What this privacy policy covers
This privacy policy applies to the editorial portal at chewy.gr.com. It describes the data that the portal collects from readers during visits, during reader-mail exchanges, and during any interaction with the reader-support contact surface. The portal is an editorial venue, not a commerce venue; we do not operate a shopper account, we do not process orders, and we do not sell products. The privacy footprint is correspondingly small.
The portal is not the Chewy, Inc. storefront. Readers who are looking for the storefront's own privacy practices should refer to the storefront's policy directly; that policy is maintained by Chewy, Inc. and is independent of this editorial portal. This privacy policy covers only the reader interactions that happen on our own chewy.gr.com editorial property.
Information we collect
We collect two broad categories of information from readers. The first is analytics data: aggregate visit counts, approximate geography (city or region, not exact location), referring page, browser type, and time-on-page. We use a privacy-preserving analytics configuration that does not set third-party tracking cookies, does not construct advertising identifiers, and does not cross-link reader behavior across sites we do not operate.
The second is reader-inbox data: the email address, name if provided, and the content of the message a reader sends to readers@chewy.gr.com. We retain inbox messages for the duration needed to respond, typically two to six weeks, and archive the conversation record for a further six months in case the reader follows up. After that window, the inbox message and its metadata are deleted on a rolling schedule.
We do not collect payment information, because we do not sell products or subscriptions. We do not collect health or veterinary information, because we are not a clinical service. We do not collect location beyond the city-or-region aggregate described above. We do not collect information from minors, and we do not knowingly accept reader-inbox messages from users under the age of 13; parents or guardians who identify such a message should contact us for deletion.
Cookies and tracking technologies
The portal sets a small number of first-party cookies. A session cookie supports continuity across pages during a single visit. A preferences cookie remembers non-sensitive reader choices, such as text size or accepted cookie banner dismissal. A privacy-preserving analytics cookie, first-party only, aggregates visit statistics without tracking individual readers across sessions. We do not set third-party advertising cookies, do not participate in ad-tech exchanges, and do not embed social-platform trackers that set cookies on our behalf.
Readers who prefer to block cookies can do so through standard browser settings; the portal remains readable without them. Readers in jurisdictions with explicit consent requirements for non-essential cookies see a consent banner on first visit that allows opt-in, opt-out, or partial acceptance; the chosen preference persists via the preferences cookie described above.
Browser-level “Do Not Track” signals and Global Privacy Control signals are respected; when a browser sends either signal, the portal disables the analytics cookie for the session and records only aggregate server-side counters that do not identify the reader. The FTC guidance on protecting personal information shapes this policy's approach to tracking-signal respect.
Data table — privacy policy data collection overview
| Data type | Purpose | Retention window |
|---|
| First-party session cookie | Page continuity during a visit | End of browser session |
| Preferences cookie | Reader-chosen settings (text size, banner state) | 12 months, renewable |
| Privacy-preserving analytics | Aggregate visit counts, no cross-site tracking | 26 months aggregate, no individual records |
| Reader-inbox email | Respond to reader question | 2-6 weeks active, 6 months archive, then deletion |
| Server access logs | Security, debugging, abuse prevention | 30 days, rolling rotation |
| Editorial subscriber list (opt-in only) | Newsletter delivery if reader subscribes | Until reader unsubscribes |
How we use the information we collect
We use analytics data to understand which articles readers find useful, which navigation paths are working, and where the portal needs clearer pages. We use inbox data to respond to the sender's question and to identify recurring reader concerns that should become portal coverage. We do not use either category of data to build advertising profiles, to sell to third parties, or to enrich with external data sources.
We may use aggregate, non-identifying analytics to inform editorial decisions or, occasionally, to quote in coverage (“A large share of reader mail this quarter asked about pharmacy refills”). Aggregate quotes never name or identify individual readers. We may use inbox data to contact a reader with a follow-up question or to alert the reader to a portal revision that answered their earlier question; readers can opt out of follow-up by saying so in their original message.
