Privacy Policy

We collect information you provide directly: your name, email address, and practice information when you create an account. We also collect audio recordings you submit for transcription, the transcripts produced from those recordings, and the SOAP notes generated from transcripts. We store this data in Supabase, hosted in the United States.

We use your information to:

• Provide and improve the VetStack service
• Process audio through Deepgram's transcription API
• Generate SOAP notes through Anthropic's Claude API
• Send transactional emails (receipts, password resets)
• Analyze usage patterns to improve the product

We do not train AI models on your clinical data without your explicit opt-in consent.

We share your data only with the service providers necessary to operate VetStack: Deepgram (audio transcription), Anthropic (SOAP generation), Supabase (database and storage), Clerk (authentication), Stripe (payments), and Vercel (hosting). These providers are contractually obligated to protect your data.

We do not sell your data to third parties.

Audio files are encrypted at rest (AES-256) and in transit (TLS 1.2+). Database access is controlled by row-level security policies — your practice's data is never accessible to other practices. We maintain audit logs of data access. Audio files are automatically deleted after 90 days (configurable per practice).

VetStack processes veterinary patient information, which is not Protected Health Information (PHI) under HIPAA (which applies to human healthcare). However, we have designed VetStack with HIPAA-inspired security practices because your patients' medical information deserves the same care. We recommend consulting your own compliance advisor regarding your specific regulatory obligations.

Audio recordings are deleted after 90 days by default (Solo plan: 1 year, configurable). Transcripts and SOAP notes are retained until you delete them or close your account. You can export and delete all your data at any time from Settings.

You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@vetstack.co. We will respond within 30 days.

We use session cookies for authentication (managed by Clerk) and analytics cookies (PostHog). We do not use third-party advertising cookies. You can disable cookies in your browser settings, though this may affect authentication.

We will notify you of material changes to this policy via email and an in-app notice at least 14 days before the change takes effect.

Questions about this policy? Email privacy@vetstack.co.