1. Who we are

US Service Animal Registrar ("USSAR," "we," "us") operates usserviceanimalregistrar.org — a private documentation and gear service for handlers of Service Dogs, Psychiatric Service Dogs, and Emotional Support Animals. We've been operating since 2016 and have registered over 109,000 animals.

We are a private company, not a government agency, and we don't issue medical letters. For ESA-related medical documentation, see our vetted telehealth providers guide.

2. What we collect

Here's the full list of personal information we handle, with why we need each piece:

3. Why we use your info

Everything we do with your data falls into one of these buckets:

• Fulfillment: process your registration, generate PDFs, print ID cards on Fargo HID printers, pack envelopes, ship via USPS.
• Verification: maintain the public verification page that landlords and airlines can look up by registration number — this is opt-in the moment you register and you can ask us to hide it.
• Communication: send you order confirmations, wallet pass download links, renewal reminders (if you have an annual subscription), security-related account notices, and the occasional sign-in magic link when you request one. We don't send marketing email unless you've opted in, and you can unsubscribe from marketing with one click.
• Support: help you via the Messages tab inside your account dashboard. Our support team sees your registration data there so we can actually help. We don't operate an external support-email address — it kept getting impersonated.
• Fraud prevention: detect duplicate fraudulent registrations, stolen-card orders, and impersonation attempts. This uses IP, device, and order-pattern signals.
• Legal compliance: respond to lawful subpoenas, tax reporting, and regulatory inquiries when required.

4. Who we share data with

We share the minimum necessary data with a small, fixed set of service providers. We don't sell data. We don't exchange data with advertisers. We don't hand data to affiliates or "partners" for their own marketing.

We'll also disclose information when legally required (valid subpoena, court order, or government request under applicable law) and will notify affected users unless a court order prevents us from doing so.

What about affiliate links?

On our ESA Letter Guide, we link to CertaPet and Pettable. If you click through and purchase a letter from them, they may compensate us. That click passes a referral code — not your personal information. If you buy an ESA letter from them, your relationship is with that provider; we don't receive your medical information, notes, or letter content.

5. Wallet passes & device registration

If you add your Animal ID or Handler ID to Apple Wallet or Google Wallet, your device "registers" with our Pass Updater service. This allows us to push updates (new photo, renewed expiration date, subscription status changes) to your pass automatically.

For Apple Wallet: your device sends us its Push Token and a Device Library Identifier. We don't get your Apple ID, name, or anything else. The Push Token is used only to send Apple Push Notifications when your pass changes; if you delete the pass from your phone, your device unregisters and we delete its token.

For Google Wallet: Google handles pass delivery directly. We update the pass object in Google's Wallet API and Google pushes the update to your device. We don't have access to your Google account, email, or identifier.

6. Photos & signatures

Photos (of your animal, of the handler) and signatures are uploaded during registration and stored on Google Cloud Storage (GCS) in a private bucket. Access is controlled at the file level — each file is only readable by our system using a service account key. Public URLs are not used; the system generates signed URLs when rendering PDFs or wallet passes.

How long we keep them

Photos and signatures are retained as long as your registration is active. If you cancel and delete your registration, we delete the photos and signatures within 30 days of the deletion request.

Facial recognition?

No. We don't run facial recognition, biometric analysis, or AI matching on uploaded photos. We use them as photos — they get printed on cards, embedded in PDFs, and shown on wallet passes. That's it.

7. Cookies & tracking

We use cookies for three things:

• Authentication: a session cookie that keeps you signed in on the account dashboard after you click your one-time magic-link. No password is ever set or stored — the email link is the sign-in. Sessions expire after 30 days of inactivity, and you can sign out at any time.
• Cart/session: a short-lived cookie to remember what you've picked during registration before you check out.
• Analytics: a pseudonymous cookie from Google Analytics 4 that tells us how people find our site and which pages they visit. No ad targeting, no cross-site tracking, and we honor browser Do Not Track and Global Privacy Control signals by dropping you from analytics entirely.

We do not use advertising cookies, retargeting pixels (Meta, TikTok, Pinterest, etc.), or third-party session-replay tools.

8. How long we keep your data

• Active registrations: indefinitely, for as long as the registration is valid (lifetime) or until expiration (annual).
• Canceled annual registrations: basic record kept for 2 years in case you want to reactivate; then deleted.
• Payment records: 7 years, as required for tax and financial recordkeeping.
• Support tickets: 3 years from the date of last reply.
• Server logs (IP, user-agent): 90 days.
• Analytics data: 14 months (the Google Analytics default).
• Photos + signatures: deleted within 30 days of registration deletion.

