Armstrong K9 Registry
Sign in·Create account
Download PDF

Policy

Privacy Policy

Last updated: June 5, 2026

Armstrong K9 Registry (“we”, “our”, “the Registry”) operates a dog pedigree, breeder, and marketplace platform. This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and the rights you have over your information.

1. Who is the data controller

Armstrong K9 Registry is the controller of personal data about its account holders. For visitors who use only public pages (browsing kennels, dog profiles, the marketplace) we are also the controller for log and analytics data.

Contact our privacy team at privacy@armstrongk9registry.com for any privacy question or to exercise your rights.

2. What we collect

2.1 Account & profile

  • Name and email address (required to register).
  • Date of birth (used to verify you are at least 18; we do not store full DOB after verification — only an “is_18+” flag).
  • Optional kennel name, bio, slug, public photos.
  • Notification preferences (heat reminders, listing expiry, broadcasts).

2.2 Pet & pedigree records

  • Dog name, breed, sex, date of birth, color, microchip number, registration number.
  • Health records, titles, awards, photographs, ownership history, pedigree (sire/dam) links.
  • Litter records, breeding listings, heat-cycle data (for females).

2.3 Payments

  • Card payments are processed by Stripe; we never store full card numbers.
  • We retain order metadata: amount, currency, package, Stripe session ID, paid timestamp.
  • Payouts to breeders flow through Stripe Connect Express; bank routing data is held by Stripe under their PCI-DSS attestation.
  • Armstrong Transport bookings use the same Stripe Connect Express pipeline — transporter bank routing information, tax identification, and identity verification documents are submitted directly to Stripe and never touch Registry servers. We retain only the transporter’s Stripe Connect account ID, payouts-enabled flag, and last verification timestamp.

2.3a Armstrong Transport (transporter-specific data)

  • Identity & licensing: USDA Class B transport license number, commercial-auto insurance carrier + policy number + liability limit + expiry date. We retain a copy on file for verification and audit; these fields are NEVER shown publicly on the directory or profile pages.
  • Service area: The U.S. state codes you cover and (optionally) preferred lanes, breed-size familiarity, blackout dates, and minimum/maximum trip distance. These appear on your public profile and drive the routing engine.
  • Trip metadata: Pickup/dropoff city + state, dog count, breed size, requested dates, escrow status, delay flags, dispute history. Buyer email is bound to the order and visible to the assigned transporter but never on the public directory.
  • Repeat-business pairs: When a trip completes, a preferred_transporter_pairs record links the buyer’s email to the transporter’s id with a trip counter. This drives the “Preferred clients” view in your dashboard and gives repeat buyers first-look routing in future Phase 7 features. Either party may request mute or deletion of a pair at any time.

2.4 Communications

  • In-app inbox messages, marketplace inquiries, chat threads, breeding interest notes.
  • Email content we send via Resend (transactional notifications, certificate attachments, transfer invites).
  • Marketing announcements (e.g. feature-launch blasts) are delivered both via in-app inbox and email. You can opt out of broadcasts at any time from Settings → Notification preferences; opting out is honored before we send.
  • Lifecycle emails about your dog(s). If you own a registered dog on the platform, we send a small set of date-triggered emails: an annual birthday note, an annual Gotcha Day anniversary note (one year after a transfer), a one-time 30-day buyer check-in after you receive a dog (which invites you to leave a verified review for the seller), and — if you bought a puppy — a six-lesson first-puppy school drip on days 1, 3, 5, 7, 14, and 30 after homecoming. Every lifecycle email contains a one-click unsubscribe link (CAN-SPAM Section 5(a)(3) compliant) AND can be managed globally from Settings → Notifications or per-dog from each dog's Ownership tab. Transactional emails (purchases, password resets, transfer requests, certificate delivery) cannot be unsubscribed from because they are required to operate the service. The lifecycle email content is educational only; it is not veterinary, legal, or tax advice.

