You’re trusting PupManager with your livelihood and your clients’ details. Here’s plainly how that data is kept safe — no jargon, no box-ticking theatre. For the full legal detail, see our privacy policy.
1. Your data is yours
Your client list, session history and notes belong to you — not to us. We don’t sell it, we don’t rent it, and we don’t use it to advertise to you or your clients. You can export your data or ask us to delete it at any time.
2. Encryption
Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are stored using industry-standard hashing — never in plain text, and not even we can read them.
3. Payments
Payments are coming soon, handled by Stripe, a PCI-DSS Level 1 provider. By design, full card numbers go straight to Stripe and never touch PupManager’s servers — we won’t see or store them.
4. Infrastructure & subprocessors
PupManager runs on established, audited infrastructure. We use a small set of subprocessors, each bound to process data only on our instructions:
- Vercel — Hosting, deployment, file storage.
- Supabase / Postgres — Primary database.
- Stripe — Payments (coming soon).
- Resend — Transactional email (codes, receipts, reminders).
- Apple APNs / Google FCM — Push notification delivery.
- Anthropic — AI-assisted features — inputs are not used to train models.
The current, authoritative list (with regions) lives in the privacy policy and is kept in sync there.
5. Access control
Access to production data is narrow and on a need-to-know basis, and our infrastructure is kept patched and up to date. No system is bulletproof — but we keep the door small and watched.
6. Backups & retention
Backups are encrypted and roll off within 35 days. Server logs are typically kept ~30 days unless flagged for a security investigation. If you close your account, your personal data is removed from active systems and rolls off backups within 35 days.
7. Privacy law (NZ & Australia)
PupManager is operated by KBMedia in New Zealand and is built to align with the NZ Privacy Act 2020 and the Australian Privacy Principles. If you have clients in the EU or UK, our privacy policy also covers the GDPR / UK GDPR. You and your clients can request access to, correction of, or deletion of personal data — see your rights.
8. Reporting a vulnerability
If you believe you’ve found a security issue, please email security@pupmanager.com. We’ll acknowledge it, investigate, and keep you posted. Please give us a reasonable window to fix it before disclosing publicly — we genuinely appreciate the heads-up.
9. If something goes wrong
No provider can promise nothing will ever happen. What we promise is honesty: if we detect a breach that affects your data, we’ll tell you what happened, what we’re doing about it, and what you should do — without spin.