Privacy Policy

1. Introduction

Welcome to Petus AI ("Petus," "we," "us," or "our"). We are committed to protecting your privacy and the privacy of information you share about your pets. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and AI-powered pet health companion services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: When you create an account, we collect your name, email address, and any profile information you choose to provide.
• Pet Information: Information about your pets, including name, species, breed, age, weight, health history, and any notes or medical records you provide.
• Health Queries and Conversations: The messages, questions, and descriptions you submit to our AI health assistant, including chat history and conversation context.
• Uploaded Images: Photos of your pets that you upload for health assessment or to store in your pet's profile, which may include images showing symptoms, conditions, or general pet photos.
• Contact Information: When you contact us through our contact form, we collect your name, email address, subject, and message content.
• Waitlist Information: If you join our waitlist, we collect your email address and your country (detected from your IP address).

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Device and Browser Information: User agent string, which may include browser type, operating system, and device type.
• Usage Data: Pages visited, time spent on pages, scroll depth, and engagement metrics.
• Referral Information: The website or source that referred you to our Service.
• Geographic Information: Country-level location data derived from your IP address (we do not collect precise geolocation).
• Campaign Data: UTM parameters and marketing campaign identifiers when you arrive via marketing links.
• Session Information: Anonymous session identifiers to understand user journeys within a single visit.

2.3 Information from Third-Party Authentication

If you choose to sign in using a third-party service (such as Google), we receive certain profile information from that service, including your name, email address, and profile picture, as permitted by your privacy settings with that service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Improve the Service: To operate our AI pet health assistant, personalize your experience, and improve our algorithms and service quality.
• Pet Health Guidance: To process your health queries through AI and provide relevant pet health information and guidance.
• Communication: To respond to your inquiries, send service-related emails, waitlist updates, and important notices about your account.
• Analytics: To understand how users interact with our Service, identify trends, and improve user experience.
• Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Artificial Intelligence and Machine Learning

Our Service uses artificial intelligence (AI) and machine learning (ML) technologies to provide pet health guidance. Here's how your data is processed:

4.1 AI Processing

• Query Processing: When you submit health questions or concerns, your queries are processed by third-party AI models to generate relevant health guidance.
• Image Analysis: If you upload images, they may be analyzed by AI to help identify visible symptoms or conditions.
• Context Usage: Your pet's profile information (species, breed, age, weight) is used to provide more personalized and relevant responses.

4.2 AI Limitations

Please note that AI-generated responses are for informational purposes only and do not constitute veterinary medical advice, diagnosis, or treatment. Always consult with a qualified veterinarian for your pet's health needs.

4.3 Data Training

We do not use your personal conversations, pet health data, or uploaded images to train our AI models without your explicit consent. Third-party AI providers may have their own data usage policies, which are described in Section 5.

5. Third-Party Services and Data Sharing

We work with trusted third-party service providers to operate our Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data:

5.1 AI and Machine Learning Providers

We use third-party AI model providers to power our health assistant. Your queries and pet context are sent to these providers' APIs for processing. We select providers that do not use API data to train their models and that maintain strong data protection practices. The specific providers we use may change over time as we evaluate the best options for accuracy and privacy.

5.2 Infrastructure and Hosting

• Vercel: Our website and application are hosted on Vercel's infrastructure. Vercel processes server logs and may collect technical data as described in their Privacy Policy.
• Neon (PostgreSQL): Our database is hosted on Neon's serverless PostgreSQL platform. All user data, pet information, and conversation history are stored securely with Neon. Their data handling practices are described in their Privacy Policy.
• Vercel Blob Storage: Uploaded images and files are stored using Vercel's blob storage service.

5.3 Communication Services

• Resend: We use Resend to send transactional emails (welcome emails, contact confirmations, notifications). Your email address and name may be processed by Resend as described in their Privacy Policy.

5.4 Authentication

• NextAuth.js: We use NextAuth.js for authentication. If you use Google Sign-In, Google's data practices apply as described in their Privacy Policy.

5.5 Other Disclosures

We may also disclose your information:

• To comply with legal obligations, court orders, or legal processes
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (you will be notified of any such change)
• With your consent or at your direction

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy:

• Account Data: Retained while your account is active. Upon account deletion, your data will be removed within 30 days.
• Pet Information: Retained while your account is active and deleted along with your account.
• Conversation History: Retained while your account is active. You can delete individual conversations at any time.
• Waitlist Data: Retained until you unsubscribe or the waitlist program ends.
• Contact Messages: Retained for up to 2 years after resolution for quality assurance and legal purposes.
• Analytics Data: Anonymized and aggregated analytics data may be retained indefinitely.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You can request a copy of the personal information we hold about you and receive it in a structured, commonly used format.

7.2 Correction

You can update or correct your account information at any time through your account settings, or by contacting us.

7.3 Deletion

You can request deletion of your account and personal information. We will delete your data within 30 days, except where we are required to retain it for legal purposes.

7.4 Opt-Out

• Marketing Communications: You can unsubscribe from marketing emails using the link provided in each email.
• Analytics: You can use browser privacy features or extensions to limit analytics tracking.

7.5 Data Processing Objection

You may object to certain processing of your personal information where we rely on legitimate interests as the legal basis.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@petus.ai. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

8.1 What We Use

We use minimal tracking technologies to operate our Service:

• Session Storage: We use session storage (not persistent cookies) to maintain your session and track anonymous session IDs for analytics within a single browser session.
• Authentication Cookies: Essential cookies are used to maintain your login session when you authenticate.
• Theme Preferences: We store your dark/light mode preference locally.

8.2 What We Don't Use

We do not use:

• Third-party advertising cookies
• Cross-site tracking
• Fingerprinting technologies
• Social media tracking pixels

8.3 Your Choices

Most web browsers allow you to control cookies through their settings. Note that disabling essential cookies may affect the functionality of our Service.

9. Children's Privacy

Our Service is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@petus.ai. If we discover that we have collected personal information from a child under the applicable age, we will promptly delete that information.

Users between 13-18 years of age should have parental consent before using our Service or providing any personal information.

10. International Data Transfers

Petus AI operates from the United Kingdom. If you access our Service from outside the UK, please be aware that your information may be transferred to, stored, and processed in:

• The United Kingdom (our primary location)
• The United States (where many of our service providers, including Vercel, Neon, and Resend, operate)
• Other countries where our service providers maintain facilities

These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with all service providers
• Selection of service providers that maintain appropriate security certifications

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted in our database.
• Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their duties.
• Secure Infrastructure: We use reputable cloud providers with SOC 2 and ISO 27001 certifications.
• Regular Security Reviews: We regularly review and update our security practices.
• Authentication Security: We support secure authentication methods and OAuth 2.0.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

12. Links to Third-Party Websites

Our Service may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify registered users via email
• Display a prominent notice on our Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@petus.ai
• General Inquiries: hello@petus.ai
• Website: petus.ai/contact

Petus AI
London, United Kingdom

We will respond to your inquiry within 30 days.

15. Additional Information for Specific Jurisdictions

15.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, we process your personal data under the following legal bases:

• Contract Performance: To provide you with the Service you requested
• Legitimate Interests: For analytics, security, and service improvement
• Consent: Where you have provided explicit consent for specific processing
• Legal Obligations: To comply with applicable laws

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

15.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at privacy@petus.ai.