Quick Navigation
1. Who Controls Your Information 2. Personal Information We Collect 3. How We Use Information 4. Sharing & Disclosure 5. Third-Party Partners 6. Change of Country or Residence 7. Your Privacy Rights 8. Data Retention 9. Information Security 10. Changes to this Policy 11. Contact & Responsible Entities 12. Definitions1. Who Controls Your Information
1.1 Controller
The entity responsible for processing your personal data is Pawnfind LLC, a limited liability company registered at 254 Chapman Rd, Ste 208 #22061, Newark, Delaware 19702, United States.
You can contact us at: info@pawnfind.com
1.2 Payment Controller
Third-party payment processing: Pawnfind uses Stripe and PayPal as payment gateways to process charges and refunds. Pawnfind LLC does not store full card details (only tokens).
Payments to Hosts are scheduled according to Platform rules and settled either through the processors or our bank account, depending on the operational flow.
2. Personal Information We Collect
Pawnfind collects data in three main ways: (A) data you provide, (B) data generated automatically when you use the Platform, and (C) data we receive from authorized third parties.
A. Data You Provide
- Identification: Legal name, profile photo, government-issued ID number → create account, KYC/AML verification
- Contact: Email, phone, postal address → communications, invoicing
- Pet data: Breed, age, weight, vaccination record, medical condition → assess lodging suitability, comply with animal welfare regulations
- Payments: Card token, IBAN, account holder name (sensitive data processed by Stripe/PayPal; Pawnfind only receives tokens/identifiers) → process charges, release funds, fraud prevention
- User-generated content: Reviews, messages, photos, videos → support, dispute resolution, internal marketing
B. Automatic Data
- Device & connection: IP address, browser type, OS, mobile model → security, attack prevention, metrics
- Platform usage: Pages visited, clicks, session time → analytics, UX improvement, personalization
- Cookies & similar technologies: Session ID, preferences, pixel tags → login memory, remarketing (with consent)
C. Third-Party Data
- Payment processors: Fraud checks, chargeback results → protect accounts & transactions
- Verification services: Biometric match, sanctions lists → comply with legal requirements (KYC/AML)
- Social networks (optional login): Profile ID, photo, verified email → simplified registration/authentication
- Insurers & vets: Claims reports, medical records → manage claims and liability insurance
2.1 Sensitive & Special Data
Biometric verification (face match) used only for identity validation and impersonation prevention.
Pet health data ensures safety of other pets and adequate care; never used for marketing.
2.2 Data NOT Collected
We do not collect:
- User’s sexual orientation, religion, or credit history
- CCTV images from hotels (owned by Hosts, accessed only with consent in disputes)
3. How We Use Information
Pawnfind processes personal data only for legitimate, specific, and limited purposes. Examples include:
- Service delivery: Account creation, bookings, confirmations, receipts. Payments via Stripe/PayPal; no card data stored
- Identity & fraud checks: Selfie-ID match, sanctions list review
- Safety & pet welfare: Vaccination review, alerts for special breeds
- Customer support & disputes: Chat history, photos, vet reports
- Compliance: Invoices, tax filings (e.g. 1099-K, electronic invoicing in Costa Rica)
- Product improvement: Metrics, error logs, A/B testing
- Marketing: Newsletters, surveys, remarketing cookies (with opt-in)
- Research: Anonymized trend reports
- Legal requirements: Data sharing with competent authorities
Automated decisions: Fraud risk scoring, search ranking. These never have legal effects without human review. Users may request manual review.
4. Sharing & Disclosure
Important: Pawnfind never sells your personal data. Data is shared only with trusted partners under confidentiality agreements.
We share data with:
- Service processors: Stripe, PayPal (payments), AWS/Google (hosting), SendGrid/Twilio (notifications)
- Verification/fraud tools: Persona, Onfido, Sift
- Insurers/vets: Liability policies, emergency clinics
- Authorities: PRODHAB (Costa Rica), IRS (US), courts
- Users/Hosts: Limited contact info post-booking for check-in/out
- Pawnfind group entities: Pawnfind Payments LLC, Pawnfind CR Ltd
4.1 Corporate Disclosures
In mergers, acquisitions, or restructuring, your data may be transferred to the acquiring entity with the same privacy protections.
4.2 With Consent
Third-party marketing (opt-in only) – you can always withdraw consent.
4.3 Transparency
We maintain internal logs of all data transfers and conduct annual vendor audits (ISO 27001/SOC 2).
