Privacy Policy

Your trust is important. Here is how we handle your data.

Quick Summary

Groomfiy collects personal information to provide pet grooming scheduling and booking services. We share your data only with your chosen groomer and trusted service providers necessary to operate the platform. We do not sell or share your personal information for advertising or marketing purposes. You have the right to access, correct, delete, and port your data. For questions, contact us at privacy@groomfiy.com.

1. Who We Are

Data Controller

Company Name: Hollmerz LLC
Registered Address: 30 N Gould St Ste R, Sheridan WY 82801, United States
Contact Email: privacy@groomfiy.com

Groomfiy is a SaaS platform that connects pet owners with independent professional groomers. We act as the data controller for personal information collected through our platform. When Groomers receive customer data to provide services, they act as independent data controllers for that data.

Person in Charge of Personal Information Protection (Quebec Law 25):Mohammed Saeed Alshmesaty, Founder of Hollmerz LLC. Contact: privacy@groomfiy.com. This person is responsible for ensuring our compliance with Quebec's Act respecting the protection of personal information in the private sector (Law 25).

2. Information We Collect

We collect the following categories of personal information to facilitate booking and service delivery:

CategoryData CollectedPurposeRetention
IdentifiersName, email, phone numberAccount creation, communication, bookingAccount lifetime + 30 days post-deletion
GeolocationHome address (mobile grooming only)Service delivery for mobile groomersAccount lifetime + 30 days post-deletion
Pet InformationName, breed, weight, photos, vaccination status, behavioral notesAppropriate grooming servicesAnonymized 2 years after last booking
Financial / PaymentTokenized card info (via Stripe), transaction historyProcess payments, refunds, billing7 years (US tax/IRS retention)
Commercial InfoBooking history, service preferences, reviewsService improvement, re-booking convenience7 years (mirrors transaction record retention)
Internet ActivityIP address, browser type, device info, pages visitedSecurity, fraud prevention, error monitoring1 year
Communication RecordsSMS logs, email logs, support messagesService delivery, dispute resolution18 months

What We Do NOT Collect:We do not collect Social Security numbers, driver's license numbers, biometric data, racial or ethnic origin, religious beliefs, sexual orientation, or genetic information.

Payment Card Data: Full card numbers are never stored by Groomfiy. All payment card data is securely handled by our PCI-DSS Level 1 certified payment processor (Stripe). We only receive tokenized references.

3. Pet Health Information

We collect limited pet health data such as vaccination status, medical conditions, and groomer notes. This information is:

  • Shared with your selected Groomer only to ensure safe service delivery.
  • Groomer notes (private observations by the groomer about your pet) are encrypted and visible only to the groomer — never returned in public-facing endpoints.
  • Never sold or shared with third parties for marketing purposes.
  • Retained only as long as necessary for service provision and pet safety.

4. Legal Basis for Processing

For users in the EU/EEA (GDPR): We process your personal data under the following legal bases:

Data TypeLegal BasisPurpose
Contact InformationContract PerformanceService delivery and communication
Payment DataContract PerformanceProcess payments for services
Pet InformationContract PerformanceProvide appropriate grooming services
Health/Vaccination DataLegitimate InterestEnsure safety of pets and groomers
Usage/Analytics DataLegitimate InterestSecurity, fraud prevention, error monitoring
Marketing CommunicationsConsentSend promotional materials (opt-in only)

For users in the United States: We process your personal data based on contractual necessity (to provide the services you requested), legitimate business interests (security, fraud prevention, service improvement), and your consent where required by law (marketing communications, SMS).

5. Data Saving & History

We save your profile and appointment history to:

  • Allow you to easily re-book without re-entering details.
  • Enable Groomers to track your pet's grooming history and specific needs over time.
  • Provide you with receipts and past service records.
  • Improve our services through analysis of usage patterns (in aggregate, not individually).

