user.

Safe Walk requires permission to use location in the background. During the walk, start and end coordinates, route points, duration and distance are recorded. Data may be associated with the account and processed to provide the Safe Walk experience and, where applicable, for statistics, history or service-related alerts. Background location is only used when the user actively starts Safe Walk.

Amico Fido may offer features supported by artificial intelligence technologies, such as informative chat, verification of toxicity of foods, plants or substances, generation of dog-related descriptions, analysis of images or videos and tools to support training activities.

For the provision of these features, some content sent by the user, such as text, images, videos or dog-related data, may be processed through third-party technology providers specialised in artificial intelligence services, who operate, as the case may be, as service providers or autonomous controllers under their respective terms and policies.

The use of these features is for informational, support and experience improvement purposes and does not replace the advice of qualified professionals, including veterinarians, trainers or educators, where necessary.

The user is invited not to enter unnecessary personal data, information exceeding the request made or content they do not wish to be processed for the provision of the service in the AI-based features.

AI service providers may have their headquarters or servers outside the European Union or Switzerland. For more information on international transfers, see section 21.

We use the notification token to send alerts about nearby reports, lost dogs, community activity, chat messages and other service-related alerts. The user may disable notifications in the app settings.

Subscriptions (Club, Training and similar) are managed through digital stores (App Store, Google Play) and specialised platforms that verify their status. For verification of subscription and premium feature status we may use specialised technology platforms integrated with digital stores. We do not receive credit card data; payments are handled by the stores. The support link may lead to donation pages managed by third parties; in that case payments are handled by the payment service provider.

Content is subject to automatic checks on text and images. Users may report inappropriate content and block other users. Suspicious chat messages may be quarantined. We record errors and activity to ensure security and proper service operation.

The "Contact us" form on the website collects name, email and message. It is protected by anti-spam tools. The app may offer a dedicated screen for contacting support.

Data may be disclosed to:

• Artificial intelligence service providers, for Ask Fido, toxicity check, dog AI profile and video analysis; • Moderation service providers, for image control; • Push notification service providers, for sending notifications; • Real-time chat service providers, for messaging; • Maps and geolocation service providers, for maps, autocomplete and reverse geocoding; • Payment and subscription service providers, for in-app purchases and donations; • Analytics and monitoring service providers, for errors, crashes and website analysis; • Authentication providers (e.g. Google or Apple), to allow access via external credentials.

Some of these providers may have their headquarters or servers in the United States or other countries outside the EU and Switzerland.

Data may also be disclosed to consultants, collaborators, technology infrastructure, hosting and storage providers, to the extent strictly necessary for the provision and security of the service.

Some of the providers used by Amico Fido may have their headquarters or servers in countries outside the European Union or Switzerland.

When this occurs, the processing of personal data takes place in compliance with applicable legislation and, where required, on the basis of one of the transfer mechanisms recognised by law, such as adequacy decisions, standard contractual clauses or other appropriate safeguards.

Further information on international transfers and applicable safeguards may be requested at the contact details indicated in this policy.

Personal data is retained for no longer than necessary to achieve the purposes for which it was collected and processed, unless applicable legislation requires or permits longer retention periods.

Retention periods may vary depending on the category of data, the purpose of processing, the need to handle disputes or user requests, as well as applicable legal, tax, administrative or security obligations.

Active account data is generally retained until account deletion. Session data is retained for the time necessary to provide the service. Logs and error and security information are retained for a limited period, proportionate to monitoring, protection and debugging needs.

Content deleted by the user and data associated with the deleted account may be removed according to normal technical processes of retention, backup, cleanup and system security.

The user may request deletion of their account through the features available in the app. The procedure may require password confirmation or other security checks.

Upon deletion request, the account is deactivated and subject to a process of deletion, anonymisation or cleanup of associated data and content, within the limits and timeframes compatible with service operation, internal technical processes, legal obligations and any needs to protect the controller's rights.

Access tokens are revoked and main account-related features cease to be available. Some content or files on storage, cache or backup systems may be removed at a later time, according to normal technical retention and cleanup cycles.

Once the deletion procedure is complete, the account cannot be restored, except where retention of specific data is necessary for legal obligations, security reasons, abuse prevention or protection of the controller's rights.

