Animedic

Privacy Policy

Effective April 22, 2026

This Privacy Policy describes how Animedic LLC (Animedic) collects, uses, and protects personal information when you use our practice-management services (the “Services”). We are based in Saint George, UT. Questions can be sent to privacy@animedic.app.

1. Who we are and who this applies to

Animedic is a software service sold to veterinary practices. This policy covers (a) people who sign up for and use an Animedicaccount (“Customers”), and (b) people whose information is entered into the Services by Customers, such as pet owners (“End Users”). For End-User data, the Customer is the controller and we are the processor; the Customer’s own privacy notices apply.

2. Information we collect

Directly from Customers

  • Account data: name, email, role, phone, password (stored hashed), multi-factor secrets (stored encrypted).
  • Practice data: practice name, address, tax ID, payment details (processed by our payment provider), logos, and configuration.
  • Customer support: messages and attachments you send when requesting help.

From use of the Services

  • Usage telemetry: pages visited, actions taken, device and browser information, IP address, and timestamps.
  • Audit logs:record-level access and modification events used to satisfy our customers’ compliance obligations.
  • Error reports: automated crash and error information used to improve reliability.

End-User data entered by Customers

Customers enter information about pet owners, patients, and related veterinary records into the Services. We do not control what Customers enter. We process End-User data solely on the instructions of the Customer, as described in our Data Processing Addendum.

3. How we use information

  • To provide, maintain, and improve the Services.
  • To authenticate users, protect accounts, and investigate abuse or security incidents.
  • To process payments, prevent fraud, and comply with tax and accounting obligations.
  • To send operational messages (product updates, billing, security alerts) and, with your consent, marketing messages.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell personal information. We do not use End-User data to train machine-learning models.

4. Legal bases (GDPR / UK GDPR customers)

Where GDPR / UK GDPR applies, we rely on: (a) performance of the contract between us and our Customer, (b) our legitimate interests in running and securing the Services, (c) compliance with a legal obligation, and (d) your consent where required. You may withdraw consent at any time.

5. How we share information

We share personal information with:

  • Service providers (subprocessors) who help us run the Services, under written agreements that protect your information. Current subprocessors include our hosting provider (Vercel), database provider (Supabase), email delivery provider (Resend), and payment processor (Stripe).
  • Legal and safety: to comply with law, legal process, or a lawful government request, or to protect our rights, property, or safety, or those of our users or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets. We will notify you before your information becomes subject to a different privacy policy.

6. Data retention

We retain Customer account data and End-User data for as long as a Customer’s account is active. Following account termination we retain data for up to 30 days to allow recovery, then delete or anonymize it, unless we are required to retain it to comply with legal obligations (for example, tax records for invoicing customers).

7. Security

We protect information with industry-standard measures including encryption in transit (TLS), encryption at rest on managed databases, row-level security, strong password hashing (bcrypt), optional two-factor authentication, column-level revocations on sensitive fields, one-way-hashed kiosk access tokens, audit logging, and regular security reviews. No security controls are perfect; we maintain an incident response process and will notify affected Customers without undue delay in the event of a personal-data breach.

8. International transfers

We are based in the United States and our primary hosting is in the United States. If you use the Services from outside the United States, your information will be transferred to and processed in the United States. For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses.

9. Your choices and rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information, subject to certain exceptions.
  • Object to or restrict certain processing.
  • Receive your information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise these rights, email privacy@animedic.app. For End-User data entered by a Customer, please contact the Customer (the veterinary practice) directly; we will support them in responding to your request.

10. Children

The Services are not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will take appropriate action.

11. California and other US state rights

California residents and residents of certain other US states have rights to know, access, delete, correct, and opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information in the sense defined by those statutes.

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice by email or through the Services at least 14 days before the change takes effect.

13. Contact

Questions or privacy requests: privacy@animedic.app, or by mail to Animedic LLC, Saint George, UT.