6. Data Retention

We retain your personal data for as long as necessary to provide services and fulfill the purposes described in this policy. Retention Schedule:

  • Account information (email, name, phone, address): retained for the lifetime of your account, plus 30 days after account deletion for backup purges.
  • Transaction records (payments, refunds, chargebacks): 7 years (US tax / IRS retention requirement).
  • Pet records and grooming history (after account deletion): anonymized after 2 years from last booking.
  • SMS/email logs: 18 months for fraud prevention and dispute resolution.
  • Audit logs and access logs: 12 months.
  • Backup snapshots: 30 days, then purged.
  • Records under legal hold: retained for the duration of any actual or reasonably anticipated legal claim or regulatory investigation.

6.1 Fraud Prevention Data

When you make a booking, we collect your IP address and browser fingerprint (user-agent) to defend against fraudulent chargebacks. This data is shared with the Groomer and payment processors (Stripe) only when responding to a payment dispute you have initiated. This data is retained for 18 months alongside SMS/email logs (see retention schedule above).

7. Sharing with Independent Groomers

When you book an appointment, your relevant data (contact info, address for mobile services, pet information) is shared strictly with the Groomer you have chosen. This data is shared solely for the purpose of service delivery.

Independent groomers on our platform are separate and independent data controllers for the customer data shared with them. For details on how Groomfiy processes data on behalf of Groomers, see our Data Processing Agreement. Groomers are contractually obligated to:

  • Use your data only for service provision purposes.
  • Protect your data with appropriate security measures.
  • Delete your data when no longer needed for service delivery.
  • Not sell, share, or use your data for their own marketing without your separate consent.
  • Comply with applicable data protection laws.

8. Third-Party Services

We use the following trusted third-party services to operate our platform:

  • Stripe: Payment processing for grooming service payments and groomer payouts. PCI-DSS Level 1 certified. Stripe Privacy Policy
  • Creem.io: Subscription billing and management for groomer accounts. Creem.io Privacy Policy
  • Twilio: SMS notifications for booking confirmations and reminders. Twilio Privacy Policy
  • SMS Communications: When we send transactional SMS notifications about your appointments, your first name, pet's name, appointment date/time, and the groomer's business name are transmitted to Twilio (USA) for delivery. We do not send marketing or promotional SMS messages. You may opt out by replying STOP to any message.
  • Resend: Email communications (booking confirmations, receipts, reminders). Resend Privacy Policy
  • Cloudflare R2: Photo storage for pet photos and profile photos. Cloudflare Privacy Policy
  • Sentry: Error monitoring and application performance (anonymized error data only, no personal content). Sentry Privacy Policy
  • Vercel, Inc.: Frontend hosting (Next.js application). USA. Vercel Privacy Policy
  • Railway Corp.: Backend hosting (Node.js/Express API). USA. Railway Privacy Policy
  • Neon, Inc.: PostgreSQL database hosting. USA (us-east-1). Neon Privacy Policy

Each third-party provider has their own privacy policy governing their use of your information. We maintain data processing agreements with all providers that process personal data on our behalf.

9. International Data Transfers

Cross-Border Data Transfers

Groomfiy is based in the United States. If you are accessing the Platform from outside the US, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards for international transfers:

  • EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework for transfers from the EU to the US.
  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions.
  • Contractual Protections: All our third-party processors are bound by data processing agreements that include appropriate transfer mechanisms.

To receive a copy of the relevant safeguards, please contact us at privacy@groomfiy.com.

10. Your Rights

Regardless of where you live, we provide all users with the following rights regarding their personal data:

How to Exercise Your Rights

  • Email: Send a request to privacy@groomfiy.com with "Data Rights Request" in the subject line.
  • Account Settings: Access, correct, or delete your data directly through your account settings.
  • In-App: Use the "Download My Data" feature in your profile settings.

We will respond to your request within 45 days of receipt, the maximum permitted under applicable U.S. state privacy laws. We may extend this period by an additional 45 days when reasonably necessary, with prior notice. We may need to verify your identity before processing your request.

