§
Legal

Privacy Policy.

Plain language about what we collect, why, who we share with, and how to ask us to delete it.

Effective June 2, 2026 · Version 1.0

Plain-English summary: We collect what we need to run the platform — account info, the animal and licensing records you put in, basic analytics. We don't sell data. We don't train external AI models on your data. You can export everything and ask us to delete it. Questions: mike@mkn.us.

1. Who we are

AnimalShelterIQ is a product of MKN Web Solutions, LLC ("we," "us," "our"). This Privacy Policy explains how we handle personal information collected through animalshelteriq.com and the AnimalShelterIQ application (the "Service"). For the Data Processing Addendum applicable to customer-controlled data, see the DPA.

2. Information we collect

From customers (the organization)

  • Account details: organization name, billing contact, phone, address
  • User profiles: name, email, role, optional phone, hashed password, TOTP secret if enabled
  • Audit logs: who did what, when, from which IP, on which record
  • Usage telemetry: page views, API call counts, AI usage counters — in aggregate, never sold

From customer-controlled records (data processed on customers' behalf)

  • Animal records: photos, breed, age, intake, medical, behavior
  • License-holder records: name, address, contact, license history, payment metadata
  • Lost-and-found submissions: photo, breed, color, location, contact
  • Citizen complaints, adoption applications, donations, foster placements

These records belong to the customer organization. We process them only to provide the Service. See the DPA for the processor / controller terms.

From website visitors

  • Server logs (IP, user-agent, referer) for security and abuse prevention
  • Strictly-necessary cookies for session state — no third-party advertising trackers

3. How we use information

  • To run the Service: authenticate users, render the application, persist your data
  • To send transactional notices: license renewal reminders, password resets, audit alerts
  • To improve the Service: aggregated, de-identified usage analytics
  • To comply with law and respond to lawful government requests

We do not sell personal information. We do not use customer data to train external AI models. We do not show advertising.

4. Sharing & subprocessors

We share information with the subprocessors listed on the Trust page — hosting, database, object storage, frontier AI providers, SMS/voice, payments, mapping, and transactional email. Each is contractually bound to confidentiality and security obligations. We notify customers 30 days before adding or replacing a subprocessor.

We may disclose information to comply with a lawful subpoena, court order, or regulatory request. Where permitted, we will notify the affected customer before disclosure.

5. Data retention

  • Customer-controlled records: retained for the life of the contract
  • Server logs: 90 days
  • Backups: rolling 30 days for point-in-time recovery
  • On contract termination: production data deleted within 30 days, backups within 90, written attestation provided

6. Your rights

For account users: you may access, correct, export, or delete your account at any time from your profile, or by emailing us.

For data subjects whose records appear in a customer's organization (a resident with a pet license, a citizen who submitted a complaint): your rights run against the customer organization, which is the controller. We will assist that organization in responding to your request.

Specific jurisdictional rights:

  • California (CCPA / CPRA): right to know, delete, correct, opt out of sale (we do not sell), and non-discrimination
  • European Economic Area / UK (GDPR / UK GDPR): access, rectification, erasure, restriction, portability, objection
  • Other states with comprehensive privacy laws (VA, CO, CT, UT, TX, OR, MT, IA, DE, NJ, NH, NE, MN, MD, RI, IN, TN, KY): equivalent rights

To exercise a right, email mike@mkn.us. We will respond within 30 days.

7. Security

We use TLS 1.2+ in transit, AES-256 at rest, role-based access controls, full audit logging, tenant isolation, and daily encrypted backups. The full posture is on the Trust page.

8. International transfers

All data is hosted in US regions by default. If a customer requires region-pinned hosting, contact us. Where personal data is transferred from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses incorporated in the DPA.

9. Children

The Service is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us information, email us and we will delete it.

10. Changes

If we materially change this Policy, we will post the new version here and update the "Effective" date. For customer-impacting changes, we will email the billing contact at least 30 days before the change takes effect.

11. Contact

MKN Web Solutions, LLC
Privacy questions: mike@mkn.us
Security questions: security@mkn.us

This Policy is a template prepared in good faith for customers in the United States and may need adjustment for your jurisdiction. It is not a substitute for legal advice.