Loading...
Loading...
Legal
Dr. Rosie DVM uses the third-party services listed below to deliver the platform. Each processor receives only the data described under Data scope. The Data Processing Addendum (DPA) link points at the processor’s authoritative legal text — this page is a layperson summary.
Last updated 2026-05-26.
Questions about how a specific data category flows? See our Privacy Policy or contact us.
14 processors across 7 categories.
Data scope. Chat prompts and clinical-context strings sent through the AI Gateway. PHI scrubbing is applied at the application boundary; embeddings are computed on de-identified text.
Location. US data centers (regional pinning supported)
Data scope. Drug interaction safety checks, SOAP note generation fallback, occasional analysis tasks. Routed via Cloudflare AI Gateway with cache + redaction layer.
Location. US data centers
Data scope. Voice audio captured during DVM dictation sessions, transcribed to text and returned. Audio is retained per the configured retention window (default 30 days; deleted on consent revocation).
Location. US data centers
Data scope. Email, display name, and authentication state for every user (consumer + practice staff). Practice roles are stored in our own Postgres, not in Clerk metadata.
Location. US data centers
Data scope. Card / bank tokens, billing addresses, subscription state, and payout details for practices on Stripe Connect. No card numbers ever touch our servers.
Location. US + EU data centers
Data scope. Serverless function execution, HTTP request logs, edge config. No customer data is persisted at Vercel beyond the request lifetime.
Location. US data centers (per-region pinning via project config)
Data scope. All application data — patient, client, encounter, SOAP, billing, audit-log rows. Postgres + pgvector + tsvector. Backups encrypted at rest.
Location. US data center (us-west-2)
Data scope. DICOM imaging (R2), document storage (R2), CDN caching of public assets, AI Gateway proxy for outbound LLM calls. Imaging files are versioned and never hard-deleted.
Location. Global edge; R2 storage region per bucket config (defaults to US)
Data scope. Premium CE video content. No PHI; only published educational material.
Location. Global edge
Data scope. SMS recipient phone numbers + message bodies for appointment reminders, MFA codes, and client communications. Templates render in the recipient locale.
Location. US data centers
Data scope. Transactional email recipients, subjects, bodies. 20 templates total. No marketing-list usage.
Location. US data centers
Data scope. Embedded free educational video content. Public videos only; no end-user PII is sent.
Location. Global
Data scope. Application error stack traces + breadcrumbs. PHI scrubbing is applied client-side and server-side (see sentry-scrub.ts) before transmission.
Location. US data centers (EU region available; not currently used)
Data scope. 20 tracked product events for funnel + retention analytics. No PHI. User identifiers are hashed pseudonyms tied to Clerk user id.
Location. US + EU data centers (project-level region selection)