Right to Access

Request a copy of all personal data we hold about you, including categories of data processed, purposes, recipients, and retention periods.

Right to Rectification

Request correction of inaccurate or incomplete data. You can update most information directly in your account settings.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. We may retain certain data to comply with legal obligations (e.g., financial records), to establish or defend legal claims, or where processing is necessary for public health purposes.

Right to Data Portability

Receive your data in a machine-readable format (JSON or CSV) to transfer to another service provider.

Right to Restrict Processing

Request limitation of how we use your data while we verify accuracy or resolve a dispute.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent at any time for processing based on consent (e.g., marketing communications). This does not affect the lawfulness of processing before withdrawal.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, quality of service, or access for exercising your rights.

11. California Privacy Rights (CPRA)

For California Residents

The California Privacy Rights Act (CPRA) provides additional rights for California residents.

Sale and Sharing of Personal Information

Groomfiy does not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Categories of Personal Information Collected (Last 12 Months)

CategoryCollectedBusiness PurposeSold/Shared
Identifiers (name, email, phone)YesAccount creation, service deliveryNo
Commercial information (bookings, transactions)YesBooking management, billingNo
Internet activity (browsing on platform)YesSecurity, error monitoringNo
Geolocation (address for mobile grooming)YesMobile grooming service deliveryNo
Sensory data (pet photos)YesPet identification for groomingNo
Inferences (service preferences)YesService recommendationsNo

Sensitive Personal Information

We may collect sensitive personal information including precise geolocation (for mobile grooming services) and financial account information (for payment processing). We use this information only as necessary to provide our services. You have the right to limit our use of sensitive personal information to what is strictly necessary.

Your California Rights

  • Right to Know: Request disclosure of what personal information we collect, use, and disclose.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information, but you may exercise this right at any time.
  • Right to Limit Use of Sensitive Info: Limit the use of sensitive personal information to what is necessary for our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

How to Exercise California Rights

Submit requests through:

  • Email: privacy@groomfiy.com (subject: "California Privacy Request")
  • Web Form: Contact form at groomfiy.com/contact

We will verify your identity before processing your request. We may ask for your account email address and additional verification information. We will respond within 45 days (extendable by 45 days with notice).

Financial Incentives

We do not offer financial incentives or price differences in exchange for your personal information.

12. Additional US State Privacy Rights

In addition to California, the following states provide additional privacy rights to their residents. If you reside in one of these states, you may exercise the rights described below by contacting privacy@groomfiy.com:

  • Virginia (VCDPA): Right to access, correct, delete, obtain a copy of, and opt out of targeted advertising and sale of personal data.
  • Colorado (CPA): Right to access, correct, delete, data portability, and opt out of targeted advertising, sale, and profiling.
  • Connecticut (CTDPA): Right to access, correct, delete, data portability, and opt out of targeted advertising and sale.
  • Utah (UCPA): Right to access, delete, and opt out of sale and targeted advertising.
  • Other States: As additional US states enact consumer privacy laws, we will comply with applicable requirements. Contact us for information about your specific state rights.

If we deny your request, you have the right to appeal. To appeal, email privacy@groomfiy.com with "Privacy Appeal" in the subject line.

13. Cookies & Tracking

We use cookies to operate and secure our platform. We only use essential cookies that are strictly necessary for the platform to function. We do not use analytics, advertising, marketing, or tracking cookies.

Cookie NamePurposeDurationType
groomerAccessTokenAuthentication — maintains your login session15 minutesEssential
groomerRefreshTokenSession refresh — extends your login session7 daysEssential
XSRF-TOKENSecurity — protects against CSRF attacksSessionEssential

Why Only Essential Cookies? We believe in data minimization. We do not use analytics, advertising, or tracking cookies. Since we only use strictly necessary cookies, no cookie consent banner is required under GDPR or ePrivacy regulations.

