Privacy Policy

PawPinion, Inc. (“PawPinion,” “Company,” “we,” “us,” or “our”), a corporation organized and existing under the laws of the State of Arizona with its principal place of business at Phoenix, Arizona, operates the website located at pawpinion.app, together with any associated mobile applications, subdomains, application programming interfaces (APIs), widgets, email communications, support portals, and all related online services (collectively, the “Platform”).

The Platform functions exclusively as a technology-enabled online marketplace that connects pet owners (“Users,” “you,” “Clients,” or “Pet Owners”) with independent, licensed veterinary specialists (“Specialists” or “Providers”) for paid second-opinion consultations. Users upload pet case materials for review; Specialists provide written informational opinions. PawPinion itself does not practice veterinary medicine, establish any veterinarian-client-patient relationship (VCPR), render diagnoses, prognoses, treatments, prescriptions, recommendations, emergency advice, or any form of professional veterinary services whatsoever. We act solely as a neutral technology facilitator, marketplace operator, and payment processor intermediary.

This Privacy Policy provides a comprehensive description of how we collect, receive, access, use, process, store, protect, disclose, transfer, retain, and delete personal information, pet health-related data, and any other information submitted through or generated by the Platform. By accessing, registering an account on, uploading any materials to, making any payment through, communicating with, or otherwise using the Platform in any manner whatsoever, you expressly acknowledge that you have read, understood, and consent to all practices described in this Policy. If you do not agree with any provision, you must immediately cease all use of the Platform and delete your account.

1. Definitions

For clarity, the following defined terms apply throughout this Policy:

• “Personal Information” means any information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household;
• “Pet Health Data” means any information concerning the health, medical history, symptoms, diagnoses, treatments, or condition of your pet(s);
• “Sensitive Personal Information” includes precise geolocation, financial account details, and certain health-related data (though pet health data is treated with equivalent care).

2. Scope and Applicability

This Privacy Policy applies globally to all visitors, registered Users, Specialists, support interactions, and any other persons who interact with the Platform. It governs all data collected online through the Platform. It does not apply to: (i) offline data collection; (ii) third-party websites or services (even if linked); (iii) data processed independently by Specialists in their own professional practices; or (iv) aggregated, de-identified, or anonymized data that cannot be linked back to an individual.

3. Information We Collect

3.1 Information You Provide Voluntarily

We collect: full legal name, email address, password, telephone number, mailing address, date of birth (for age verification), profile photograph, preferred language, pet name(s), species, breed(s), age, sex, neutered status, weight, color/markings, microchip number, insurance policy details, complete medical history, current symptoms and timelines, prior treatments and medications, vaccination records, and any uploaded files including laboratory results, radiographs, ultrasound images, CT/MRI scans, photographs, videos, PDFs, DICOM files, handwritten notes, or other diagnostic materials. We also collect payment and billing information (processed exclusively by our third-party processor Stripe: we never store full card numbers, CVV codes, or expiration dates), support ticket content, chat messages, feedback forms, survey responses, and any dispute-related communications.

3.2 Automatically Collected or Derived Information

We automatically collect technical and usage data including IP address, browser type/version, operating system, device type/model, unique device identifiers, mobile network information, screen resolution, language settings, access times/dates, pages viewed, navigation paths, clickstream data, referral sources, search queries performed on the Platform, interaction metrics with features, and error logs. We use only strictly necessary first-party cookies, local storage, and similar technologies for authentication, security, functionality, fraud prevention, and basic performance analytics. We do not use third-party advertising cookies, tracking pixels, or cross-site behavioral tracking.

3.3 Information Received from Third Parties

We may receive limited verification data from Stripe (payment confirmation, fraud risk scores), public veterinary licensing databases (for Specialist verification), and analytics/security service providers (aggregated insights only). We expressly disclaim any responsibility for the accuracy or completeness of any data received from third-party service providers (including Stripe, Supabase, or any licensing databases).

4. How We Use Your Information

We process information solely for the following legitimate purposes:

• Account creation, identity verification, and ongoing management;
• Intelligent matching of cases to appropriately qualified Specialists;
• Secure upload, transmission, temporary storage, and delivery of case materials;
• Processing of payments, refunds (where granted), subscription management (including PawGuard), invoicing, and tax reporting;
• Delivery of Specialist opinions, status notifications, and support communications;
• Internal analysis and improvement of the Platform (using only de-identified or aggregated data);
• Detection and prevention of fraud, abuse, security incidents, or violations of our Terms of Service;
• Compliance with legal, regulatory, and judicial obligations;
• Resolution of disputes or chargebacks.

5. Legal Bases for Processing (Where Applicable)

For users in jurisdictions that require a legal basis (e.g., GDPR for EU/UK users, or similar laws elsewhere), our processing relies on: (i) performance of a contract with you; (ii) our legitimate business interests (e.g., platform security, fraud prevention, service improvement); (iii) compliance with legal obligations; or (iv) your explicit consent (where required and withdrawable).

