VetCaseIQ

Privacy

Privacy in this MVP

A plain-language summary of how data is handled today. This is not a substitute for a formal privacy or compliance review.

What happens to your data

  • Controlled beta: access requires an account and is limited to invited participants. This is clinical decision support / coverage review software — it does not diagnose or replace a veterinarian.
  • Clinical data is ephemeral. Case data, uploaded files, and generated reports are processed in memory to produce output and are NOT stored on the server or in any server-side database.
  • Account data only is stored server-side (email, a securely hashed password, session, and rate-limit/audit metadata) in a local database, kept separate from clinical content.
  • Uploaded PDF, DOCX, and TXT files are parsed in memory; extracted text is used only to produce your report during your session.
  • Workflow state (your in-progress case and report) is kept in your browser's session storage and is cleared when you close the tab or log out.
  • Case content is sent to the configured AI provider (OpenAI) to generate follow-up questions, the report, and chat responses. API keys are held server-side only.
  • We do not log clinical records, uploaded text, generated reports, personal data, or secrets. Operational logs contain only short event names and privacy-safe metadata (e.g., a truncated IP).

Your responsibilities

  • Do not upload sensitive data unless you are authorized to do so.
  • Do not upload data you do not have permission to share.
  • This product is not currently configured for regulated medical record storage.

Future production deployments

Any production deployment intended to handle real clinical records may require a formal privacy, security, and compliance review, including data processing agreements with any subprocessors and an assessment of applicable regulations. This MVP makes no compliance claims.