Your privacy on the web is probably the most important thing you need to worry about these days. We worry about it too, which is why, both in this service and in it’s privacy policy, we’ve attempted to give you the best possible treatment for your personal information. We collect only personal information that you willingly give us, and we never sell or give away any of your information, unless required by law or to make the service work for you. That’s our privacy policy in a nutshell.

We’ve added two extra sections to this. The Important Stuff is stuff we legally need to tell you. What We Do With Everything is what we want to tell you, but don’t have to. You can read the second one at your leasure whenever (it would be awesome if you did sometime).

The Important Stuff

Who’s Responsible

Our main server administrator is Laef Kucheran. If you have any questions, concerns or comments, just shoot him an email at theteam@findalostpet.org which he checks quite often.

What If This Changes?

If we have to change the privacy policy for some reason or another, we’ll post it right here with some information on what the change was. We’ll also send an email to all account holders who are still signed up for email alerts, post about it on our blog, Tweet about it on our Twitter and likely post it on our Facebook and Google+ too. Also, if you’re worried about a change since sometime, just email us at theteam@findalostpet.org and we’ll happily tell you all about it and explain what it means and why we did it.

What We Do With Everything

It’s best that you know all the information we collect, and what is done with it. Feel free to peruse this at your leasure.

Your Email Address

There are a few ways we may get your email address: If you sign up with it, if someone else invites you to the service, or if you send us an email, usually to theteam@findalostpet.org.

When you sign up with it: We never give your email address to anyone outside of just making sure the service works and checking out who our users are. For example, we may search for your email address online to check whether or not it’s a spam address (believe it or not, people will sign up for services using common addresses, then post that address and the password online, so that anyone can log in). We always search in a private search engine such as DuckDuckGo (privacy policy) or StartPage (privacy policy). When we share the email address among ourselves, we only do so in person or through an encrypted channel, avoiding using services provided by companies with bad privacy policies (like Google, Facebook, etc.).

When someone invites you: Because we want as many people on FindALostPet as possible, so as to help the most pets, we provide a service to some people so that they can invite people they know the email addresses of to FindALostPet. When they enter an email address of someone they wish to invite, we save that email address so as to make sure that if it’s ever entered again, by anyone, we don’t send another invite (we don’t want to spam people, especially not people who haven’t signed up). We don’t give this list to anyone nor do we send emails to an address after it’s in the list.

If you email us: When you send an email to any of our team members, or us in general, we of course save your email and your email address and will respond to it whenever. We don’t spam the people who send us emails and we don’t sell the emails or email addresses to anyone else. If your query requires giving an individual email to another person or organisation (say if you mix us up with another lost pet database and we want to be helpful by forwarding your email to them) we will of course send them the relevant part of your email, and, depending on the query, your email address as well.

If you have any concerns about this policy but don’t want to email us about it (we know there’s that problem there), we’re afraid that you will have to get a friend to email us for you. There is no other way to contact us right now, other than messaging us on Twitter, Facebook or Google+, which may not be the best for privacy.

Your Password

When you sign up for the service or reset or change your password, you give us a password for us to recognise you by (we assume that anyone who can give us both the email address and the password associated with your account is, in fact, you). We never ask you to give us the password for another account and we expect that you will use a password that you have never used before (though it is entirely up to you).

All passwords used for FindALostPet accounts are stored in a hashed form. Hashes are the result of a computer taking a piece of text (lets say “password”) and running a series of mathematical functions on it, to produce another piece of text (so “password” might become “5f4dcc3b5aa765d61d8327deb882cf99”). The cool thing about hashes is that they always produce the same result if given the same original text (so “password” always hashes to “5f4dcc3b5aa765d61d8327deb882cf99,” when using the MD5 hashing algorithm; there are lots of different algorithms producing lots of different hashes and we don’t use MD5).

The other cool thing about hashes is that they’re pretty much impossible to reverse (so, taking “5f4dcc3b5aa765d61d8327deb882cf99,” you cannot algorithmically determine that it is a hash of “password”). This means that even if someone hacks into the website, or one of our team goes snooping (both extremely unlikely events), they still can’t view or use your passwords.

