Privacy Policy
Last updated: 10 February 2026
Mouxy ("we", "us", "our") operates the VetBrain mobile application and the vet-brain.io website (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and Portuguese Law no. 58/2019.
1. Data Controller
The data controller responsible for your personal data is Mouxy. For any questions regarding data processing, please contact us at the email address provided in the Contact section below.
2. Data We Collect
We collect the following categories of personal data:
- Account Information
- Email address, name, clinic details (name, address, phone, VAT number) provided during registration.
- Booking Data
- Appointment details, service type, animal information, and visit addresses submitted through the booking platform.
- Clinical Data
- Patient records, consultation notes, prescriptions, and clinical observations stored locally on your device and synced via iCloud. We do not have access to clinical data stored in iCloud.
- Usage Data
- Anonymous usage analytics to improve the Service. We do not track individual user behaviour.
- Payment Data
- Payment processing is handled by Apple (App Store) and Stripe. We do not store credit card details.
3. Legal Basis for Processing
We process your personal data based on: (a) contractual necessity — to provide the Service you have subscribed to; (b) legitimate interest — to improve and secure the Service; (c) consent — for optional features such as push notifications and email communications; (d) legal obligation — to comply with tax and regulatory requirements.
4. How We Use Your Data
- To provide and maintain the Service
- To process bookings and send appointment confirmations
- To generate invoices and comply with Portuguese tax obligations
- To send push notifications about booking updates (with your consent)
- To provide AI-assisted clinical features (queries are processed by OpenAI — no patient-identifiable data is sent)
- To improve the Service based on anonymous usage patterns
5. Data Sharing
We do not sell your personal data. We share data only with: Apple (iCloud sync, App Store payments), Stripe (payment processing), OpenAI (AI features — anonymised queries only), Resend (transactional emails). All third-party processors comply with GDPR.
6. Data Retention
We retain your account data for as long as your subscription is active. Booking records are retained for 5 years to comply with Portuguese tax regulations. You may request deletion of your account and associated data at any time, subject to legal retention requirements.
7. Your Rights
Under GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data (right to be forgotten); restrict processing; data portability; object to processing; withdraw consent at any time. To exercise these rights, contact us using the details below.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS) and at rest, secure keychain storage for sensitive credentials, biometric authentication options, and regular security reviews.
9. International Transfers
Your data may be processed by service providers located outside the EEA (e.g., OpenAI in the United States). Such transfers are protected by Standard Contractual Clauses approved by the European Commission.
10. Cookies
The vet-brain.io website uses essential cookies only (authentication tokens). We do not use tracking cookies or third-party analytics cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email. The latest version is always available at vet-brain.io/privacy.
12. Contact & Supervisory Authority
For privacy enquiries, contact: [email protected]. You also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados — CNPD) at www.cnpd.pt.