DRAFT — REQUIRES SOLICITOR REVIEW
Privacy Policy
Last updated: [DATE]
1. Who We Are
1.1 Bevetu Ltd (“we”, “us”, “Bevetu”) is the data controller for personal data collected through the Bevetu mobile application and website (“App”).
1.2 Company details:
- Company name: Bevetu Ltd
- Registered in: England and Wales
- Company number: [PLACEHOLDER]
- Registered office: [PLACEHOLDER]
- Contact: [PLACEHOLDER]
1.3 We have not appointed a Data Protection Officer (DPO) at this time. For data protection queries, contact us at the email above.
2. What Data We Collect
2.1 Account data:
- (a) Given name, family name
- (b) Email address
- (c) Password (hashed — we never store plain text)
- (d) Google account identifier (if using Google OAuth)
- (e) Profile picture (optional)
2.2 Pet data:
- (a) Pet name, species, breed, colour, gender, date of birth
- (b) Weight, neutered/spayed status
- (c) Microchip number (optional)
- (d) Profile picture (optional)
2.3 Health tracking data:
- (a) Daily records: food, water, walking, toilet, vitals, sleep, GI health, medications, discomfort, photos, notes
- (b) Medication details: name, dosage, schedule, inventory
- (c) Veterinary documents: vaccines, appointments, lab reports (uploaded files)
2.4 AI health assessment data:
- (a) Symptoms described by you
- (b) AI-generated health assessment results
- (c) Assessment case history
2.5 Payment data:
- (a) Subscription plan and status
- (b) Payment is processed by Stripe — we do NOT store your card details
2.6 Technical data:
- (a) IP address, browser type, device information
- (b) App usage analytics (if you have consented to analytics cookies)
- (c) Geolocation (only when you use the “Nearby Vets” feature, with your permission)
2.7 Communication data:
- (a) Bug reports, feedback, and support messages submitted via the Contact page
2.8 Website contact form data:
- (a) Name, email address, and message submitted via our contact form
- (b) This data is processed to respond to your enquiry only
- (c) Lawful basis: Legitimate interest (Art. 6(1)(f))
- (d) Retention: Contact form submissions are retained for [PLACEHOLDER] months, then deleted
3. How We Use Your Data
3.1 We process your data on the following lawful bases:
| Purpose | Lawful Basis | Data Used |
|---|---|---|
| Providing the App service | Contract (Art. 6(1)(b)) | Account, pet, health tracking data |
| AI health assessments | Contract (Art. 6(1)(b)) | Symptoms, pet signalment, weekly health data |
| Processing payments | Contract (Art. 6(1)(b)) | Account data, subscription plan |
| Sending service notifications | Contract (Art. 6(1)(b)) | Email, notification preferences |
| Analytics and app improvement | Consent (Art. 6(1)(a)) | Technical data, usage patterns |
| Marketing communications | Consent (Art. 6(1)(a)) | Email, name |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) | As required |
| Protecting our legal interests | Legitimate interest (Art. 6(1)(f)) | As necessary |
3.2 We will NEVER:
- (a) sell your personal data to third parties;
- (b) use your pet health data for advertising purposes;
- (c) share identifiable health data without your explicit consent.
4. AI Health Assessment Data
4.1 When you use the AI health assessment feature, we process the symptoms you describe along with your pet's profile data (species, breed, age, weight, gender) and recent health tracking data.
4.2 AI health assessment data is processed to generate health insights. This processing is necessary for the performance of our contract with you.
4.3 We may use anonymised and aggregated health assessment data to improve our AI models. This data cannot be linked back to you or your pet.
4.4 If you choose to share data to Anibrary, it is anonymised before publication. See clause 9 of our Terms & Conditions.
5. Sharing Your Data
5.1 We share data with the following categories of recipients:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Account email, subscription details |
| OAuth authentication (if used) | Google account identifier | |
| Cloud hosting provider | Infrastructure | All data (encrypted at rest) |
| [PLACEHOLDER] | App analytics (with consent) | Anonymised usage data |
5.2 Shared health assessment reports: When you generate a share link for a health assessment report, anyone with the link (and password, if set) can view the report. You control who you share links with.
5.3 We do not transfer your data outside the UK unless necessary for service provision (e.g., cloud hosting). Where we do, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
6. Data Retention
6.1 We retain your data for as long as your account is active.
6.2 When you delete your account:
- (a) Account data, pet profiles, health records, and assessment history are permanently deleted within 30 days;
- (b) Anonymised data contributed to Anibrary is NOT deleted (it is no longer linked to you);
- (c) Payment records may be retained for up to 7 years for accounting and tax compliance.
6.3 If your account is inactive for [PLACEHOLDER] months, we may contact you before deleting it.
7. Your Rights
7.1 Under UK GDPR, you have the right to:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Contact us or use Settings |
| Rectification | Correct inaccurate data | Edit in app or contact us |
| Erasure | Request deletion of your data | Delete account in Settings |
| Restriction | Restrict processing in certain circumstances | Contact us |
| Portability | Receive your data in a machine-readable format | Contact us |
| Object | Object to processing based on legitimate interest | Contact us |
| Withdraw consent | Withdraw consent for analytics/marketing | Settings > Privacy |
7.2 To exercise any right, contact us at [PLACEHOLDER]. We will respond within one month.
7.3 You have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk — Phone: 0303 123 1113
8. Cookies
8.1 We use cookies and similar technologies. See our Cookie Policy for full details.
8.2 You can manage cookie preferences at any time in Settings > Privacy.
9. Children
9.1 The App is not intended for use by anyone under 18. We do not knowingly collect data from children.
10. Security
10.1 We implement appropriate technical and organisational measures to protect your data, including:
- (a) Encryption in transit (TLS/HTTPS) and at rest;
- (b) HTTP-only cookies for session management;
- (c) Hashed passwords (never stored in plain text);
- (d) Access controls and authentication;
- (e) Regular security reviews.
10.2 No system is 100% secure. If we become aware of a data breach that is likely to result in a risk to your rights, we will notify you and the ICO as required by UK GDPR.
11. Changes to This Policy
11.1 We may update this policy from time to time. We will notify you of material changes via the App or email.
11.2 The “last updated” date at the top of this policy indicates the most recent revision.
12. Contact Us
12.1 For data protection queries:
Email: [PLACEHOLDER]
Address: [PLACEHOLDER]
DRAFT — REQUIRES SOLICITOR REVIEW