Vetch for multi-location practices is now in private beta · Join the waitlist →
VetchVetch
Trust & security

The chart is yours. The keys, the logs, and the kill-switch — also yours.

Vetch runs the regulated parts of veterinary practice on infrastructure built for regulated environments. Encryption you'd expect, audit you can read, AI you can rein in.

Book a demo Read the security doc
SOC 2 Type II audited · HIPAA BAA included · ISO 27001 on the 2026 roadmap
vetch.vet/trustLive audit · this morning
Vetch · trust posture
Ask before acting.
Off
Vetch stays out
Suggest only
Drafts in a panel
Ask before acting
Confirm each action
Auto-run safe actions
High-stakes still pause
Per-capability override
ScribeAuto
CommsAsk
BillingAsk
SchedulingAuto
Always confirmed: controlled-substance signing, charging cards, and external messages — even on Auto.
audit · 7 events today · admin view
Exportable
Every action attributed.
  • 09:42
    Vetch drafted SOAP Atlas Park · annual
  • 09:41
    Sarah K charged $148.50 Anderson · 3 pets
  • 09:38
    Vetch sent SMS reminder Buchholtz Dairy
  • 09:30
    Dr. Sample signed chart Vetch Romero · limp (3rd visit)
    Signed
  • 09:18
    Vetch paused for review Bailey · ear flare · confidence 71%
    Paused
Filterable by actor, action, time, entity. CSV export. Every Vetch-staff access is in here too.
Built like healthcare, runs like software

Six things you should be able to see, control, and prove.

Encryption

Encrypted end to end

TLS 1.2+ in transit, AES-256 at rest. AWS KMS for key management; customer-managed keys on Group plans.

Audit log

Every action attributed

Every action — Vetch or human — is timestamped, attributed, and exportable. Admin-accessible, filterable, no silent edits.

Access

Right people, right rooms

SSO via SAML/OIDC, mandatory MFA, role-based access down to the field level. Quarterly access reviews; same-day de-provisioning.

AI guardrails

Vetch you can rein in

Off / Suggest / Ask / Auto — per-clinic, per-capability. High-stakes actions (controlled-substance signing, charging cards, external messages) always pause for a human.

Your data

Exportable, always

Charts, financials, recall queues — clean CSV/PDF exports, free, no questions. We earn the renewal every year, not by holding data hostage.

Resilience

Ready when it isn’t

24/7 on-call, 72-hour customer breach notification, RPO 5 min / RTO 4 hr, quarterly DR drills. A plan that’s rehearsed, not printed.

Compliance

Aligned to the frameworks that matter.

We follow the regulated-healthcare playbook — third-party attested, BAA-ready, and honest about what's audited today vs. what's on the roadmap.

  • SOC 2 Type II — independently audited annually. Report under NDA via the trust portal.
  • HIPAA — BAA included on every plan. Aligned to the Security and Privacy Rules.
  • GDPR / UK GDPR — SCCs, transfer impact assessment, EU data residency on Group plans.
  • PCI DSS — payments handled by Stripe (PCI Level 1). Vetch never stores raw card data.
  • ISO 27001 — controls already mapped in our ISMS; certification target is 2026.
By the numbers
Customer breach notification< 72 hr
RPO / RTO5 min / 4 hr
MFA coverage (Vetch staff)100%
Pen tests / year4 (third-party)
Customer data used to train shared models0

Honest answers.

In Settings → Audit. Filterable by actor, action, time, and entity. Exportable as CSV. Admin role required.

Trust isn’t a banner. It’s the way the system runs.

See the architecture in 30 minutes — book a walkthrough with our security team on the call.

Book a demo Read the security doc