6. Data Sharing and Disclosure

We never sell personal information, pet health data, or any other data to third parties for monetary or other valuable consideration. Sharing is strictly limited to:

• The specifically assigned Specialist (only the minimum case-specific data necessary, under binding confidentiality obligations);
• Service providers and processors under written data-processing agreements (Stripe for payments, Supabase for secure hosting and storage, cloud infrastructure providers, email/SMS delivery services, analytics tools — all required to maintain equivalent or higher security standards);
• Legal and regulatory authorities when required by subpoena, court order, governmental request, veterinary board inquiry, or to protect the rights, safety, or property of PawPinion, our users, Specialists, or the public;
• In connection with a corporate transaction (merger, acquisition, reorganization, bankruptcy, or sale of assets) with appropriate notice where required by law;
• With your explicit prior consent (e.g., when you request we forward an opinion to your primary veterinarian).

7. Data Security

We maintain a comprehensive, multi-layered information security program that includes: 256-bit TLS/SSL encryption for all data in transit; AES-256 encryption at rest for all databases and file storage; strict role-based access controls and least-privilege principles; mandatory multi-factor authentication for all accounts; regular independent penetration testing, vulnerability scanning, and security audits; continuous monitoring and logging; employee training and confidentiality agreements; and a documented incident-response plan that includes notification to affected users and regulators within required legal timeframes in the event of a breach.

Despite these measures, no internet-based system or electronic storage method is 100% secure. You are solely responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized access.

Pet health data uploaded to the Platform is not considered “medical records” under human healthcare laws (such as HIPAA) and is treated solely as user-submitted information for second-opinion facilitation purposes only.

8. Data Retention

We retain personal information and pet health data only for as long as necessary to fulfill the purposes outlined in this Policy, to comply with legal and regulatory obligations, to resolve disputes, or to enforce our agreements. Upon account deletion or closure, we will delete or anonymize personal identifiers from active systems within 30–90 days, subject to any required legal holds, backup retention periods, or aggregated analytics needs. Uploaded case files are retained for reference purposes unless you specifically request deletion (subject to legal exceptions). Fully de-identified or aggregated data may be retained indefinitely for research, statistical, and Platform improvement purposes.

9. Your Rights and Choices

Subject to applicable law, you have the right to: access the personal information we hold about you; correct inaccurate data; request deletion of your data (subject to exceptions); restrict or object to certain processing; data portability (where technically feasible); and withdraw consent where processing is based on consent.

California residents additionally enjoy rights under the California Consumer Privacy Act (CCPA/CPRA) to know categories and sources of collected information, request deletion or correction, opt out of any “sale” or “sharing” of personal information (we engage in neither), limit use of sensitive personal information, and receive non-discriminatory treatment.

To exercise any right, submit a verified request via the contact form on the website. We will verify your identity and respond within statutory timeframes (typically 45 days, extendable where permitted). We do not discriminate against users who exercise their rights.

Additional U.S. State Privacy Rights. Residents of states such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon, Texas, and any other applicable state privacy laws have similar rights regarding access, correction, deletion, and opt-outs of personal information and sensitive personal information (though we do not sell or share data). These rights can be exercised by submitting a verified request to privacy@pawpinion.app. We will respond in accordance with applicable state law timelines and do not discriminate against users exercising these rights.

10. Children's Privacy

The Platform is intended solely for individuals who are at least 18 years of age (or the age of majority in their jurisdiction). We do not knowingly collect, use, or disclose any personal information from children under 18. If we discover that we have inadvertently collected data from a child, we will promptly delete it and take reasonable steps to prevent future collection.

11. International Data Transfers and Adequacy

Our primary data processing occurs in the United States. For users located in the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, we implement appropriate safeguards for international transfers, including standard contractual clauses approved by relevant authorities, binding corporate rules (where applicable), or other lawful transfer mechanisms. By using the Platform, you explicitly consent to the transfer of your data to the United States and acknowledge that U.S. laws may offer different levels of protection than your home jurisdiction. We make no representations or guarantees regarding compliance with the veterinary telemedicine or data-protection laws of any specific jurisdiction.

12. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time in our sole discretion. When we make material changes, we will post the revised version on this page with an updated “Last Updated” date and, where appropriate, notify you by email to the address associated with your account or via a prominent in-app banner. Your continued access to or use of the Platform following the effective date of any revised Policy constitutes your acceptance of the changes. If you do not agree, you must stop using the Platform immediately and delete your account.

13. Contact Us

For any questions, concerns, data access/deletion requests, or complaints regarding this Privacy Policy, please contact our Privacy Officer via the dedicated support form on the Platform. We will respond promptly and work to resolve any issues.