VETLOOP PRIVACY POLICY Last Updated: [January __, 2026] Company: VetLoop, Inc. ("VetLoop," "we," "us," "our") Address: [Street, City, State, Zip] Contact: privacy@vetloop.com 1. Scope This Privacy Policy describes how VetLoop collects, uses, discloses, and protects information when you: - Visit our websites or marketing pages (the "Site"), - Use our platform and related services (the "Services"), including referral workflow tools, collaboration features, messaging, and analytics. This Policy does not cover third-party websites or services you may access via integrations. 2. Roles: "Customer" vs. "End Users" VetLoop is primarily a business-to-business platform. - Customers are veterinary practices, hospitals, specialty groups, or other organizations that subscribe to the Services ("Customer"). - End Users are individuals who access the Services through a Customer account, such as veterinarians, staff, contractors, and, if enabled, pet owners receiving updates or submitting forms ("End Users"). Controller/Processor For information that a Customer uploads or inputs into the Services (for example, referral details, attachments, communications), the Customer controls that data, and VetLoop processes it on the Customer's behalf as a service provider/processor. If you are an End User and want to exercise privacy rights related to Customer-controlled data, you should direct requests to the Customer first. 3. Information We Collect A. Information you provide to us - Account and profile information: name, email, phone, role/title, practice name, credentials, login details. - Support and communications: messages to support, call notes, feedback, form submissions. - Billing and contracting: billing contact info, invoices, payment status (payment processing may be handled by a third-party payment processor). B. Information processed in the Services (Customer Data) Depending on configuration, the Services may process: - Referral workflow data: referral requests, timestamps, statuses, scheduling outcomes, discharge summaries, and collaboration notes. - Attachments/records: lab results, imaging, PDFs, clinical notes, and related files. - Pet owner information (if included by Customer): name, contact info, appointment communications, and messages relating to a pet's care coordination. - Communications content: messages, notifications, and logs. C. Information collected automatically - Device and usage data: IP address, device type, browser, app events, log files, pages/screens viewed, and feature usage. - Cookies and similar technologies: for authentication, preferences, analytics, and marketing (see Section 7). D. Information from third parties - Integrations: practice management systems (PIMS), scheduling tools, messaging providers, identity/SSO providers, only as authorized by the Customer and the integration scope. - Sales/marketing sources: event registrations, lead lists, and enrichment (where permitted by law). 4. How We Use Information We use information to: - Provide and operate the Services (including referral routing, updates, collaboration features, and audit trails), - Secure the Services (access control, monitoring, fraud prevention), - Support and communicate with Customers and End Users (service notices, onboarding, training), - Improve and develop the Services (bug fixes, performance, product development), - Generate analytics and operational insights for Customers (including dashboards and benchmarking features, if offered), - Market and sell our Services (where permitted; you can opt out of marketing emails), - Comply with legal obligations and enforce our agreements. 5. Aggregated/De-Identified Data We may create aggregated and/or de-identified data from the Services (for example, trend reports on referral throughput or time-to-contact) in a way intended to not identify a specific individual, pet owner, or Customer. We may use this data to operate, improve, and market the Services, and to develop benchmarking and analytics offerings. We will not attempt to re-identify de-identified data except as permitted by law. 6. How We Disclose Information We may disclose information: - To the Customer and its authorized End Users, as part of normal Service operation. - To service providers/subprocessors who help us run the Services (cloud hosting, monitoring, analytics, customer support tools, email/SMS delivery). These providers are contractually required to protect information. - For legal and safety reasons, such as responding to lawful requests, protecting rights/safety, investigating misuse, or enforcing terms. - In a corporate transaction (financing, acquisition, bankruptcy, or sale of assets), subject to appropriate confidentiality protections. - With consent or at the Customer's direction (for example, enabling an integration). We do not "sell" personal information in the conventional sense. If we engage in targeted advertising on our Site, we provide choices as described in Section 9. 7. Cookies and Tracking We use cookies, pixels, and similar technologies on the Site to: - keep you logged in, - remember preferences, - measure Site performance, - run marketing campaigns. You can control cookies through browser settings and, where available, our cookie banner/preferences tool. Some features may not function without essential cookies. 8. Data Retention We retain information as needed to: - provide the Services, - comply with legal obligations, - resolve disputes, - enforce agreements. Customer Data is retained according to the Customer's instructions and our contract. After account termination, we retain and delete Customer Data per the agreement and our retention policy, subject to legal requirements. 9. Your Privacy Choices and Rights A. Marketing choices You can opt out of marketing emails by using the unsubscribe link or contacting us at privacy@vetloop.com. You may still receive operational emails (for example, security or billing notices). B. U.S. state privacy rights Depending on your state and our role (business vs. service provider), you may have rights to access, delete, or correct certain personal information, and to opt out of certain processing (for example, targeted advertising). California provides specific rights under the CCPA/CPRA framework. We will respond to verified requests as required by law. If we process information on behalf of a Customer, we may direct you to the Customer to fulfill your request. Submit requests: privacy@vetloop.com Appeals (if applicable): [appeals@vetloop.com] C. EEA/UK rights (if applicable) If GDPR applies, you may have rights to access, rectify, erase, restrict, object, or port your personal data, and to lodge a complaint with a supervisory authority. For Customer Data, the Customer is typically the controller. 10. Security We implement administrative, technical, and organizational measures designed to protect information. No system is 100% secure, and we cannot guarantee absolute security. 11. International Transfers If you access the Services from outside the United States, your information may be processed in the U.S. and other locations where we or our service providers operate. Where required, we use lawful transfer mechanisms. 12. Children's Privacy The Services are not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us. 13. Changes to this Policy We may update this Policy from time to time. The "Last Updated" date reflects the effective date. Material changes will be communicated through the Services or other appropriate means. 14. Contact Us Email: privacy@vetloop.com Mail: VetLoop, Inc., [Address]