Your data, plainly explained.

The short version

Veta is a health record for your pet. We hold the records on your behalf so you can act with confidence at the vet, on the phone, and in the kitchen at 9pm.

We never sell your data. We never share it with advertisers. We never use your pet's records to train public AI models.

Your records, photos, audio, and notes are yours. You can read them, export them, correct them, and delete them whenever you want.

When you delete your account, deletion is real. Soft-delete the same day. Hard-delete from our primary systems and backups within 30 days.

If anything below is unclear, write to us through the contact form and a real person will write back.

What we collect

Account. Your email address, your full name (whatever Sign in with Apple or Sign in with Google hands us when you sign up), and the display name you set inside the app.

Pet records. Each pet's name, species, breed, birthdate, photo, and spay/neuter status.

The health timeline. This is the heart of the app. Vet visits, weights, medications, observations (stool, skin, behavior, urine, food, anything else you log), and the worry entries you write when something feels off, including the triage severity and what to watch for. The same timeline holds documents you upload: vet records, vaccine certificates, lab results, and invoices.

Insurance information. Your policy number, the policyholder, the diagnosis on a claim, and where the payout should go. We use this to fill in the claim PDF for you. We don't keep the submitted form on our servers; we only keep metadata about the claim itself.

Audio recordings of vet visits. If you record a visit, the audio is held for 30 days and then deleted unless you pin it. Transcription happens on your device, not on our servers.

Push tokens. The notification token your device hands the app (through Apple on iPhone or Google on Android) so we can deliver the medication and appointment reminders you set up. Stored per account and deleted when you delete the account.

Minimal device info. Just enough to deliver push notifications and send a usable crash report when something breaks. We don't collect advertising IDs, and Veta never asks for tracking permission.

How we use it

We use what you give us to run the app you signed up for, and not for anything else. Specifically:

To show you your pet's timeline and to answer the questions you ask Veta about your own pet.

To generate insurance claim PDFs for the carriers we support: Trupanion, Pets Best, Nationwide, Spot, and ASPCA.

To send the medication reminders, appointment reminders, and routine reminders you set up. Nothing more.

To audit our own work. Every AI request writes a short row to an internal log with timing and performance metrics — never your record content — so we can spot when AI tooling gets slower or less accurate.

To fix bugs and prevent abuse. Crash reports and security audit trails go to our error tracking, then get destroyed on a schedule.

We also use anonymous, aggregate product metrics. How many people opened the app this week, not who. How long the average timeline is, not what's on it.

AI and your data

Some Veta features use third-party AI services to draft summaries, decode vet records, and answer questions you ask about your own pet.

Every AI provider we use is bound by a zero-retention data-processing agreement. Your data is sent for a single response and discarded on their end. Your records are not used to train any public model, and we don't allow that to change without telling you first.

We don't share your records with AI providers for any purpose other than answering the request you made. No advertising use, no training use, no aggregate-research use.

AI features are optional. You can turn them off in settings, and the timeline and reminders keep working without them.

Who we share with

We share your data with the small set of vendors we use to run the service. Each one does a specific job, and each one is bound by a data-processing agreement.

Supabase: our database, file storage, authentication, and scheduled jobs. This is where your records live.

AI model providers: third-party large language model services that draft the summaries and answer the pet questions you ask. All bound by zero-retention data-processing agreements; your records are never used for training.

Google: Sign in with Google and Play Billing on Android.

Apple: App Store distribution, in-app purchases (StoreKit handles your card; we never see the card number), Sign in with Apple, and push delivery.

Expo: routing for the push notifications you've asked us to send.

Superwall: the paywall presentation and the in-app cancellation flow.

Beyond vendors, the only other people who see your data are the people you choose to share it with. If you grant a vet, a co-parent, or a sitter access to a pet, they see exactly what you grant, for as long as you grant it.

Legal requests. We respond to valid subpoenas and court orders, and only those. We tell you when a request comes in unless the law says we can't.

We don't share with advertisers. We don't share with data brokers. We don't share with marketing partners. There's no exception to that rule.

Your rights

These rights apply whether you're in the EU under GDPR, in California under CCPA and CPRA, or anywhere else. We don't sort them by jurisdiction; we honor them across the board.

Read what we have on you. Open the app. Your timeline is the canonical record. There is no hidden second copy.

Get a copy. The in-app export packages your account into a JSON bundle plus the PDFs you've uploaded, delivered as a signed download link. That's the portability right and the access right at the same time.

Correct anything that's wrong. Edit the record directly. Every entry on the timeline is editable.

Delete everything. The in-app account-delete flow soft-deletes the same day and hard-deletes within 30 days, including from backups.

Restrict or object. AI features are consent-gated and can be turned off in settings. Reminder categories can be turned off the same way. Marketing email is opt-in and the unsubscribe link is in every message.

Withdraw consent. Anywhere you said yes, you can say no. The setting is in the same place you turned it on.

Do-not-sell, do-not-share, and the right to limit use of sensitive personal information (CCPA and CPRA): we don't sell, and we don't share for cross-context behavioral advertising, so there's nothing to opt out of. If that ever changes, this section changes first.

To exercise any of these, or to ask anything else, reach us through the contact form and pick Privacy as the topic.

Where your data lives

Veta's servers are in the United States. If you're in the EU or the UK, your data crosses the Atlantic to reach us.

We rely on Standard Contractual Clauses with the US-based vendors listed above to cover that transfer, and we keep the agreements current as the SCC framework updates.

We don't currently offer Veta directly inside the EU. If we begin to, we'll designate an EU Representative under GDPR Article 27 and update this page before the launch. We'd rather tell you that's still pending than pretend it isn't.

Children

Veta is for adults who care for animals. We don't knowingly collect data from children, and our Terms set the account minimum at 16.

If you're a parent or guardian and you think a child has signed up, write to us through the contact form and we'll remove the account.

How long we keep it

While your account is active, your data stays. The whole point is that the timeline is there when you need it, two years later, in the parking lot before a recheck.

Audio recordings of vet visits are deleted after 30 days unless you pin them. Pinned audio stays as long as the account does.

When you delete your account, the soft-delete is immediate. The hard-delete from our primary systems and backups completes within 30 days.

Operational logs (the AI call audit, the scheduled-job logs, error reports) are retained for 12 months and then destroyed.

If your pet has passed and you've asked us to keep the records as a legacy, we keep them as long as you'd like. That choice is yours, not ours.

Security

Your data is encrypted in transit and encrypted at rest.

Every user-data table on our database is fenced with row-level security. Your records are unreachable to other accounts at the database level, not just the app level.

Your card number never touches our servers. Apple and Google handle payment information through their own billing systems (StoreKit on iPhone, Play Billing on Android).

The internal AI request audit log is internal-only. It isn't readable by your account, and it isn't readable by other accounts.

We patch on a regular cadence and rotate credentials on a regular cadence. No system is perfect; we treat security as work that's never done.

Changes to this policy

If we change anything material, we'll email you at least 30 days before it takes effect. Material changes include adding a new vendor, adding a new data category, or meaningfully changing how we use what we already have.

The date at the top of this page reflects the current version. If you want to read the policy carefully before agreeing to a change, the 30 days is for that.

Contact us

Questions, requests, or anything else: write to us through the contact form and pick Privacy or General as the topic. A real person responds, typically within three business days.