Back to landing
Trust center

Pilot-stage trust claims, without overclaiming.

PetCura is built for clinics that need EU-aware data handling, staff-approved AI, and an audit trail around owner communication.

Discuss pilot trust needsOpen sandbox

Current posture

EU hosting design, GDPR processor/controller framing, staff-approved AI, audit trails, SOC 2 in progress, and ISO 27001 planned.

  • SOC 2

    In progress

  • ISO 27001

    Planned

  • EU AI Act

    Readiness tracked

Residency and roles

PetCura keeps communication data separate from the PMS record and documents controller/processor responsibilities.

  • Primary application data is designed for EU-region hosting.
  • PetCura is processor; the clinic remains controller.
  • The PMS remains the medical system of record.

AI safety boundaries

AI helps staff move faster, but medical judgment remains with the clinic.

  • AI assists staff with intake, categorization, risk flags, summaries, translation, and reply drafts.
  • AI does not diagnose, prescribe, set final urgency, or auto-send medical advice.
  • Owner-facing medical replies require staff approval.

Auditability

Operational events, AI outputs, and delivery lifecycle are designed to be reviewable.

  • Request timeline events are stored for staff actions.
  • AI outputs retain model, prompt version, input, output, confidence, latency, token usage, and review state.
  • Outbound delivery lifecycle is tracked separately.
Data protection

Review the public trust documents

Terms, DPA, privacy, cookie, and subprocessor pages keep buyer diligence separate from marketing claims.

Boundaries

What PetCura does not claim

We keep public claims intentionally narrow until certifications, vendor terms, and customer proof are final.

  • SOC 2 is listed as in progress; ISO 27001 is listed as planned.
  • No diagnosis, prescription, or final urgency setting.
  • No autonomous owner-facing medical replies.
  • No named clinic logos or metrics without written consent.