2.4a Provider ↔ Client direct messaging

When you use the in-app messaging system between a service provider (trainer, groomer, walker, sitter) and a client ("Provider ↔ Client Messaging"), the following applies:

  • What we store. Every message body, photo attachment, system event (e.g. automated booking confirmations), sender identity, timestamp, and read receipt is stored on the Registry. Photo attachments are stored in the same encrypted object store as your other uploads. Messages are stored as plaintext on our database and our backups, encrypted at rest at the disk level.
  • Who can read it. Only the two participants in a thread (the provider and the client). Other users of the Registry — including other providers, other clients, and unrelated buyers/sellers — have no way to view your messages. Armstrong staff can view a thread only when (a) both sides have consented in writing, (b) one side opens a dispute that requires us to review the conversation, or (c) we are compelled to do so by law (e.g. a valid subpoena). When staff access a thread, the access is logged.
  • Push delivery. If you have web-push notifications enabled (Settings → Notifications), a short preview of each incoming message (sender name plus up to ~120 characters of the body) is delivered to your device's notification shade through your browser's native push service (Apple Push Notification service, Firebase Cloud Messaging, or Mozilla autopush, depending on your browser). These third parties do not retain message contents. You can disable push at any time without losing access to the messages themselves (they remain in your inbox).
  • Automated PII detection. When you compose a message, our system runs a local-only regular-expression scan that flags US-format phone numbers and email addresses. If the scan triggers, you see a soft warning encouraging you to keep the conversation on Armstrong — you can still send the message; the warning does not block you. A boolean flag (pii_warning) is stored on the message so we can show the same warning on the receiver's side and improve the experience over time. We do not extract or index the detected values themselves.
  • Moderation rights. Armstrong K9 Registry is a venue and does not pre-screen messages. We may, however, (i) temporarily quarantine a thread that has been reported via the in-app report flow, (ii) remove specific messages or attachments that violate our content policy (illegal content, harassment, fraud, etc.), and (iii) suspend the sending or receiving account in serious cases. We do not edit message bodies; redaction is deletion-of-message-only.
  • Retention. Threads are retained while both participating accounts are active. If either account is deleted, that side of the thread becomes inaccessible to the deleted user; the remaining side retains the thread (with the deleted user shown as "User removed") for 90 days, after which the entire thread and its attachments are purged. Threads explicitly archived by both sides are purged 1 year after the last activity.
  • Export & deletion. You can export your entire message history (both sides of every thread you've participated in) from Settings → Data & Privacy → Export. You can request deletion of a specific thread, your half of a thread, or every thread by emailing privacy@armstrongk9registry.com; deletion is honored within 30 days unless the thread is the subject of an open dispute, in which case it is preserved until the dispute is closed (then deleted in the next purge cycle).
  • Off-platform contact at your own risk. If you choose to share contact information with a provider (phone, personal email, social handles) and move the conversation off Armstrong, Armstrong cannot assist with disputes, cancellations, or refunds for service rendered through that off-platform channel. Keeping conversations on the Registry preserves your paper trail.

2.4b Other communications

  • Email content we send via Resend (transactional notifications, certificate attachments, transfer invites).
  • Marketing announcements (e.g. feature-launch blasts) are delivered both via in-app inbox and email. You can opt out of broadcasts at any time from Settings → Notification preferences; opting out is honored before we send.
  • Lifecycle emails about your dog(s). If you own a registered dog on the platform, we send a small set of date-triggered emails: an annual birthday note, an annual Gotcha Day anniversary note (one year after a transfer), a one-time 30-day buyer check-in after you receive a dog (which invites you to leave a verified review for the seller), and — if you bought a puppy — a six-lesson first-puppy school drip on days 1, 3, 5, 7, 14, and 30 after homecoming. Every lifecycle email contains a one-click unsubscribe link (CAN-SPAM Section 5(a)(3) compliant) AND can be managed globally from Settings → Notifications or per-dog from each dog's Ownership tab. Transactional emails (purchases, password resets, transfer requests, certificate delivery) cannot be unsubscribed from because they are required to operate the service. The lifecycle email content is educational only; it is not veterinary, legal, or tax advice.

2.5 Live video tours

  • When you book or join a 15-minute live video tour, the call is delivered by our sub-processor Daily.co. The audio/video stream is end-to-end transient — we do not record or store it. Daily.co retains diagnostic logs (timestamps, room id, participant identifiers) per their published DPA. See our Sub-processors page.

2.6 Two-factor authentication (TOTP)

  • If you enable 2FA on your account, we store an encrypted TOTP shared secret alongside your account. The secret is used solely to verify codes you enter at sign-in or before high-value actions (transfers, escrow releases). Disable 2FA at any time from your account settings to delete the stored secret.