5. Third-Party Partners
Pawnfind integrates external providers under their own privacy policies. Examples:
- Payment gateways: Stripe/PayPal → mandatory for bookings
- Analytics: Google Analytics, Mixpanel → opt-out in cookie banner
- Session recording: Hotjar → opt-out available
- Maps: Google Maps → only with user consent
- Social login: Google, Apple, Facebook → optional
5.1 External Sites
Leaving pawnfind.com means their policies apply. We are not responsible for third-party practices.
5.2 Social Login Revocation
You can revoke social login permissions at any time through your social network settings.
5.3 Cookies & SDKs
Loaded only with explicit consent. Manage preferences in our cookie banner.
5.4 Data Transfers
Data transfers outside EEA/Costa Rica are safeguarded by Standard Contractual Clauses (SCCs), encryption, and regular audits.
6. Change of Country or Residence
When users move countries, applicable regulations may change:
- Move within same region: No change in applicable law
- Move to EEA/UK: GDPR applies, more comprehensive rights
- Move from EEA/UK to non-GDPR: Delaware & local law apply
- Move to/from California: CCPA/CPRA applies, opt-out enabled
- Host relocation: May affect invoicing & tax obligations
Please update your address in your account settings to ensure we apply the correct privacy protections and comply with local laws.
7. Your Privacy Rights
Depending on applicable law (Costa Rica 8968, EU GDPR/UK, California CCPA/CPRA), you have the following rights:
- Access: Request copies of your data in JSON/PDF format
- Rectification: Correct inaccurate or incomplete data
- Erasure: Right to be forgotten (subject to legal obligations)
- Restriction: Temporary freeze on processing
- Objection: Opt-out of marketing or certain processing
- Portability: Receive structured export of your data
- CCPA opt-out: Opt-out of sale/sharing (California residents)
- Non-discrimination: Equal service regardless of rights exercise
How to Exercise Your Rights
Submit requests via our privacy portal or email privacy@pawnfind.com. Identity verification will be required for security purposes.
File a Complaint
You have the right to file complaints with:
- Costa Rica: PRODHAB (Agencia de Protección de Datos)
- European Union: Your local data protection authority
- United Kingdom: ICO (Information Commissioner’s Office)
- California: CPPA (California Privacy Protection Agency)
8. Data Retention
Data is retained only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period |
|---|---|
| Account & profile | Life of account + 5 years |
| Reservations & invoicing | 5 years (tax compliance) |
| Chats & messages | 3 years after check-out |
| KYC/AML documents | 5 years (legal requirement) |
| Access logs | 12 months |
| Session cookies | 24 hours |
| Analytics cookies | 14 months |
| Marketing cookies | 6 months |
| Backup data | 30-day cycle |
Exceptions: Data may be retained longer if required for legal cases, active disputes, or security deposits.
9. Information Security
We apply industry-leading security standards including ISO 27001, SOC 2, and NIST frameworks:
Technical Measures
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Multi-Factor Authentication (MFA): Available for all accounts
- Access controls: Role-based permissions, least privilege principle
- Infrastructure: AWS redundancy with automatic failover
- Monitoring: SIEM (Security Information and Event Management) 24/7
- Testing: Regular penetration tests and security audits
- Vendor management: Annual security assessments
- Training: Mandatory security awareness for all staff
Incident Response
In case of a data breach, we will:
- Notify authorities within 72 hours (GDPR requirement)
- Notify authorities within 48 hours (Costa Rica Law 8968)
- Inform affected users promptly
- Investigate and remediate the incident
Responsible Disclosure
If you discover a security vulnerability, please report it to: info@pawnfind.com
We appreciate responsible disclosure and will work with security researchers to resolve issues promptly.
10. Changes to this Policy
Pawnfind may update this Privacy Policy:
- Reasons for changes: New laws, new features, clarifications, or security improvements
- Major changes: 15-day advance notice via banner and email
- Minor editorial changes: Take effect immediately
What you can do: If you disagree with policy changes, you can adjust your cookie settings or close your account before the effective date.
Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
11. Contact & Responsible Entities
Data Controller
Newark, Delaware 19702
United States
Payment Processors
- Stripe: stripe.com/privacy
- PayPal: paypal.com/privacy
Contact Channels
Privacy inquiries: privacy@pawnfind.com
Security incidents: info@pawnfind.com
General support: info@pawnfind.com
Privacy portal: pawnfind.com/privacy-portal