Back to PetCura
DPA

Data Processing Addendum

This public DPA overview explains PetCura's processor commitments for clinic-controlled personal data. The signed DPA or customer agreement controls the legal relationship with each clinic.

Updated

Article 28 structure

This overview follows the GDPR controller-processor contract topics: subject matter, duration, nature, purpose, data types, data subjects, and controller rights.

Signed DPA controls

This page is a public summary and implementation target. Clinics should rely on the signed DPA for binding obligations.

Legal review required

Entity details, audit mechanics, liability, transfer modules, breach timelines, and final vendor terms must be approved by counsel before launch.

Roles

For clinic communication data, the clinic is the controller and PetCura is the processor. PetCura processes that personal data only to provide, secure, support, improve, and document the PetCura service under the clinic's documented instructions.

PetCura may act as an independent controller for its own website, sales, account administration, support, security, and operational data, as described in the Privacy Notice.

Processing Details

  • Subject matter

    Clinic communication, intake, follow-up workflow, delivery tracking, AI-assisted staff review, exports, auditability, support, and security.

  • Duration

    For the term of the clinic agreement and any post-termination export, deletion, audit, legal, or security period agreed in writing.

  • Nature and purpose

    Hosting, storing, transmitting, organizing, analyzing for staff assistance, securing, logging, exporting, deleting, and supporting clinic-controlled communications and workflow records.

  • Data subjects

    Clinic staff, pet owners or representatives, and other people whose details appear in clinic communications or workflow records.

  • Personal data categories

    Contact details, messages, attachments, pet/request context, workflow notes, reminders, delivery metadata, account data, support data, audit logs, and AI accountability records.

  • Special category or sensitive context

    PetCura is not a human healthcare system, but owner communications may still contain sensitive personal context. Clinic configuration and staff behavior should minimize unnecessary personal data.

Processor Commitments

  • Process clinic-controlled personal data only on documented clinic instructions, unless required by applicable law.
  • Ensure authorized personnel are subject to confidentiality obligations.
  • Maintain appropriate technical and organizational measures for access control, tenant isolation, encryption where appropriate, auditability, secure development, monitoring, backups, and incident response.
  • Support clinic requests for access, correction, export, deletion, restriction, or objection where PetCura processes data as the clinic's processor.
  • Assist with security, data breach assessment, data protection impact assessments, and supervisory authority consultation where legally required and reasonably applicable.
  • Return, export, delete, or de-identify clinic-controlled data at termination according to the signed agreement, while preserving limited audit or legal records where required.
  • Keep records needed to demonstrate processor compliance and make relevant information available under agreed audit terms.

Subprocessors

PetCura uses subprocessors only for documented service purposes and requires them to protect personal data through appropriate contractual, security, and confidentiality commitments. Current and planned provider categories are listed on the Subprocessors page. Material changes are handled under the signed DPA.

Security Measures

  • Access control

    Role-based access, tenant isolation, least-privilege operational access, staff membership checks, and prompt revocation paths.

  • Application security

    Webhook signature verification, idempotent inbound processing, secrets kept out of client code, input validation, RLS for tenant data, and security headers.

  • Auditability

    Request events, AI outputs, delivery events, staff actions, and relevant system events are logged for operational accountability.

  • Operational controls

    Monitoring, incident response, backups, dependency review, deployment controls, and environment separation.

  • AI controls

    Minimum-necessary prompts, staff approval for medical replies, provider-route documentation, prompt versioning, output accountability, and review status tracking.

International Transfers

PetCura is designed for EU-region primary application data hosting. Some subprocessors may process limited data outside the EEA when needed for messaging, hosting, observability, AI assistance, or support. Transfer mechanisms, regional configuration, and provider terms must be documented in the signed DPA or subprocessor record.

Security Incidents

PetCura will notify affected clinic customers without undue delay after confirming a personal data breach involving clinic-controlled personal data processed by PetCura, and will provide information reasonably needed for the clinic to meet its own notification obligations. Exact timelines and escalation paths belong in the signed DPA.

Export And Deletion

PetCura supports clinic-controlled export and deletion workflows consistent with auditability, security, legal retention, backup lifecycle, and veterinary recordkeeping requirements. Erasure flows should minimize personal data while preserving required audit integrity.

Order Of Precedence

If this public DPA overview conflicts with a signed customer agreement, signed DPA, standard contractual clauses, or legally required data transfer terms, the signed or legally required terms control.