2.7 Technical & analytics

  • IP address, user-agent, pages viewed, referrer.
  • Performance and error telemetry (only when our error reporter is enabled — never form-input contents).
  • Analytics events (when you accept the cookie banner).

2.8 Web push notification subscriptions

If you enable browser push notifications (for example, to receive ~24-hour reminders before calendar events, transport-status updates, escrow milestones, or buyer inquiries), we store the subscription details required to deliver them.

  • The push endpoint URL issued by your browser’s push service (Apple Push for Safari, FCM for Chrome/Edge, Mozilla autopush for Firefox), the public application key, and a per-subscription identifier.
  • The user-agent and approximate device label (so you can revoke a single device from your settings without revoking all of them).
  • We do not store the contents of notifications beyond what is needed to deduplicate sends (e.g., calendar event id and a fired-at timestamp) so you don’t get the same reminder twice.
  • You can revoke push consent at any time from Settings → Notifications or by removing the site from your browser’s notification permissions. Revoking consent triggers immediate deletion of the subscription record.
  • Reminder delivery is best-effort. Browser push services may delay or drop notifications. Do not rely on push alerts as your sole reminder for time-critical events.

2.9 AI-assisted features

Some features on the Registry call third-party large language models to generate text on your behalf — for example, the AI marketing-pack generator (admin-only), the kennel-bio assistant, and any feature labeled “AI” or “AI-generated.”

  • What we send to the LLM. Only the prompt plus the context required to answer it. For the marketing generator this is aggregate platform statistics (counts of kennels, dogs, breeds, completed transports) and the most recent feature changelog headlines — not individual user records. For the kennel-bio assistant this is the kennel’s own description and the breeder’s selections. We do not include other users’ personal data in prompts.
  • Provider. We currently route AI calls to Anthropic’s Claude family via the Emergent LLM Key managed by Emergent. The current vendor list, regions, and DPA links are on our Sub-processors page.
  • No training on your content. Our LLM access is configured so that prompts and outputs are not retained by the provider for model training. If this ever changes we will update the Sub-processors page and notify you before any retention change takes effect.
  • Output is probabilistic, not authoritative. AI-generated text may contain factual errors. You are responsible for reviewing any AI-generated content before publishing or relying on it. See the corresponding section in our Terms of Service for the warranty disclaimer.

2.10 Calendar & reproductive-health data

The personal calendar may store sensitive breeding-related health data — heat-cycle dates, breeding events, predicted whelping dates, vet appointments, and any free-text notes you choose to attach. This data is treated with the same protections as the rest of your account: stored only on the Registry, encrypted in transit, never shared with advertising networks, and never sold. You can export it via your data-export request or delete it at any time from the calendar interface.

2.11 DNA panel reports & genetic data

When you purchase a DNA-Verified Pedigree Registration ($75 add-on per dog) you may upload a third-party DNA panel report (Embark, Wisdom Panel, VGL, or equivalent). This is genetic data about your dog, not about a human, and is therefore not covered by GINA in the United States. We still treat it as sensitive:

  • What we collect. The PDF or image you upload; metadata you provide (file name, optional description); our administrator's written review notes; and the approve / request-changes / reject decision.
  • Who can see it. Only the dog's registered owner (you) and a small set of administrators with reviewer permissions. Reviewers see your uploaded files when assessing the parentage claim. Files are not shown on any public page.
  • What we do with it. We use the report solely to verify your parentage claim before flipping the public DNA-Verified badge on your dog's profile. We do not re-sell, license, or share the report or its underlying genetic data with third parties, advertisers, insurers, or veterinary networks.
  • Important — what DNA-Verified does and does not mean.The badge means an Armstrong K9 Registry administrator reviewed a third-party DNA panel report you submitted and found the parentage claim consistent with that report. We do not independently lab-test your dog. We are not a genetics laboratory and we cannot certify or guarantee the underlying lab's results.
  • Retention. Approved DNA reports are retained for the life of the dog's registration on the platform so we can re-affirm the badge during ownership transfers and audit requests. Rejected / withdrawn reports are deleted within 90 days of the final decision. You can request earlier deletion at any time via the contact channels below; deletion will also revoke the DNA-Verified badge.
  • Refunds & revocation. If you request a refund of the $75 verification fee, your DNA-Verified badge is automatically removed within minutes of the refund clearing.

