Privacy Policy
Last updated: 20 June 2026
1. Who We Are
Firework Pet Alert (“we”, “us”, “our”) is a free, community-driven alert system that connects people who are planning firework displays with nearby pet owners and residents who would benefit from advance notice.
This website is operated from the United Kingdom. For any data-protection queries, contact us at [email protected].
2. What We Collect
We collect only the minimum data necessary to run the service:
| Data | Purpose | Lawful Basis |
|---|---|---|
| Email address | Account creation, alert delivery, password resets | Contract / Consent |
| Display name | Community identification (optional) | Consent |
| Subscriber postcode | Matching registered users with nearby displays | Legitimate interest |
| Display location and map pin | Determining which nearby subscribers should receive an alert | Legitimate interest |
| Pet profiles | Personalised guidance & community features | Consent |
| Alert preferences | Notification timing & channel selection | Contract |
| Uploaded images | Pet profile photos & community stories | Consent |
We do not collect payment information, government IDs or health data. Location coordinates are used only for alert matching and are never shown publicly as an exact point.
3. How We Use Your Data
- Sending advance alerts to subscribers within the estimated sound radius.
- Delivering account-related emails (verification, password reset and support replies).
- Sending firework alert emails, web-push alerts and newsletter/marketing messages where enabled.
- Displaying community content you have chosen to share (e.g. pet stories).
- Improving the service through aggregated, anonymised usage analytics.
We never sell, rent, or trade your personal data to third parties.
4. Locations & Notification Areas
The exact location provided for a display is never shown publicly.
When a firework display is registered, we convert its location into an approximate centre point and calculate a notification area, typically 1–3 km. Registered subscribers within that area can then receive an alert.
Subscriber postcodes are used privately for alert matching. Display locations are represented only by an approximate notification area, so other users cannot pinpoint the address where the fireworks will be used.
5. Encryption & Storage
Sensitive personal data (including pet profiles) is encrypted at rest using AES-256-GCM with per-record initialisation vectors. Encryption keys are stored separately from the data they protect.
Passwords are hashed using WordPress’s built-in wp_hash_password() (bcrypt-based) and are never stored in plaintext.
All connections to this site are encrypted in transit via HTTPS / TLS 1.2+.
7. Third-Party Services
The site uses the following external services, each subject to their own privacy policies:
- OpenStreetMap / Nominatim — Converting subscriber postcodes and display-location postcodes into approximate coordinates for alert matching.
- Leaflet.js — Map rendering library loaded from unpkg CDN (no data transmitted).
We do not embed social-media tracking widgets or analytics SDKs.
8. Your Rights (GDPR)
Under the UK General Data Protection Regulation, you have the right to:
Access
Request a copy of all personal data we hold about you.
Rectification
Correct inaccurate or incomplete data via your dashboard or by contacting us.
Erasure
Request deletion of your account and all associated data (“Right to be Forgotten”).
Restriction
Ask us to limit processing of your data in certain circumstances.
Portability
Receive your data in a structured, machine-readable format.
Object
Object to processing based on legitimate interest at any time.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
You can use Alert Preferences in your dashboard to turn off email roundups for scheduled firework alerts, and Account management to submit an account deletion request. An email roundup unsubscribe stops scheduled firework alert roundups only; it does not disable web-push alerts, password emails, account-security emails, support replies, or newsletter emails. Newsletter and marketing messages are managed separately through newsletter unsubscribe links and your marketing consent setting.
Account deletion requests are reviewed before completion so we can verify the request and apply any legal, security, fraud-prevention or abuse-prevention retention requirements. The right to erasure is not absolute, but we will remove or anonymise personal data where we are required to do so.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until your account is deleted, subject to lawful retention requirements |
| Newsletter/marketing subscription status | Until unsubscribed, then retained only as needed to honour the opt-out |
| Alert email preferences | Until changed in your dashboard or by an unsubscribe link |
| Display submissions | 12 months after the display date, then anonymised |
| Email verification tokens | 24 hours (auto-expired) |
| Password-reset links | 24 hours (auto-expired) |
| Server access logs | 30 days (managed by hosting provider) |
10. Children’s Privacy
This service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with an updated “Last updated” date. Continued use of the service after changes constitutes acceptance of the revised policy.
12. Contact Us
For any privacy-related questions, data requests, or concerns: