privacy policy

this is a placeholder. the formal policy is being drafted. the text below describes our intent in plain language; the binding version will replace this page before public launch. email privacy@sendavet.to with any specific questions.

we collect the minimum we need to make vetra work, and we don't sell your data. here's the plain-english version.

what we collect

• your email. when you send a vet or sign up via magic link, we store your email so we can deliver updates and authenticate you.
• vet content. the checklists, evidence files, and text reflections you submit. files are stored in google cloud storage; metadata in firestore.
• verification artifacts. when a vet is verified, we create a permanent record. these can be public (default) or private. you control the toggle.
• technical logs.ip addresses, user-agent strings, and timestamps for fraud detection and debugging. we don't display these publicly.
• nothing else. no third-party tracking pixels, no ad-network integrations, no behavioral profiling.

what we don't do

• we don't sell your data to anyone.
• we don't run ad targeting. our business model is paid subscription tiers.
• we don't share evidence files with anyone outside the parties to a vet, except as required by law.

who we share with (only as needed to operate)

• google firebase / google cloud. we host on google cloud platform. they process data on our behalf under their own contractual privacy terms.
• resend. we use resend to deliver transactional email (magic links, vet notifications, verification receipts).
• xai.when you describe a vet for the ai composer, your description is sent to xai's grok api to generate a checklist. xai processes this under their api terms; we don't send xai any evidence files or verified-artifact content.
• vercel. we host the web app on vercel.
• law enforcement.only when we're legally required (subpoena, warrant). we will push back on overbroad requests.

your rights

you can request access to, correction of, or deletion of your data anytime. email privacy@sendavet.to and we'll handle it within 30 days. note that verified artifact pages are designed to be immutable; deletion of an artifact is possible but treated as a serious request.

retention

active accounts: we keep your data while your account is active. inactive accounts: we may delete or de-identify after 24 months of inactivity. verified artifacts: kept indefinitely, since the whole point of a verified record is permanence.

children

vetra isn't directed at users under 13. we don't knowingly collect data from children under 13. parents using vetra to verify their kids' homework should send to themselves or supervise the magic-link interaction.