Privacy Policy

Effective Date: April 5, 2026

Last Updated: April 5, 2026

Talk Dog, Inc. ("Talk Dog," "we," "us," or "our") is committed to protecting the privacy of individuals who interact with the Vet Ready platform. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you access or use our platform and related services (collectively, the "Services").

This Privacy Policy applies globally and is designed to comply with applicable data protection and privacy laws, including the European Union General Data Protection Regulation (GDPR), the UK General Data Protection Act, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable US state, federal, and international privacy laws. Where specific jurisdictions impose additional requirements, those are addressed in the jurisdiction-specific sections below.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

1. Definitions

"Personal Information" (also referred to as "personal data") means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or household.
"Processing" means any operation performed on Personal Information, including collection, recording, storage, retrieval, use, disclosure, and deletion.
"Platform" means the Vet Ready web-based software-as-a-service application.
"Customer" means the veterinary clinic, practice, or business entity that subscribes to the Services.
"Authorized Users" means individuals authorized by a Customer to access the Platform, including clinic staff and administrators.
"End Users" means pet owners or clients of a Customer who interact with the Platform.
"Service Provider" (also "Processor") means a third party that processes Personal Information on our behalf to help provide the Services.
"Sensitive Personal Information" means Personal Information that reveals racial or ethnic origin, religious beliefs, health information, biometric data, precise geolocation, or other categories designated as sensitive under applicable law.

2. Data Controller and Processor

2.1 When We Act as Controller

Talk Dog acts as the data controller (or equivalent designation under applicable law) for Personal Information we collect directly from you — for example, when you visit our website, create an account, or contact us.

2.2 When We Act as Processor

When Customers use the Platform to process data about their clients (End Users), Talk Dog acts as a data processor (or service provider) on behalf of the Customer. The Customer is the data controller for that data. If you are an End User and have questions about how your data is processed, please contact the veterinary clinic that directed you to the Platform.

2.3 Data Protection Officer

For inquiries related to data protection, you may contact our Data Protection Officer at:

Email: privacy@vetready.ai Mail: Talk Dog, Inc., Attn: Data Protection Officer, 24 Newark Pompton Tpke, Suite 207, Little Falls, NJ 07424, United States

3. Information We Collect

3.1 Information You Provide Directly

Account and Registration Data: Name, email address, phone number, job title, clinic name, and other information submitted during account creation or registration.
Billing and Payment Data: Payment method details, billing address, and transaction history. Payment card information is processed by our third-party payment processors and is not stored on our servers.
Communications: Content of emails, support requests, feedback, and other communications you send to us.
User Content: Any content, comments, or materials you submit through the Platform.
Pet and Client Information: Information about pets and their owners submitted by Customers through the Platform, including pet names, breeds, ages, behavioral observations, and visit history.

3.2 Information Collected Automatically

Device and Browser Data: IP address, browser type and version, operating system, device type, device identifiers, screen resolution, and language preferences.
Usage Data: Pages visited, features used, clickstream data, session duration, referring URLs, and interactions with the Platform.
Log Data: Server logs that record requests made to our servers, including timestamps, URLs, and error information.
Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies. See Section 9 for details.

3.3 Information from Third Parties

Authentication Providers: When you sign in using a third-party authentication service (e.g., Google), we receive basic profile information as authorized by you.
Analytics Providers: We may receive aggregated or pseudonymized analytics data from third-party analytics services.
Customers: Veterinary clinics may provide us with information about their staff and clients in connection with the Services.

4. How We Use Your Information

We process Personal Information for the following purposes:

4.1 Providing and Operating the Services

Creating and managing your account
Processing subscriptions and payments
Delivering the features and functionality of the Platform
Generating AI-powered pre-visit preparation guidance
Providing customer support and responding to inquiries
Sending transactional communications (e.g., account confirmations, security alerts, billing notifications)

4.2 Improving and Developing the Services

Analyzing usage patterns and trends to improve the Platform
Conducting research and development for new features
Performing internal analytics and reporting
Training and improving our AI models using aggregated and de-identified data

4.3 Security and Compliance

Detecting, preventing, and responding to fraud, abuse, and security incidents
Monitoring and enforcing compliance with our Terms of Service
Complying with applicable legal obligations, including responding to lawful requests from public authorities

4.4 Marketing and Communications

Sending promotional communications about our Services (where permitted by law and with your consent where required)
Personalizing your experience on the Platform
Conducting surveys and soliciting feedback

5. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your Personal Information based on the following legal bases under the GDPR:

Purpose	Legal Basis
Providing and operating the Services	Performance of a contract (Art. 6(1)(b))
Processing payments	Performance of a contract (Art. 6(1)(b))
Sending transactional communications	Performance of a contract (Art. 6(1)(b))
Improving and developing the Services	Legitimate interests (Art. 6(1)(f))
Security and fraud prevention	Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))
Marketing communications	Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f))
AI model improvement (aggregated data)	Legitimate interests (Art. 6(1)(f))

Where we rely on legitimate interests, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us.