Activity Logs

Our servers retain several types of files, logging the activity of users. These logs typically contain the URL of the the page accessed (such as “https://findalostpet.org/?p=signin”), the time of the request, the IP address that made the request and some of the headers associated (such as the browser version and operating system). This information is kept private and is never shared with anyone. On occasion, we may look up the IP address making a request to determine whether or not it is spam.

Unlike most other websites, we do not use third party analytics or trackers. If you’re worried about other websites doing that, check out Ghostery, a free browser addon that blocks trackers as you browse the web.

Location Data

FindALostPet uses location data to show pets in your area and to show where a pet was lost and has been sighted. We can get your general location (usually down to a nearby larger city) using your IP address, but we hardly ever do this automatically (we may do it on a case-by-case basis as part of our server administration). Alternatively, we can get a more precise piece of location data from your browser, using JavaScript, or from your device. To do this, we always need your permission as we can’t get the information without (most browsers will ask you if you want to tell us where you are).

The third way you might tell us your location is by typing your address. This is of course, again, only something that you do willingly and is assumed as a form of permission to use the data.

We share your location data with one organisation, but never in association with you: We check all locations entered using the Google Maps API, so as to transfer human readable addresses into coordinate pairs and back again. When we make a request to Google Maps, we never send any other data than the address or coordinates required. Google has no idea who actually originated the request and we’ll never tell them, or anyone else.

Maps on the website use map tiles (little images that, when put together, form a larger map of the world) generated by Stamen Design, a San Francisco LLC. In theory the map tiles that are requested, which are requested from your browser directly to them, could identify where you are to Stamen. They’re pretty awesome people (one of their employees actually donated to the launch of FindALostPet) and we trust them enough to do this. You can find out more about Stamen Map tiles (and use them yourself!) here.

We do not save passing location data associated with accounts or IP addresses. Instead, we allow users to save Location-Based Alerts, which are particular locations for which we will alert the user if a pet goes missing near there. We also save location when associated with a pet posting or sighting, but only after the user is given a chance to configure the data, in the form of an address.

Postings, Sightings and Basically All Public Data

All public user-posted data on FindALostPet is covered by our Distribution Policy. Long story short, you maintain exclusive rights to your info and you can delete it at anytime and we’ll make sure it’s off the site and app. However, the info will be public, so we can’t stop people from copying it and redistributing it elsewhere (though we don’t want them to; no one does).

To avoid people posting Not Safe for Work (NSFW) content, we send all images uploaded by users to Clarifai (privacy policy), a visual recognition service. Clarifai maintains copies of these images to train it’s algorithms to better recognise items and ideas, but they don’t share these images with anyone else.

Selling Data

We just don’t do this. And we’ll never do it because 1) it’s evil, 2) we wouldn’t want our data to be sold, 3) it’s your data anyway, we don’t think we have the right to sell it and 4) we don’t need the money; we funded the original launch of FindALostPet on Indiegogo (thanks again to our generous donours!) and we intend to do the same again when the money runs out.

If we ever do sell your data (which will never happen, as explained above), feel free to drag our name through the mud. We’ll have deserved it.

Where Data is Stored

Right now all of your data is stored in three different places: our servers, some of our computers in the form of backups and on your own devices. The first two, we have control over and protect them with our brains and near-on our lives.

The servers, at the moment, are operated by 4GoodHosting, a Canadian hosting company based in Vancouver. They’re pretty awesome people, we’ve had nothing but good service with them and they’re always happy to help us out. We trust them to treat your data with the same, or even more security and professionalism as we do. Their servers are physically located in Toronto and Vancouver.

What Happens if We’re Hacked

All websites really want you to believe that a hack is impossible or extroardinarily unlikely. Unfortunately no system is completely secure. Everyone does their best and everyone does their part to make the Web more secure, but sometimes something really bad happens. If that ever happens to us, we promise to inform you as quickly as possible, most likely be email. Depending on how awful the situation is, we may decide to delete all your data or wipe our entire server. We’ll do our best to alleviate any inconvenience.

If our severs are compromised, we consider it entire within your rights to sue us (after all, that’s what the civil suit system if for), but we would really appreciate it if you didn’t. If we’ve just been hacked, we’re definitely going through a really awful day.

On the bright side, we try our very best to keep the system secure and a hack is pretty unlikely.