2.12 Referral attribution

  • What we collect. When you generate a referral code, we store an 8-character alphanumeric code linked to your user id. When someone signs up using your code (e.g. via /register?ref=CODE), we store on the new user’s row: the referrer’s user id (referred_by_user_id), the code used (referred_by_code), and the timestamp.
  • Why. Analytics for the breeder-onboarding program; attribution if and when we issue referral credit; fraud prevention against self-referral and code abuse.
  • Visibility. Only you (the referrer) see your own referral stats. We never expose referred users’ identities to other referrers beyond the public account name they chose at signup.

2.13 “Bring your dog home” tracker (buyers)

  • What we collect. When you complete an escrow purchase, we create a tracker row recording: the escrow id, the dog id, the seller, the seven milestone keys (paid in full, contract signed, microchip registered, vet check, travel arranged, picked up, first week home), the timestamp each milestone was marked complete, and any optional buyer notes you add (up to 600 characters per milestone).
  • Why. So you can see your progress through the take-home journey on your Dashboard; so we can time the Dog Log subscription nudge to the moment you mark “first week home”.
  • Visibility. Trackers are private to you. The seller does not see your milestone progress or your private notes.

2.14 Live Walk GPS data (walks & sits)

  • What we collect. When a service provider (walker or sitter) and you (the customer) bothopt in to Live Walk GPS for a specific booking, and the provider then starts a live session on that booking, our servers receive a stream of approximate latitude / longitude points + a timestamp per point, transmitted from the provider’s phone every few seconds for the duration of that single session. We also record the booking id, the provider’s user id, your user id (as the consenting viewer), the start time, the end time, and the session duration.
  • Why. The sole purpose is to render the live map you see in your authenticated /my-bookings page while the walk or sit is actively in progress. We do not use this data for advertising, profiling, route analytics, traffic studies, ranking, or any secondary purpose.
  • Lawful basis. Bilateral explicit consent. You opt in on the booking checkout (the live_walk_consent field) and the provider separately initiates each session from their device. Either party may revoke at any moment from inside the app and the stream stops within seconds.
  • Retention — 24-hour hard delete. Raw GPS points are discarded server-side immediatelywhen the session ends or is revoked. A summary record (total distance, total duration, approximate start and end locations snapped to roughly the nearest 110 metres for home-address obfuscation) is kept only for 24 hours from end-of-session, then permanently deleted. We do not back up GPS data, we do not retain it cold, and there is no “export historical walks” feature anywhere in the product. Once it’s gone it’s gone.
  • Recipients. You (the consenting customer, in-app only) and Armstrong K9 Registry (as the storage operator for the live session and the 24-hour summary window). The provider sees their own raw stream on their device. No advertisers, no data brokers, no analytics vendors, no map-tile partners receive your GPS data; map tiles are rendered with anonymous viewport requests that do not include the dog’s coordinates.
  • No public share links. The live map is accessible only from your authenticated /my-bookings page. There is no public URL, no SMS link, no email link, no embed, and no QR code. Location data never traverses any out-of-band channel.
  • Your rights. You can (a) decline GPS at booking and the booking still works normally; (b) revoke mid-session and the stream stops within seconds; (c) request access or deletion of any GPS-related record (the 24-hour summary) via the standard data-export and account- deletion flows in §7. Requests for raw points older than the retention window cannot be honored because we no longer have the data.
  • Children. GPS is never collected from users under 18. The Platform is 18+ as required by §8; minors cannot hold accounts that book services or initiate walks.
  • Not a safety system. Live Walk GPS is a passive sharing tool between two consenting users. Armstrong does not monitor the live feed, does not alert anyone if the provider stops transmitting or leaves a geofence, and does not guarantee accuracy or continuity of the GPS signal. Reliance is at your own risk; this treatment is described more fully in §5d-bis of the Terms of Service.

3. Why we use it (legal bases)

  • Contractual necessity — to provide the Registry services you signed up for: storing your dogs, processing payments, delivering notifications, supporting transfers and disputes.
  • Legal obligation — to comply with tax, anti-money laundering, sanctions screening, and animal-welfare-disclosure laws.
  • Legitimate interest — security monitoring, fraud prevention, abuse detection, product analytics (with consent in the EU/UK).
  • Consent — analytics cookies, marketing emails, web push notifications, and AI-assisted generators (marketing pack, kennel bio, etc.). You can withdraw consent at any time.

