Privacy policy — Pet Red Alert

This Privacy Policy explains what personal data the Pet Red Alert platform (available at https://petredalert.com) collects, the purposes and legal bases for processing it, the tools we use, where the data is stored, and your rights under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and Greek Law 4624/2019.

1. Who we are — Data Controller

Pet Red Alert is a non-commercial, community service for residents of the Δήμος Σαρωνικού (Anavyssos, Palaia Fokaia, Saronida, Kouvaras) and the wider Greek community, with the sole purpose of reuniting owners with their lost pets.

Controller: D. Petropoulos (natural person, non-commercial operation).
Contact email: info@itcs.services
Data-protection requests: privacy@itcs.services

We have not appointed a Data Protection Officer (DPO) because our processing does not fall within the mandatory cases of GDPR Article 37. You can reach us directly at the addresses above for any data-protection matter.

2. What data we collect

2.1 Posting a lost / sighting / found notice

When you post a notice (no account required) we collect:

Contact email address and (optional) name.
Photos of the animal (originals and derived thumbnails).
Descriptive fields: species, breed, colour, size, distinctive marks, microchip number (if known).
Location of last sighting / encounter (precise lat/lon).
Date and time of the incident.
Preferred language of the post and contact preferences.

On submission we generate a secret manage_token which is emailed to you and lets you edit, delete, mark reunited, and read messages other users sent you about the post.

2.2 User accounts (optional)

If you create an account to manage multiple posts, we use passwordless magic-link sign-in. We collect:

Email address (your unique identifier).
Optional display name and role (resident / volunteer / admin).
Preferred language, notification radius (km), optional phone.
SHA-256 hash of one-time magic-link tokens — the raw token is never stored.
Session metadata: session ID, hashed IP, user-agent, expiry.

2.3 In-platform messaging

Sender's email address and optional name.
Message body.
Hash of the sender's IP (for abuse prevention).
Delivery and read state.

Sender email addresses are displayed to the recipient in masked form (e.g. i***@example.com) and are revealed only after a 6-digit 2FA confirmation emailed to the recipient.

2.4 Two-factor confirmation (2FA) for sensitive actions

For the actions edit / delete / mark reunited / reply to a message / reveal sender email / decide on an AI match, a 6-digit code is issued with a 5–10 minute lifetime. We store only a SHA-256 hash of the code, never the code itself, together with the action, issuance/use timestamps and a hashed source IP.

On successful confirmation an optional “trust cookie” is issued (30-minute fixed lifetime, no sliding renewal) so that further actions on the same post in the same window do not need a new code.

2.5 Technical and security data

Hashed IP: we store only the SHA-256 hash of your IP (from the cf-connecting-ip header) for abuse detection. The raw IP is never persisted.
User-Agent: for diagnostics and bot detection.
Audit log: every significant action (create/edit/delete, 2FA issuance/redemption, email reveal) is recorded with target, actor and timestamp.
Cloudflare Turnstile: bot challenge. The Turnstile token is verified server-side; it is not linked to your session beyond that verification.

2.6 AI processing and image matching

To match lost-pet posts against sightings, your photos undergo:

A 512-dimensional vector embedding (CLIP-style model) computed via Cloudflare Workers AI.
Attribute extraction (colour, size, breed, marks) using a vision model (@cf/meta/llama-3.2-11b-vision-instruct).
Automatic EL↔EN translation of free-text fields via @cf/meta/m2m100-1.2b, so posts appear in both site languages.

Automated scoring combines visual (0.45), attribute (0.25), geographic (0.20) and temporal (0.10) signals. This is an assistive, non-binding ranking: the actual “yes/no, that's my pet” decision is always made by a human. No decision is taken that produces legal or similarly significant effects within the meaning of GDPR Article 22.

3. Purposes and legal bases (GDPR Article 6)

We process your data on the following legal bases:

Consent (Art. 6(1)(a)): for posting notices, uploading photos, and publishing location on public views. You may withdraw consent at any time by deleting your post.
Legitimate interests (Art. 6(1)(f)): for AI-assisted matching, neighbour notifications, free-text translation, security measures (Turnstile, hashed IP, 2FA, audit log) and operating the platform reliably. We have performed an internal balancing test against your rights and freedoms.
Performance of a service: to manage your posts via the manage-link emailed to you.
Legal obligation (Art. 6(1)(c)): where required by law (e.g. responding to a competent authority, retention of security records).

4. Public views — what others see

Public listings (/browse, /pet/{id}, /sighting/{id}) show a fuzzed location (5-character geohash cell, roughly 5 km accuracy). Precise coordinates are used only for internal matching and are never exposed publicly.
Photo thumbnails are shown publicly; full-resolution originals stay private.
Your contact email is never displayed publicly. Visitors message you via the platform, which relays the message to your inbox.
On the manage page (/manage/...) sender emails are shown masked and revealed per row only after a 2FA confirmation.

5. Where data is stored

All data is hosted on Cloudflare infrastructure, specifically:

Cloudflare D1 (relational SQLite database) — region EEUR (Eastern Europe).
Cloudflare R2 (photo storage) — Cloudflare default region.
Cloudflare KV (cache for public views).
Cloudflare Vectorize (512-dim vector embeddings) — Cloudflare's distributed network.
Cloudflare Queues (async processing pipeline).
Cloudflare Workers + Workers AI (application runtime and ML models) — Cloudflare's distributed network.

