Privacy Policy

01

Scope and responsibilities

This Privacy Policy applies to Yokova websites, the Yokova application, public booking request forms and embeds, onboarding forms, billing, and support interactions. Yokova is operated from Singapore and handles personal data in accordance with applicable law, including Singapore's Personal Data Protection Act 2012 (PDPA).

When a pet business uses Yokova

The pet business decides why and how its customer, pet, appointment, boarding, payment, and care records are collected and used. The business is responsible for its notices, consents, staff access, record accuracy, and customer communications. Yokova processes those records to provide the service and acts as a data intermediary where the PDPA applies.

When Yokova decides how data is used

Yokova is responsible for information used to manage accounts, onboarding, subscriptions, billing, support, feedback, security, fraud prevention, and the operation and improvement of the service.

02

Information we handle

Business and account information

Business name, contact details, address, service types, team members, roles, profile photos, login details, onboarding responses, subscription status, and communication preferences.

Customer, pet, and operational records

Customer contact details and addresses; pet profiles, photos, notes, weight, breed, and care needs; appointments, services, prices, deposits, invoices, payment status, packages, and activity history.

Boarding and care information

Emergency contacts, medication and medical instructions, signed acknowledgements, check-in and check-out details, daily care logs, incident reports, and related photos.

Public requests and communications

Information submitted through booking request forms, including contact details, pet details, preferred times, requested services, notes, and reminder or support communications.

Billing and feedback

Subscription plan, modules, invoices, payment status, Stripe customer and subscription references, approved credits, and feedback submitted through Yokova. Yokova does not store full payment card details.

Technical and security information

IP address, browser and device information, login and request timestamps, security events, error details, and operational logs. On the web app, an essential login session token and its expiry are stored in browser local storage so the signed-in session can be restored.

We receive information directly from businesses and their staff, from people submitting public forms, during Yokova-assisted imports, and automatically when the service is used. Businesses should only enter information they are authorised to handle.

03

How information is used

Provide CRM, scheduling, booking request, boarding, invoice, reporting, import, export, reminder, and account functions.
Create and administer accounts, trials, subscriptions, modules, billing, and approved credits.
Send service communications and, when enabled by a business, customer appointment reminders.
Provide onboarding, assisted migration, troubleshooting, and customer support.
Protect accounts, prevent spam and abuse, investigate incidents, and maintain service reliability.
Comply with legal obligations, enforce our terms, and establish or defend legal claims.
Improve Yokova using operational insights, feedback, and aggregated or de-identified information.

We use personal data only for notified purposes, purposes a reasonable person would consider appropriate in the circumstances, or other purposes permitted by applicable law.

04

Service providers and sharing

We do not sell personal data. We share information only where needed to provide and protect Yokova, complete a requested action, or comply with law. Depending on the features used, recipients may include:

DigitalOcean for application infrastructure, databases, and file storage.
Mailgun for transactional and appointment reminder email delivery.
Stripe for subscription checkout, recurring billing, invoices, and credits.
Google Maps services when address, map, route, or travel features are used.
Professional advisers, authorities, or counterparties where reasonably necessary for legal, security, or business continuity purposes.

Public booking requests are shared with the business selected by the person submitting the form. A business can also download or share its own records, invoices, and reports outside Yokova; its handling of those copies is the business's responsibility. Third-party services have their own terms and privacy practices.

05

Storage and overseas transfers

Yokova and its service providers may process information in Singapore and other countries where they operate. Where personal data is transferred outside Singapore, we take steps intended to ensure a standard of protection comparable to the PDPA, including appropriate contractual and provider safeguards where required.

Operational records are scoped to the relevant business. Public-facing assets, such as business logos, may be publicly accessible. Private operational media is intended to be stored separately and made available through authenticated or time-limited access.

06

Retention, export, and deletion

We retain information while it is needed to provide the service, meet the purposes described in this policy, resolve disputes, maintain security, and satisfy legal, tax, accounting, or contractual obligations. When information is no longer needed for those purposes, we will delete, anonymise, or cease retaining it where reasonably practicable.

Business administrators can download a core CRM export. It may not include every operational record, generated PDF, log, or media file. A business ending its use of Yokova should request any additional export it needs before account closure. Files supplied for an authorised assisted migration are retained only as needed to complete and verify that migration, then removed when no longer required.

07

Access, correction, withdrawal, and deletion

Account users can correct many business and operational records in the app. For access, correction, withdrawal of consent, deletion, or export requests that cannot be completed in the app, contact care@yokova.pet. We may need to verify identity and authority before acting.

Customers of a pet business should normally direct requests about their customer, pet, appointment, or boarding records to that business first. Yokova will assist the business where required. Withdrawing consent or deleting information may limit the functions that can continue to be provided, and some records may be retained where permitted or required by law.

08

Security and data incidents

Yokova uses reasonable administrative, technical, and organisational measures intended to protect information, including role-based access, business-level record scoping, protected production secrets, anti-spam controls on public forms, and private access controls for operational media. No internet service can guarantee absolute security.

Users must keep credentials confidential, use only authorised accounts, and promptly remove access for people who no longer need it. Suspected unauthorised access or disclosure should be reported immediately. Yokova will assess and notify affected businesses, individuals, and authorities where required by applicable law.

Children

Yokova is a business service and is not directed to children. Public booking requests should be submitted by an adult or a person authorised to act for the customer. Contact us if you believe a child submitted personal data without appropriate authorisation.

09

Policy updates and contact

We may update this policy as Yokova, our providers, or legal requirements change. Material updates will be communicated through the website, the app, or the business account contact where appropriate. The date at the top shows the latest published version.

For privacy questions, requests, or suspected data incidents, contact Yokova's Data Protection Contact at care@yokova.pet.

Clear handling for records that matter.