1. Who we are
Vetch Health Ltd. (“Vetch,” “we,” “us”) is the data controller for visitors to our marketing site (vetch.vet). When clinics use the Vetch platform, the clinic is the controller of patient and client records and Vetch acts as a processor under their direction. Our Data Processing Addendum at /legal/dpa governs that relationship.
2. What we collect
From website visitors
- Pages viewed, referring URL, browser type, device type, approximate location (city / region from IP), and timestamps — collected via cookies and analytics tools.
- Form submissions: name, work email, clinic name, phone number, and any details you give us when you book a demo, request migration help, or contact support.
From clinic users (the platform)
- Account profile: name, email, role, clinic affiliation, authentication credentials.
- Usage telemetry: feature usage, performance, errors. Used to improve the product, never sold.
- Practice content: SOAPs, schedules, billing, comms, reports — handled per the clinic’s DPA. We don’t sell or train shared models on practice content.
3. How we use it
- To deliver and maintain the website and the Vetch platform.
- To respond to demo requests, support tickets, and sales conversations.
- To send service notices, security alerts, and (with your consent or legitimate interest) product updates.
- To improve the product, prevent abuse, and meet legal obligations.
4. Legal bases (UK GDPR / DPA 2018)
We rely on contract (to provide services you’ve asked for), legitimate interests (running our business, securing the service), legal obligation (tax, accounting, security incidents), and consent where required (marketing emails, non-essential cookies).
5. Sharing
We share personal data with vetted sub-processors that help us run Vetch — see the current list at /legal/dpa. We don’t sell personal data, and we don’t share it for cross-context behavioural advertising. Where required, we share with regulators, law enforcement, or in response to lawful requests.
6. International transfers
Data may be processed in the United Kingdom, European Economic Area, and the United States. Where personal data leaves the UK, we rely on the UK International Data Transfer Addendum (IDTA) and the EU Standard Contractual Clauses with a transfer impact assessment. Regional data residency is available on Group plans on request.
7. Retention
- Marketing-site form submissions: kept while we’re actively in conversation, then up to 24 months after last contact, unless you ask us to delete sooner.
- Platform records: retained per the clinic’s configuration and applicable laws (RCVS record-keeping guidance typically requires retention for a minimum of 2 years after the last visit, longer for controlled drugs and surgical records).
- Audio captured by the AI scribe is purged within 7 days unless the clinic explicitly flags a visit for training (opt-in, per visit).
8. Your rights
Under the UK GDPR and the Data Protection Act 2018 you have the right to access, rectify, erase, port, restrict, or object to the processing of your personal data, and to object to direct marketing. Email privacy@vetch.vet and we will respond within one month. You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk — though we’d appreciate the chance to put things right first.
9. Cookies and tracking
See our Cookie Policy for the categories we use, who they’re served by, and how to opt out.
10. Security
We maintain administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls, mandatory MFA for staff, and continuous logging. Details are at /legal/security.
11. Children’s privacy
Vetch is a B2B service and is not directed to children under 13. We don’t knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes
We’ll update the “Last updated” date when we change this policy. Material changes are also announced via email to active customers and a banner on our marketing site.
13. Contact
Data controller: Vetch Health Ltd.. Privacy questions and data-subject requests: privacy@vetch.vet. Postal address available on request. Our supervisory authority is the ICO.