vets.app

Privacy Policy

Working version · last updated June 20, 2026

A working version. This is the current draft of our Privacy Policy, published openly while our attorney reviews it. It is not yet the final, binding policy, and we may revise it before launch. Questions or concerns are welcome at [email protected].

This policy explains what information VetsApp collects, how we use it, and the choices you have. It is written to be read. Short summaries appear at the start of each section; the details below them are the binding text.

The three commitments to read first

  1. We do not sell your personal or pet health data. If we ever introduce an optional, de-identified research data program, it will be strictly opt-in, off by default, separately consented, and will never affect your access to care.
  2. We do not share your data with advertisers, and we do not use advertising trackers on the Service.
  3. Your pet’s clinical data is used to provide the Service to you — not for purposes you haven’t agreed to.

1. Scope

This policy covers the VetsApp website, applications, and services (the "Service"), operated in the United States. Health-data-specific disclosures required by certain states appear in our Health Data Privacy Notice, which is part of this policy.

Pet health records are not covered by HIPAA (the U.S. health-privacy law for human medical records — it does not extend to animals). We say this plainly because some services imply otherwise. Instead, this policy and the safeguards below are the protection your data gets — and we have designed them to meet the strictest applicable state standards.

2. What we collect

Your account details, your pet’s health information, the records you upload, and basic technical data. No advertising trackers.

3. How we use information

To run the Service for you. Not for advertising. Not for sale.

We use your information to: provide the Service (including AI-assisted triage, record parsing, summaries, and the health record you maintain); present regionally relevant information using your approximate location (Section 2); secure accounts and prevent abuse; respond to support requests; comply with law; and improve the reliability of the Service’s infrastructure (for example, error diagnosis).

We do not use your information for third-party advertising, and we do not sell it (Section 5). Any future use of de-identified data for research would occur only under the separate, opt-in program described in Section 5 — never by default.

4. AI processing

AI reads what you write and upload, to do the work you asked for. The AI providers we use process it on our behalf and are contractually limited.

The Service uses large language models to conduct consultations, assess urgency, parse uploaded documents, and generate summaries. Your consultation content and uploaded records are processed by our AI infrastructure providers (currently Anthropic, OpenAI, and/or Google, routed through Cloudflare’s AI gateway) as processors on our behalf, solely to provide the Service.

Information extracted by AI is marked with its origin in your pet’s record, so you and anyone you share with can see what was AI-parsed versus contributed by a person.

5. How information is shared

With the people you choose, and with the vendors that run the Service. Nobody else.

We do not sell your personal or pet health data. We do not share it with advertisers or data brokers. If we ever introduce an optional, de-identified research data program, it will be strictly opt-in, off by default, separately consented, honest about who receives the data, and declining will never affect your access to care.

6. Retention and deletion

Clinical records are kept long-term because that’s what makes them medically useful; you can delete your account and data, with narrow legal exceptions we name.

7. Security

We encrypt data in transit (TLS) and at rest (AES-256), enforce role-based access controls and row-level security in our database, and maintain audit logs of access to clinical records. No system is perfectly secure, but security is designed in, not bolted on.

8. If a breach happens

If a security breach affects your unencrypted personal information, we will notify you without unreasonable delay, consistent with the strictest applicable state deadline, and will notify regulators where required. Our notice will tell you what happened, what data was involved, and what we are doing about it.

9. Your rights and choices

See your data, fix it, take it with you, delete it — wherever you live.

We extend the following rights to all users, regardless of state:

To exercise any right: [email protected] or in-product settings. We will verify your identity before acting and respond within the timeframe required by your state (45 days or less in most states).

10. State-specific disclosures

11. Children

The Service is not directed to children and may not be used by anyone under 18. We do not knowingly collect personal information from children under 13; if we learn we have, we will delete it.

12. Changes to this policy

We may update this policy. Material changes will be notified to you (email or in-product) at least 30 days before taking effect, with a dated changelog. We will never apply a material reduction of these commitments retroactively to data collected under an earlier version without your consent.

13. Contact

[email protected]. A mailing address will be provided once our company is formed.