1. Who we are
Vetch Health, Inc. (“Vetch,” “we,” “us”) is the data controller for visitors to our marketing site (vetch.vet). When clinics use the Vetch platform, the clinic is the controller of patient and client records and Vetch acts as a processor under their direction. Our Data Processing Addendum at /legal/dpa governs that relationship.
2. What we collect
From website visitors
- Pages viewed, referring URL, browser type, device type, approximate location (city / region from IP), and timestamps — collected via cookies and analytics tools.
- Form submissions: name, work email, clinic name, phone number, and any details you give us when you book a demo, request migration help, or contact support.
From clinic users (the platform)
- Account profile: name, email, role, clinic affiliation, authentication credentials.
- Usage telemetry: feature usage, performance, errors. Used to improve the product, never sold.
- Practice content: SOAPs, schedules, billing, comms, reports — handled per the clinic’s DPA. We don’t sell or train shared models on practice content.
3. How we use it
- To deliver and maintain the website and the Vetch platform.
- To respond to demo requests, support tickets, and sales conversations.
- To send service notices, security alerts, and (with your consent or legitimate interest) product updates.
- To improve the product, prevent abuse, and meet legal obligations.
4. Legal bases (GDPR / UK GDPR)
We rely on contract (to provide services you’ve asked for), legitimate interests (running our business, securing the service), legal obligation (tax, accounting, security incidents), and consent where required (marketing emails, non-essential cookies).
5. Sharing
We share personal data with vetted sub-processors that help us run Vetch — see the current list at /legal/dpa. We don’t sell personal data, and we don’t share it for cross-context behavioural advertising. Where required, we share with regulators, law enforcement, or in response to lawful requests.
6. International transfers
Data may be processed in the United States and the European Economic Area. Where personal data leaves the EEA / UK, we rely on Standard Contractual Clauses and a transfer impact assessment. Regional data residency is available on Group plans on request.
7. Retention
- Marketing-site form submissions: kept while we’re actively in conversation, then up to 24 months after last contact, unless you ask us to delete sooner.
- Platform records: retained per the clinic’s configuration and applicable laws (state veterinary record retention rules typically require 3–7 years).
- Audio captured by the AI scribe is purged within 7 days unless the clinic explicitly flags a visit for training (opt-in, per visit).
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to direct marketing. Email privacy@vetch.vet and we will respond within 30 days. California residents can additionally exercise rights under the CCPA / CPRA, including the right to opt out of sale or sharing — Vetch does not sell personal data.
9. Cookies and tracking
See our Cookie Policy for the categories we use, who they’re served by, and how to opt out.
10. Security
We maintain administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, mandatory MFA for staff, and continuous logging. Details are at /legal/security.
11. Children’s privacy
Vetch is a B2B service and is not directed to children under 16. We don’t knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes
We’ll update the “Last updated” date when we change this policy. Material changes are also announced via email to active customers and a banner on our marketing site.
13. Contact
Data controller: Vetch Health, Inc.. Privacy questions and data-subject requests: privacy@vetch.vet. Postal address available on request. EU representative and UK representative on request.