Managing Cookies: You can block or delete cookies through your browser preferences. Note that blocking essential cookies will prevent you from logging in or using the platform.

14. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in the EU). If you believe we have collected data from a minor, please contact us immediately at privacy@groomfiy.com, and we will take steps to delete such information promptly.

15. Data Security

We implement robust security measures to protect your data:

  • Encryption in Transit: All data transmission uses TLS 1.3 encryption.
  • Encryption at Rest: Database and backups are encrypted using AES-256.
  • Access Controls: Strict role-based access controls for all systems.
  • Password Security: User passwords are hashed using bcrypt (never stored in plaintext).
  • PCI Compliance: Payment processing handled by Stripe (PCI-DSS Service Provider Level 1).
  • Security Headers: HTTP security headers (HSTS, CSP, X-Frame-Options) enforced via Helmet.js.
  • Rate Limiting: Authentication endpoints are rate-limited to prevent brute-force attacks.
  • CSRF Protection: All state-changing requests require CSRF token validation.

While we strive to protect your data using industry-standard measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you promptly of any breach affecting your data.

16. Data Breach Procedures

Our Commitment

In the event of a data breach affecting your personal data, we are committed to notifying affected users promptly.

  • 72-Hour Notification: We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach (as required by GDPR, where applicable).
  • US State Notification: We will notify affected users as required by applicable US state breach notification laws (typically within 30-60 days).
  • User Notification: If the breach is likely to result in a high risk to your rights, we will notify you directly without undue delay.
  • Notification Contents: Notifications will include the nature of the breach, categories of data affected, likely consequences, and measures taken.
  • Documentation: All breaches are documented internally for compliance and improvement purposes.

If you suspect a security incident, please report it immediately to security@groomfiy.com.

17. Right to Lodge a Complaint

Your Right to Complain

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with a supervisory authority or regulatory body.

We encourage you to contact us first at privacy@groomfiy.com so we can attempt to resolve your concerns directly.

18. SMS / Text Message Policy

Text Message Communications

By providing your phone number and using the Platform, you consent to receive SMS text messages related to your bookings and account.

  • Types of Messages: Booking confirmations, appointment reminders, cancellation/rescheduling notices, payment receipts, no-show alerts, and review requests.
  • Message Frequency: Varies based on your booking activity. Typically 2-5 messages per appointment.
  • Message and Data Rates: Standard message and data rates from your carrier may apply.
  • Opt-Out: Reply STOP to any message to opt out of non-essential SMS. Note: booking confirmations and payment receipts are transactional and cannot be opted out of while using the service.
  • Help: Reply HELP for assistance, or contact support@groomfiy.com.
  • Supported Carriers: All major US carriers supported. Carrier availability may vary.

We will never send marketing text messages without your separate opt-in consent. Your consent to receive transactional SMS is not a condition of purchasing any service, but is necessary for service delivery notifications.

19. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes:

  • We will notify you by email (if you have an account).
  • We will post a prominent notice on our platform.
  • We will update the "Last Updated" date below.
  • For significant changes, we may require you to review and accept the updated policy.

We encourage you to review this policy periodically. We review and update this policy at least annually.

20. Contact Us

For any privacy-related questions, to exercise your data rights, or to report a concern:

  • Privacy Email: privacy@groomfiy.com
  • Security Email: security@groomfiy.com
  • General Support: support@groomfiy.com
  • Postal Address: Hollmerz LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, United States
  • Response Time: We aim to respond within 72 hours for general inquiries. For verifiable data rights requests (access, deletion, correction, portability, opt-out), we will respond within 45 days of receipt, the maximum permitted under applicable U.S. state privacy laws. We may extend this period by an additional 45 days when reasonably necessary, with prior notice of the extension and the reason.

Version: 3.1

Last Updated: May 8, 2026

Last Reviewed: May 8, 2026

Effective Date: May 8, 2026

Next Review: November 8, 2026