Cloudflare acts as a processor under its Data Processing Addendum (DPA) and EU Standard Contractual Clauses (SCCs). See: cloudflare.com/trust-hub/gdpr.

6. Third parties — processors and providers

Provider	Purpose	Data
Cloudflare, Inc.	Hosting, database, storage, AI, traffic management, anti-bot (Turnstile), consent management & tag management (Zaraz)	All platform data, hashed IPs, images
Google Ireland Ltd. (Google Analytics)	Aggregated traffic analytics — only after you grant consent. Loaded via Cloudflare Zaraz (server-side proxy); your IP is pseudonymised before reaching Google.	Pseudonymised IP, GA cookie identifier, pages visited
Google LLC (Workspace, Gmail API)	Sending transactional email (manage link, 2FA, notifications)	Recipient email address, email body
Resend, Inc. (fallback)	Email delivery when the primary provider is unavailable	Recipient email address, email body
OpenStreetMap Foundation	Map tiles for the location picker / browse map	Browser IP at tile load, User-Agent
Google LLC (Google Fonts)	Serving Fraunces / Inter web fonts	Browser IP at font load, User-Agent

When you load public pages, your browser fetches map tiles and fonts directly from these providers, which means they see your IP address. We do not pass any other personal data to them.

7. International data transfers

Some of the providers listed above may process data outside the European Economic Area (primarily in the United States). Such transfers are made on the basis of:

the European Commission's Standard Contractual Clauses (SCCs), and/or
the EU–US Data Privacy Framework adequacy decision (where the provider is certified).

8. Retention

Active lost-pet posts: for as long as the case is open.
Reunited or closed posts: anonymised after 30 days, unless you ask for sooner deletion.
Sighting posts: archived after 14 days of inactivity.
Photos: deleted with their post; thumbnails may persist in cache for up to 24 hours.
Magic-link tokens: never stored in clear text; deleted on use or after 15 minutes.
2FA codes: hashed, single-use, max 10-minute lifetime.
Manage trust cookies: 30 minutes, non-sliding.
Audit log: 12 months.
Account sessions: until expiry or sign-out; hashed IP and user-agent kept until session expiry.
Hashed IPs in messages / 2FA records: 90 days (for abuse detection).

9. Security

We implement technical and organisational measures including:

Encryption in transit (TLS 1.2+) and at rest in Cloudflare D1/R2.
SHA-256 hashing of IP addresses; raw IPs are not persisted.
SHA-256 hashing of all tokens (magic link, 2FA, trust cookies); raw tokens are never stored.
Least-privilege bindings for every Worker / queue consumer.
Email-based 2FA on every destructive or PII-revealing action on manage pages.
Rate limiting and Cloudflare Turnstile on every submission endpoint.
Cache-Control: no-store on every manage URL and authenticated response.
Masked sender emails on the manage page with explicit per-row reveal flow.
Audit logging of all critical actions.
Strict separation of precise location (internal only) from public projections (~5 km).

10. Your rights (GDPR Articles 15–22)

You have the right to:

Access your personal data (Art. 15).
Rectify inaccurate data (Art. 16).
Erase your data (“right to be forgotten”, Art. 17).
Restrict processing (Art. 18).
Portability in a structured, machine-readable format (Art. 20).
Object to processing based on legitimate interests (Art. 21).
Withdraw consent at any time, without affecting the lawfulness of prior processing.
Not be subject to a decision based solely on automated processing producing legal or similarly significant effects (Art. 22). Note that AI matching on this site is assistive only and requires human confirmation.

To exercise your rights, email privacy@itcs.services. We respond within 30 days. For particularly complex requests, this period may be extended by up to two months, in which case we will inform you.

11. Right to lodge a complaint

You have the right to lodge a complaint with the Hellenic Data Protection Authority (1–3 Kifissias Avenue, 11523 Athens, tel. +30 210 6475600, www.dpa.gr), or with the supervisory authority of your EU country of residence.

12. Children

This service is not intended for users under 16. We do not knowingly collect data from children under 16 without parental/guardian consent. If you believe a minor has created a post or account, email privacy@itcs.services and we will delete it promptly.

13. Cookies and similar technologies

We use essential cookies for the platform to function (security, managing your own posts, recording your consent choice), and — only after your explicit consent — anonymised analytics cookies (Google Analytics via Cloudflare Zaraz).

We do not use advertising cookies, we do not build personalised profiles, and we do not share your data with advertising networks (no ad_storage, no ad_user_data, no ad_personalization in Google Consent Mode v2).

For a full list of cookies, the provider, the purpose, the retention period, and to manage your consent per category, see the Cookies policy.

14. Automated decision-making and profiling

Image matching (CLIP embeddings + scoring on colour, size, location, time) is used only to suggest potential matches to the owner / poster. The final “yes/no, that's my pet” decision is taken by a human. No decision is taken that produces legal or similarly significant effects on the user within the meaning of GDPR Article 22.

15. Data breaches

In the event of a breach likely to risk your rights and freedoms, we will notify the supervisory authority within 72 hours (GDPR Art. 33) and you, without undue delay, where required by law (GDPR Art. 34).

16. Changes to this Policy

If we materially change how we process data, we will update the effective date and notify registered users by email. Continued use of the platform after a new version is published constitutes acceptance of the updated Policy (to the extent the legal basis is legitimate interest; for processing that requires consent, a new consent will be requested).

17. Contact

For any question regarding this Policy or your data:

Email: privacy@itcs.services
General contact: info@itcs.services

Effective: 2026-05-08.