6. How We Share Your Information

We do not sell your Personal Information. We share Personal Information only in the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process Personal Information on our behalf to help operate and improve the Services. These include:

Cloud Infrastructure: Hosting and data storage providers
Payment Processing: Payment processors that handle billing transactions
Email Services: Transactional and marketing email delivery providers
Analytics: Usage analytics and performance monitoring providers
Authentication: Identity verification and authentication service providers
AI Services: Artificial intelligence and machine learning service providers that assist with Platform features

All service providers are contractually obligated to process Personal Information only as instructed by us and in accordance with applicable data protection laws. A list of our current sub-processors is available upon request by contacting privacy@vetready.ai. We will provide at least thirty (30) days' advance notice to Customers before engaging a new sub-processor that processes Customer Data.

6.2 Customers

When an End User interacts with the Platform through a Customer's clinic, we share relevant information with that Customer as necessary to provide the Services.

6.3 Legal Requirements

We may disclose Personal Information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to: (a) comply with applicable law; (b) enforce our Terms of Service; (c) protect our rights, privacy, safety, or property, or that of our users or the public; or (d) respond to an emergency.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, Personal Information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

6.5 With Your Consent

We may share your Personal Information for other purposes with your explicit consent.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

Strictly Necessary Cookies: Required for the Platform to function. These cannot be disabled.
Functional Cookies: Remember your preferences and settings to provide a personalized experience.
Analytics Cookies: Help us understand how the Platform is used so we can improve it. We use privacy-focused analytics that do not track individuals across sites.

7.2 Your Cookie Choices

You can manage cookie preferences through our cookie consent banner, your browser settings, or by using a Global Privacy Control (GPC) signal. Note that disabling certain cookies may limit Platform functionality.

7.3 Do Not Track and Global Privacy Control

We honor Global Privacy Control (GPC) signals as required by applicable law, including the CCPA/CPRA, Colorado Privacy Act, Connecticut Data Privacy Act, and other US state laws that mandate recognition of universal opt-out mechanisms. When we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of Personal Information and for targeted advertising.

We do not currently respond to generic "Do Not Track" browser signals, as there is no industry-standard protocol for interpreting them.

8. International Data Transfers

Talk Dog is based in the United States. If you access the Services from outside the United States, your Personal Information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

8.1 EEA, UK, and Switzerland

For transfers of Personal Information from the EEA, UK, or Switzerland to the United States or other countries not deemed to provide an adequate level of data protection, we rely on:

EU-US Data Privacy Framework (DPF): Where applicable, we rely on the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US Data Privacy Framework as certified by the U.S. Department of Commerce.
Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (2021 version), supplemented with additional safeguards where necessary, as an additional transfer mechanism.
UK International Data Transfer Agreement (IDTA): For UK transfers, we use the UK IDTA or UK Addendum to the EU SCCs.
Transfer Impact Assessments: We conduct transfer impact assessments where required to evaluate the legal framework of the destination country and implement supplementary technical and organizational measures to ensure an adequate level of protection.

8.2 Other Jurisdictions

For transfers from other jurisdictions, we comply with applicable local requirements, which may include obtaining your consent, relying on adequacy determinations, or implementing appropriate contractual safeguards.

You may request a copy of the relevant transfer safeguards by contacting us.

9. Data Retention

We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

9.1 Retention Periods

Data Category	Retention Period
Account data	Duration of account plus 30 days after deletion request
Billing and payment records	7 years (legal/tax obligations)
Usage and analytics data	26 months in identifiable form; indefinitely in aggregated form
Support communications	3 years from last interaction
Customer Data (as Processor)	Duration of Customer subscription plus 30-day export window
AI training data	Only in aggregated and de-identified form

9.2 Deletion

When Personal Information is no longer needed, we securely delete or anonymize it. Where deletion is requested but legal retention obligations apply, we will restrict processing instead of deleting until the retention period expires.

10. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect Personal Information, including:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Access controls and role-based permissions
Regular security assessments and vulnerability testing
Incident response procedures
Employee security awareness training

While we strive to protect your Personal Information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10.1 Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities and affected individuals in accordance with applicable law, including:

GDPR: Notification to the supervisory authority within 72 hours of becoming aware of the breach; notification to affected individuals without undue delay where the breach is likely to result in a high risk.
US State Laws: Notification to affected individuals and state attorneys general as required by applicable state breach notification laws.
Other Jurisdictions: Notification in accordance with applicable local requirements.

11. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your Personal Information. We honor these rights regardless of your location to the extent required by applicable law.

11.1 Universal Rights

Right to Know / Access: Request information about what Personal Information we collect, use, and disclose about you, and obtain a copy of your data.
Right to Correction / Rectification: Request correction of inaccurate or incomplete Personal Information.
Right to Deletion / Erasure: Request deletion of your Personal Information, subject to certain exceptions.
Right to Portability: Receive your Personal Information in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.

11.2 Additional Rights Under Specific Laws

Right to Opt Out of Sale or Sharing: Under the CCPA/CPRA and other US state laws, you have the right to opt out of the "sale" or "sharing" of your Personal Information for targeted advertising. We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: Under the CCPA/CPRA, you may limit the use of Sensitive Personal Information to purposes necessary to provide the Services.
Right to Restrict Processing: Under the GDPR, request restriction of processing in certain circumstances.
Right to Object: Under the GDPR, object to processing based on legitimate interests or for direct marketing purposes.
Right to Not Be Subject to Automated Decision-Making: Under the GDPR and certain US state laws, you may have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. See Section 15 for details on our AI practices.
Right to Appeal: Under various US state privacy laws, if we deny your privacy request, you have the right to appeal our decision.
Right to Question Profiling Results: Under certain state laws (including Minnesota), you may have the right to question the result of profiling, not merely opt out.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

11.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: privacy@vetready.ai
Mail: Talk Dog, Inc., Attn: Privacy Requests, 24 Newark Pompton Tpke, Suite 207, Little Falls, NJ 07424, United States

We will respond to your request within the timeframe required by applicable law (generally 30–45 days, with extensions where permitted). We may need to verify your identity before fulfilling your request.

If you are an End User whose data is processed by a Customer using the Platform, please direct your request to the applicable veterinary clinic, as they are the data controller for your information.

11.4 Authorized Agents

Under certain US state laws, you may designate an authorized agent to submit privacy requests on your behalf. Authorized agents must provide proof of authorization (e.g., a signed written authorization or power of attorney).

12. US State-Specific Disclosures

This section provides additional disclosures required by US state comprehensive privacy laws, including those of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Nebraska, Indiana, Tennessee, Kentucky, Maryland, Minnesota, and Rhode Island.

12.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of Personal Information (using CCPA/CPRA categories):

Category	Examples	Collected
Identifiers	Name, email address, IP address, account ID	Yes
Customer records	Name, address, phone number, payment information	Yes
Commercial information	Subscription records, purchase history	Yes
Internet or electronic network activity	Browsing history, usage data, interactions with the Platform	Yes
Geolocation data	Approximate location derived from IP address	Yes
Professional or employment information	Job title, clinic name	Yes
Inferences	Preferences and characteristics derived from usage data	Yes
Sensitive Personal Information	Account credentials (login and password)	Yes

12.2 Purposes for Collection and Use

Personal Information is collected and used for the purposes described in Section 4 of this Privacy Policy. We do not collect or use Personal Information for purposes materially different from those disclosed without providing you with notice.

12.3 Sale and Sharing

We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising. We have not sold or shared Personal Information in the preceding twelve (12) months.

12.4 Retention

We retain Personal Information as described in Section 9.

12.5 Financial Incentives

We do not offer financial incentives or price differences in exchange for the retention or sale of Personal Information.

12.6 California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of Personal Information to third parties for direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

12.7 Data Protection Assessments

Where required by applicable US state privacy laws (including Colorado, Connecticut, Virginia, and others), we conduct and document data protection assessments for processing activities that present a heightened risk of harm to consumers, including targeted advertising, the sale of Personal Information, profiling, and the processing of Sensitive Personal Information.

13. European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, the following additional provisions apply:

13.1 Your Additional Rights

In addition to the rights described in Section 11, you have the right to:

Lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at the European Data Protection Board website. For the UK, the supervisory authority is the Information Commissioner's Office (ICO).
Object to processing based on legitimate interests at any time.
Data portability in a structured, commonly used, machine-readable format.

13.2 Cross-Border Transfers

See Section 8.1 for details on how we safeguard international data transfers.

13.3 Data Processing Agreements

Where we process Personal Information as a processor on behalf of Customers, we enter into Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. Customers may request a copy of our standard DPA by contacting us.

14. Brazil (LGPD)

If you are located in Brazil, the following additional provisions apply under the Lei Geral de Protecao de Dados (LGPD):

Legal Bases: We process your Personal Information based on the legal bases described in Section 5, which align with the bases recognized under the LGPD (consent, performance of a contract, legitimate interests, legal obligation, and others as applicable).
Your Rights: In addition to the rights in Section 11, you have the right to request information about public and private entities with which we have shared your data, and the right to request anonymization, blocking, or deletion of unnecessary or excessive data.
National Authority: You may file a complaint with the Autoridade Nacional de Protecao de Dados (ANPD).
DPO: Our Data Protection Officer can be reached at privacy@vetready.ai.