Under the GDPR and FADP, the user may exercise the right of access, rectification, erasure, restriction of processing, data portability and objection, as well as withdraw consent where applicable. They may also lodge a complaint with the competent supervisory authority (in Italy, the Garante per la protezione dei dati personali; in Switzerland, the Federal Data Protection and Information Commissioner – FDPIC). To exercise these rights, the user may contact the controller at the details indicated in sections 2 and 28.

The service is not intended for users who do not meet the minimum age required by applicable legislation to use digital services autonomously or to validly give consent, except with the involvement of the holder of parental responsibility, where required.

If we become aware that personal data of a minor has been collected in violation of applicable legislation, we will take reasonably necessary measures to remove such data or limit its processing.

Passwords are processed and stored with appropriate technical measures, according to suitable security standards. Communications are protected via cryptographic protocols. Access to data is limited to authorised personnel. Moderation measures and controls are in place to prevent abuse and ensure service security.

This policy may be updated to reflect changes to the service or legislation. Significant changes will be communicated via the app or email. The date of last update is indicated at the top of the document.

For privacy questions or to exercise your rights:

Pietro Petrocchi Maestri Comacini 29B, Morbio Inferiore, 6834, Switzerland pietropetrocchi@protonmail.com

The following information supplements this Privacy Policy for users who reside in the United States, with particular reference to California residents and other States that provide specific privacy rights, where applicable.

1. Scope of application. This section applies to users who reside in the United States and use the Amico Fido mobile application, website or related services. The applicability of specific laws (such as the California Consumer Privacy Act and its amendments) depends on the thresholds and requirements set out in each regulation. In case of doubt about applicability, you may contact the controller at the contact details indicated below.

2. Categories of personal data collected. In line with what is described in the preceding sections, the categories of personal data that may be collected include: identifiers (name, email, username), authentication data (password, identifiers provided by Apple or Google), profile data (photo, language, timezone), dog-related data (name, breed, age, weight, allergies, photo, health status), user-generated content (posts, comments, stories, chat messages, reports), location data (GPS coordinates, routes, including tracking during Safe Walk), technical data (notification tokens, IP address, error and app version information) and subscription-related data. Where applicable law so provides, precise location data may qualify as sensitive information.

3. Sources of personal data. Data is obtained directly from the user (registration, profile, content, settings), from the device (location, tokens, technical data), from third parties (Google, Apple, subscription platforms and digital stores) and, on the website, from privacy-oriented analytics tools.

4. Purposes of use. Data is used for service delivery, account and profile management, community, reports, Safe Walk, AI-based features, push notifications, subscriptions, moderation, security, support and service improvement, as described in the preceding sections.

5. Categories of third-party recipients. Data may be disclosed to artificial intelligence, moderation, push notification, real-time chat, maps and geolocation, payment and subscription, analytics and monitoring service providers, as well as to authentication providers (Google, Apple), consultants, collaborators and infrastructure, hosting and storage providers, to the extent necessary for service delivery and security. Some of these parties have their headquarters or servers in the United States.

6. Privacy rights recognised to residents in the United States, where applicable. Where applicable law so provides, residents in the United States may have the right, among others, to: know the categories and purposes of data collection and use; access personal data; request deletion; request rectification; request data portability; object to or limit certain uses; not be discriminated against for exercising such rights. The existence and scope of such rights depend on the applicable law and applicability thresholds.

7. Sale, sharing and targeted advertising. Amico Fido does not sell personal data in the commonly understood sense and, based on the current configuration of the service, does not appear to engage in the sale or sharing of personal data for cross-context behavioral advertising or targeted advertising purposes, subject to any different legal classifications under applicable law.

8. How to exercise your rights. To exercise the rights provided by applicable law, you may contact the controller at the contact details indicated in the "Contacts" section of this policy, specifying, where possible, the right you wish to exercise and the information useful to identify your account.

9. Identity verification. To protect personal data, the controller may require identity verification before processing requests for access, deletion or portability. Verification methods will be proportionate to the type of request and the privacy risk.

10. Non-discrimination. Where applicable law so provides, the controller will not discriminate against users for having exercised their privacy rights, for example by applying different prices or denying access to the service, except where differential treatment is permitted or required by law.

11. Privacy contacts. For questions about this section or to exercise the rights of residents in the United States: Pietro Petrocchi, Maestri Comacini 29B, Morbio Inferiore, 6834, Switzerland, pietropetrocchi@protonmail.com.