4. Who we share it with

We share personal data only with vendors that act as our processors, and only the minimum needed for the function below. The full list with regions and DPA links is on our Sub-processors page.

  • Stripe — payments, payouts, KYC, Identity verification.
  • Resend — transactional email delivery.
  • MongoDB Atlas — primary database storage.
  • Emergent — application hosting, object storage, Google sign-in, and the LLM Key gateway that routes AI prompts to the underlying providers below.
  • Anthropic (Claude) — AI text generation for the marketing-pack generator and kennel-bio assistant. We never include other users’ personal data in prompts; outputs are not retained for training.
  • Google — only when you choose Google sign-in.
  • Daily.co — short-lived video tour rooms (only when you book a video tour).
  • Cloudflare — Turnstile bot/abuse protection on public forms.
  • Browser push services — Apple Push (Safari/iOS), FCM (Chrome/Edge/Android), Mozilla autopush (Firefox). Only the push endpoint your browser issues is shared, and only when you have enabled web push notifications.

We do not sell personal data, and we do not share it with advertising networks. We may disclose data when required by valid legal process or to protect the safety of users, but we will fight overbroad requests.

5. Public-facing data

The Registry is partially public by design — kennel pages (/k/<slug>), individual dog profiles (/d/<id>), marketplace listings, and the events catalog are accessible to anyone, including non-account holders. These pages may show:

  • Dog name, breed, sex, DOB, color, registration number, photos, titles, pedigree (sire/dam names).
  • Public kennel name, bio, photos, slug, dog count, badges (Verified, Elite Verified).
  • Marketplace asking price, location (when provided), description, listing tier.

Microchip numbers, health records, ownership history, and contact information are not exposed on public pages.

6. Cookies

  • Essential cookies: authentication tokens (JWT, session), referral code capture, billing persona toggle. These cannot be disabled.
  • Analytics cookies: PostHog event tracking. Loaded only after you accept the cookie banner.

You can change your choice at any time by clearing site data in your browser; the banner will reappear on your next visit.

7. Your rights

7.1 Anyone

  • Access — view all data we hold about you on Settings → Privacy.
  • Export — download a JSON copy via Settings → Privacy → Export my data.
  • Correct — edit your profile, dogs, and litters at any time.
  • Delete — Settings → Privacy → Deactivate. We retain anonymized payment records for 7 years to satisfy tax law.

7.2 EU/UK residents (GDPR)

You also have rights to restrict processing, object to legitimate- interest processing, and lodge a complaint with your local supervisory authority. Contact privacy@armstrongk9registry.com.

7.3 California residents (CCPA / CPRA)

You have the right to know, delete, correct, and limit use of your personal information; the right to opt-out of “sale” or “share” of personal information; and the right not to be discriminated against for exercising these rights. We do not sell or share personal data in the meaning of CCPA. To verify a deletion or access request we will ask you to confirm via the email on file.

8. Children

The Registry is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. The registration form requires you to confirm you are at least 18. If you believe a minor has registered, contact us and we will delete the account.

9. Data retention

  • Account & pedigree records: kept while the account is active. After deactivation, retained for 30 days then anonymized.
  • Payment records: retained for 7 years for tax/audit purposes (anonymized after deactivation).
  • Inbox & chat messages: retained while the account is active; purged 30 days after deletion. Provider ↔ Client direct-message threads follow the specific retention schedule in §2.4a above.
  • Pedigree-only ancestor records (added by other users): retained indefinitely as part of the public registry.
  • Server logs: 90 days.
  • Live Walk GPS: raw points discarded immediately when a session ends; 24-hour summary retained for 24 hours then hard-deleted. No backups, no cold retention.

10. Security

Passwords are hashed with bcrypt. Sessions are signed JWTs (7-day expiry) or revocable session tokens stored httpOnly. All traffic is TLS-encrypted. We follow the controls described on our Security Measures page.

11. International transfers

Our infrastructure is in the United States. EU/UK personal data crosses the border under the EU-US Data Privacy Framework and Standard Contractual Clauses. Each sub-processor has its own SCC framework; see our Sub-processors page.

12. Changes

Material changes to this policy will be announced via email and an in-app banner at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the latest revision.

13. Contact

Privacy questions, requests, and complaints: privacy@armstrongk9registry.com

Made with Emergent