9. Your rights

Regardless of where you live, you can do the following:

California residents (CCPA/CPRA)

We qualify as a "business" under the California Consumer Privacy Act. You have the right to (1) know what personal information we've collected about you in the last 12 months, (2) know what we've shared with service providers, (3) have your data deleted, (4) opt out of the "sale" or "sharing" of your personal information, and (5) not be discriminated against for exercising these rights. We don't "sell" or "share" personal information as CCPA defines it, so there's nothing to opt out of — but you can still submit any of these requests from your account dashboard → Privacy & Data tab, which has Download My Data, Delete My Account, and Know What You've Collected one-click requests. We verify requests via your registered email plus a one-time code sent to that address.

EU/UK residents (GDPR)

Under GDPR we process your data under the legal bases of (a) contractual necessity (we need your info to register your animal), (b) legitimate interest (fraud detection, analytics), and (c) consent (optional data like marketing signup). You have all the GDPR rights — access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your local supervisory authority. We're not physically located in the EU but we respect GDPR requests from EU residents. Submit any GDPR request from the Privacy & Data tab inside your account dashboard; if you don't have an account (e.g., you're a data subject who was only referenced via an emergency-contact field), open the no-login privacy request form.

10. Children

Our service isn't directed at children under 13. We don't knowingly collect personal information from children under 13. If you believe a child under 13 has registered or has used our site, submit a no-login privacy report (choose "Minor under 13 registered") and we'll delete the account and associated data immediately.

We recognize that some Service Dogs are placed with children, including children with diabetes-alert, seizure-alert, and autism-support dogs. When a minor is the handler, the registration must be completed by a parent or legal guardian using the parent's email and contact info; the minor's name can appear as the handler on the certificate.

11. Security

We take reasonable steps to protect your data:

• HTTPS/TLS 1.3 on every page — no plaintext data in transit.
• Payment info handled exclusively by Stripe (PCI DSS Level 1 certified); we never store card numbers.
• Site protected by SiteLock (malware and web application firewall) — see badge in our footer.
• Daily database backups with encryption at rest.
• Access to customer data inside the company is limited to staff who need it for fulfillment or support, logged, and subject to confidentiality obligations.
• Passwordless authentication — we don't store passwords at all. Sign-in is via short-lived magic links (15-minute expiry, one-time use) sent to your registered email; session cookies are HttpOnly, Secure, and SameSite=Lax.

No system is 100% secure. If we ever experience a data breach, we'll notify affected users via email within 72 hours of confirmation, as required by applicable state data-breach notification laws.

12. Changes to this policy

We'll update this policy occasionally as our practices evolve. Material changes — new data collection, new categories of sharing, or changes to how we handle existing data — will be announced via email to registered users at least 14 days before taking effect. Non-material changes (clarifications, typos, new service provider of the same category) will be noted here with an updated "Last updated" date.

The top of this page always shows the most current version.

13. How to exercise your privacy rights

Every privacy right on this page is exercisable through self-service tools — no email, no waiting on a human, no form to lose in a spam folder. Use the path that matches your situation:

• You have a registration — go to the account dashboard, enter your registered email, and we'll send you a one-time sign-in link. Once in, head to the Privacy & Data tab. You'll find: Download My Data (JSON export), Delete My Account (30-day soft-delete with one-click undo during that window), Hide My Verification Page (removes your registration from public lookup), Know What You've Collected (CCPA/CPRA request), Withdraw Consent (per-category), and Download Activity Log.
• You lost access to the email on file — use the no-login privacy request form and select Lost email access. We verify identity through your registration record (name, animal, shipping ZIP, last four of the card you paid with) before moving the account to a new email.
• You don't have a registration but your data was collected (e.g., you were listed as someone else's emergency contact) — use the no-login privacy request form. We verify the request by sending a one-time code to the email you provide, cross-check against our records, and fulfill within 30 days.
• Have a privacy question that doesn't map to a button — open the Messages tab from your dashboard and mark the thread Privacy. It routes directly to the privacy lead.

We reply to privacy requests within 30 days (GDPR's deadline) and usually within 5 business days. For verification, we send a one-time code to the email on your account before executing any deletion or access request.