Privacy Policy

Last updated: April 17, 2026

This Privacy Policy describes how Blue Vet ("we", "our", "us") collects, uses, and protects your information when you use our veterinary practice management service ("Service").

1. Information We Collect

Account Information

When you register, we collect: clinic name, your full name, email address, and a hashed password. We never store your plain-text password.

Clinic Data

You and your team enter operational data into the Service: patient records, owner contacts, appointments, inventory, prescriptions, sales, and finance records. This data belongs to your clinic.

Payment Information

Subscription payments are processed by LemonSqueezy, our payment processor. We do not store your card details. LemonSqueezy shares with us only: customer ID, subscription status, email, and billing country.

Technical Data

We log IP addresses, browser type, pages visited, and timestamps for security and diagnostics.

2. How We Use Your Information

• To provide and maintain the Service
• To authenticate you and keep your account secure
• To process subscription payments
• To send you transactional emails (account, billing, security)
• To respond to support requests
• To detect and prevent abuse, fraud, and security incidents

3. Data Isolation

Every clinic's data is strictly isolated. Users from one clinic cannot access another clinic's patients, staff, inventory, or finances. This is enforced at the application level on every request.

4. How We Share Information

We do not sell your data. We share information only with:

• Hostinger — hosting infrastructure (EU/US data centers)
• LemonSqueezy — subscription billing
• Law enforcement — only when legally required

5. Data Retention

Your clinic data is retained as long as your subscription is active. After cancellation, data is retained for 30 days (recovery window), then permanently deleted. You may request immediate deletion at any time.

6. Your Rights

Under GDPR and similar laws, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (right to be forgotten)
• Export your data (portability)
• Restrict or object to processing
• Lodge a complaint with a supervisory authority

To exercise any right, email privacy@bluevet.app.

7. Security

• Passwords are hashed with bcrypt (12 rounds)
• All connections use HTTPS/TLS
• Session tokens (JWT) expire after 24 hours
• Rate limiting prevents brute-force attacks
• Parameterized queries prevent SQL injection
• Automatic daily backups

8. International Transfers

Your data may be stored and processed in countries outside your own. We use providers with standard contractual clauses to ensure equivalent protection.

9. Children

The Service is not directed at children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Policy. Material changes will be announced in-app or by email at least 30 days before taking effect.

11. Contact

For privacy questions: privacy@bluevet.app

Legal entity: [YOUR COMPANY NAME], [YOUR ADDRESS]. Please replace with your registered business details before launch.