Privacy Policy

Effective Date: April 30, 2026

This Privacy Policy (“Policy”) describes how Doole Health S.L. (“VetOnCloud,” “we,” “us,” or “our”) collects, uses, stores, and discloses personal data when you access or use the VetOnCloud platform, website, and related services (collectively, the “Service”). By using the Service, you acknowledge that you have read and understood this Policy.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Doole Health S.L.
Email: info@vetoncloud.com

2. Categories of Personal Data Collected

2.1 Account Data

Full name, email address, hashed password, authentication provider identifiers (e.g., Google OAuth subject ID), and account preferences.

2.2 Organization Data

Organization name, membership roles, and invitation records associated with veterinary practices or clinics.

2.3 Usage Data

Clinical queries submitted to AI agents, conversation history, agent configurations, file uploads, API usage metrics, and technical logs (IP address, browser type, timestamps).

2.4 Payment Data

Billing information is processed by our third-party payment processor, Stripe, Inc. We do not store full credit card numbers on our servers. We may retain Stripe customer identifiers, subscription identifiers, and transaction metadata necessary for invoicing and support.

2.5 Cookies and Similar Technologies

We use session tokens and local storage for authentication and user preferences. We do not use third-party advertising or analytics cookies.

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the corresponding legal bases:

• Performance of contract — To provide, operate, and maintain the Service, including AI-assisted veterinary consultation tools, account management, and billing.
• Legitimate interests — To ensure the security and integrity of the Service, prevent fraud and abuse, provide technical support, and improve platform functionality.
• Legal obligation — To comply with applicable tax, accounting, and regulatory requirements.
• Consent — Where required by applicable law, we will obtain your consent before processing data for purposes not covered above (e.g., optional marketing communications). You may withdraw consent at any time.

4. Data Retention

We retain personal data for as long as your account remains active or as necessary to fulfill the purposes described in this Policy. Upon account deletion, we will remove or anonymize personal data within a reasonable period, except where retention is required by law, necessary for dispute resolution, or needed to enforce our agreements. Conversation data and clinical queries may be retained in anonymized form for service improvement purposes.

5. Third-Party Processors and International Transfers

To operate the Service, we share personal data with the following categories of third-party processors:

• OpenAI, L.L.C. — AI model provider for processing clinical queries. Data may be transferred to the United States.
• Stripe, Inc. — Payment processing. Data may be transferred to the United States.
• Railway Corp. — Cloud infrastructure and hosting.
• Amazon Web Services, Inc. — Email delivery (SES) and cloud services.

Where personal data is transferred outside the European Economic Area (“EEA”), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient’s adequacy decision or certification under an applicable data transfer framework.

6. Your Rights

Subject to applicable law, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your personal data (“right to be forgotten”).
• Restriction — Request that we limit the processing of your data in certain circumstances.
• Data portability — Receive your personal data in a structured, commonly used, and machine-readable format.
• Objection — Object to the processing of your personal data based on legitimate interests.
• Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@vetoncloud.com. We will respond within 30 days or as required by applicable law. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), hashed password storage, role-based access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such data promptly.

9. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Effective Date” at the top of this page and, where required by law, notify you by email or through the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Policy.

10. Contact

For questions or concerns regarding this Privacy Policy or our data processing practices, please contact:

Doole Health S.L.
Email: info@vetoncloud.com