15. AI and Automated Decision-Making

15.1 How We Use AI

The Vet Ready platform uses artificial intelligence and machine learning technologies to provide features including:

Pre-visit preparation guidance for pet owners
Behavioral assessments and personalized recommendations
Automated content generation for visit preparation materials

15.2 Not Veterinary Medical Advice

AI-generated content is provided for informational and preparatory purposes only. It does not constitute veterinary medical advice, diagnosis, or treatment. Human oversight by qualified veterinary professionals is required for all clinical decisions.

15.3 Automated Decision-Making

We do not use Personal Information for fully automated decision-making that produces legal or similarly significant effects on individuals without human involvement. Where AI is used to generate recommendations, these are informational in nature and do not determine access to services, pricing, or other consequential outcomes.

15.4 AI Training Data

We may use aggregated and de-identified data derived from Platform usage to improve our AI models. This data cannot reasonably be used to identify any individual. We do not use identifiable Customer Data or End User data to train general-purpose AI models without explicit consent.

15.5 Your Rights Regarding AI

Under the GDPR, CCPA/CPRA, Colorado Privacy Act, Colorado AI Act (effective February 2026), and other applicable laws, you may have the right to:

Obtain information about the logic involved in automated processing that significantly affects you
Opt out of profiling that produces legal or similarly significant effects
Request human review of automated decisions
Receive notice when AI is used in connection with consequential decisions affecting you
Request an explanation of AI-assisted decisions and the opportunity to appeal

To exercise these rights, contact us at privacy@vetready.ai.

16. Canada

If you are located in Canada, Personal Information is processed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. You may:

Request access to your Personal Information held by us
Challenge the accuracy and completeness of your Personal Information and have it amended as appropriate
Withdraw consent to the processing of your Personal Information, subject to legal or contractual restrictions

For complaints or inquiries, you may contact the Office of the Privacy Commissioner of Canada.

17. Other International Jurisdictions

17.1 Australia

If you are located in Australia, we process your Personal Information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). You may file a complaint with the Office of the Australian Information Commissioner (OAIC).

17.2 Japan

If you are located in Japan, we process your Personal Information in accordance with the Act on the Protection of Personal Information (APPI). We will obtain your consent before providing your Personal Information to third parties located outside Japan, except where statutory exceptions apply.

17.3 South Korea

If you are located in South Korea, we process your Personal Information in accordance with the Personal Information Protection Act (PIPA). We will obtain your consent before transferring your Personal Information overseas and provide notice of the recipient, purpose, and items of data transferred.

17.4 India

If you are located in India, we process your Personal Information in accordance with the Digital Personal Data Protection Act 2023 (DPDP Act). You have the right to access, correct, and erase your Personal Information, and to nominate another person to exercise your rights. You may file a complaint with the Data Protection Board of India.

17.5 South Africa

If you are located in South Africa, we process your Personal Information in accordance with the Protection of Personal Information Act (POPIA). You may file a complaint with the Information Regulator.

17.6 Thailand

If you are located in Thailand, we process your Personal Information in accordance with the Personal Data Protection Act B.E. 2562 (PDPA). You have the right to access, correct, delete, and port your Personal Information. You may file a complaint with the Personal Data Protection Committee.

17.7 Singapore

If you are located in Singapore, we process your Personal Information in accordance with the Personal Data Protection Act 2012 (PDPA). You may file a complaint with the Personal Data Protection Commission (PDPC).

17.8 New Zealand

If you are located in New Zealand, we process your Personal Information in accordance with the Privacy Act 2020. You may file a complaint with the Office of the Privacy Commissioner.

18. Children's Privacy

The Services are not directed to individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect Personal Information from children under 16 (or under 13 where COPPA applies).

If we learn that we have collected Personal Information from a child below the applicable age threshold, we will take steps to delete that information promptly. If you believe a child has provided us with Personal Information, please contact us at privacy@vetready.ai.

19. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will:

Post the updated Privacy Policy on the Platform with a revised "Last Updated" date
Notify you by email (where we have your email address) or through an in-platform notice at least thirty (30) days before the changes take effect, where required by applicable law
Obtain your consent to material changes where required by applicable law

We encourage you to review this Privacy Policy periodically.

21. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Talk Dog, Inc. Attn: Privacy Team 24 Newark Pompton Tpke, Suite 207 Little Falls, NJ 07424 United States

Email: privacy@vetready.ai

Data Protection Officer: privacy@vetready.ai

For EEA, UK, and Switzerland residents, you may also contact our Data Protection Officer directly at the address above.