Who we share information with
We share reader data only in narrow, defined circumstances. Service providers who host the portal or the reader-inbox infrastructure receive the minimum data necessary to run the service; they are contractually bound to handle it under privacy terms that mirror this policy. Legal process — a valid subpoena, court order, or equivalent compulsory request — may require disclosure; we resist overbroad requests and notify affected readers where lawfully permitted. Emergency safety situations involving imminent risk of harm to a person or pet may trigger disclosure to the appropriate authorities.
We do not sell reader data. We do not share reader data with advertisers. We do not participate in data cooperatives or identity resolution services. We do not exchange reader inboxes with affiliated brands, because the portal is not affiliated with a commercial brand.
Reader rights and how to exercise them
Readers have several rights over their own data, regardless of jurisdiction, because the portal grants them as a matter of editorial principle. The right to know what we hold: readers can request a summary of what data we have associated with them. The right to deletion: readers can request removal of inbox messages and associated metadata. The right to correction: readers can ask us to fix inaccurate information in an inbox record. The right to opt out of analytics: readers can block cookies, send a Do Not Track signal, or use Global Privacy Control. The right to opt out of follow-up contact: readers can ask us not to reply to an inbox message.
To exercise any of these rights, email readers@chewy.gr.com from the address associated with the data. We verify identity by matching the sending address to the record in question; additional verification (a brief message confirming the request's purpose) may be requested for deletion or correction of sensitive records. We respond within 10 business days and confirm completion within the statutory window that applies in the reader's jurisdiction.
Readers in California may also exercise the rights described under the California Consumer Privacy Act, including the right not to receive discriminatory treatment for exercising a privacy right. Readers in Colorado, Connecticut, Virginia, Utah and other states with statutory privacy frameworks may similarly exercise the rights granted by those statutes; this privacy policy is drafted to align with those frameworks where applicable.
Security, breach and incident handling
We protect reader data with standard technical safeguards: transport encryption via TLS, access controls on the inbox and analytics systems, least-privilege defaults for editorial staff, and audit logging on administrative actions. We do not store data we do not need, which is the most effective security measure available; minimal collection produces a minimal breach surface.
In the unlikely event of a data incident that affects reader information, we follow a defined response procedure. We investigate the scope, notify affected readers within the statutory window that applies in their jurisdiction, provide guidance on protective steps, and, if the incident involves any third-party service we use, coordinate the disclosure with that provider. We publish a post-incident summary on the portal when the scope warrants broader disclosure.
International readers and data transfers
The portal is operated from the United States. Readers outside the United States may have data processed in the United States during their visit. For readers in the European Economic Area, the United Kingdom and Switzerland, our processing of reader data relies on legitimate-interest and consent legal bases; readers in those jurisdictions retain the rights described in the General Data Protection Regulation and equivalent frameworks, including rights of access, rectification, erasure, portability and objection. Data transfers from those jurisdictions to the United States are conducted under standard contractual safeguards where applicable.
Children's data
The portal is not directed at children under 13 years of age and we do not knowingly collect personal information from children under 13. If a parent or guardian identifies that a child under 13 has sent a reader-inbox message, they should contact readers@chewy.gr.com and we will delete the message and any associated metadata promptly. This policy is drafted to align with the U.S. FTC guidance on the Children's Online Privacy Protection Act.
Updates to this privacy policy
We revise this privacy policy when our practices change or when applicable law requires revision. Revisions post on this page with a visible effective date; we do not silently edit prior versions. For material changes, we publish a brief summary of the change on the portal home page for at least 30 days after the effective date, so returning readers see the revision without having to reread the full policy. Readers who subscribe to the editorial newsletter also receive a privacy-policy revision notice.
Contact and accountability
Privacy questions, deletion requests, correction requests, and complaints go to readers@chewy.gr.com. The reader-support phone line at (954) 312-4670 can also route privacy messages, though email is faster because the audit trail is easier to maintain. Mail to the reader desk at 1855 Harborline Ct, Dania Beach, FL 33004 reaches the portal's editorial and legal correspondence office.
If a reader believes we have mishandled their data and we have not resolved the concern to the reader's satisfaction, the reader may file a complaint with the U.S. Federal Trade Commission or with the relevant state attorney general's office. Readers in states with dedicated privacy enforcement — California's California Privacy Protection Agency, for example — may also file directly with that body. We cooperate fully with regulatory inquiries.