1. Introduction
This Privacy Policy explains how bAItari.vet (also accessible via بيطري.com), operated by bAItari ("we," "us," "our"), collects, uses, stores, shares, and protects your personal information when you use our veterinary practice management platform and related services.
We are committed to protecting your privacy and handling your data responsibly. This Policy applies to all Users of our Platform.
By creating an account or using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
bAItari.vet Amman, Hashemite Kingdom of Jordan
- Email: privacy@baitari.vet
- General Contact: hello@baitari.vet
3. Information We Collect
3.1. Information You Provide Directly
| Category | Data Fields | Purpose |
|---|---|---|
| Account Information | Email address, password (hashed) | Account creation and authentication |
| Business Profile | Business name, email, phone, address, logo, working hours, currency, specialties | Business identity, billing, directory |
| Client Data (Animal Owners) | Name, phone number, email, address | Client relationship management |
| Animal Data | Name, species, breed, date of birth, medical history, conditions, medications | Medical record management |
| Medical Records | Diagnoses, treatments, medications, clinical notes, lab results | Electronic health record and care continuity |
| Invoices & Financial Data | Line items, rates, taxes, totals, discounts, payment status | Billing and financial management |
| Booking Information | Date, time, type, linked client, animal, and staff | Appointment scheduling |
| Attachments | Medical documents, X-rays, images, lab reports | Clinical documentation |
| Health Assessment Data | Assessment templates, session data, findings, scores | Herd health management (HAS) |
| AI Conversations | Text inputs, voice transcriptions, conversation context | AI-powered veterinary support |
| Newsletter Subscription | Email address, consent | Marketing and updates |
3.2. Information Collected Automatically
| Category | Data Fields | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, actions taken, session duration | Service improvement and analytics |
| Device Information | Browser type, operating system, screen resolution, device type | Compatibility and optimization |
| Log Data | IP addresses, access times, error logs | Security monitoring and debugging |
| AI Usage Metrics | Token consumption per call, per team member | Credit management |
| Authentication Events | Login times, session tokens, logout events | Security and access auditing |
3.3. Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| LLM Providers | AI-generated responses | Delivering AI services |
| Analytics Providers | Aggregated behavioral data | Product analytics |
| Payment Gateways (Future) | Transaction confirmation (no card data) | Billing verification |
4. How We Use Your Information
4.1. Service Delivery
Providing, operating, and maintaining the Platform and Services; processing your Content; powering AI features; managing subscriptions and credits; facilitating team management.
4.2. Service Improvement
Analyzing usage patterns; anonymous training using de-identified data; bug analysis and monitoring.
4.3. Communications
Transactional emails, system notifications, and marketing communications (with your explicit consent).
4.4. Security and Fraud Prevention
Monitoring for unauthorized access, enforcing access control policies, maintaining audit logs.
5. Legal Basis for Processing
| Legal Basis | Applies To |
|---|---|
| Consent | Account creation, newsletter, marketing |
| Contractual Necessity | Service delivery — data storage, processing, AI features |
| Legitimate Interest | Service improvement, security, anonymous analytics |
| Legal Obligation | Compliance with applicable law, financial/tax retention |
6. Data Sharing and Sub-Processors
We do not sell, rent, or trade your personal data. We share data only with the following sub-processors:
| Sub-Processor | Purpose | Region |
|---|---|---|
| Google Cloud Platform | Hosting, databases, compute | Europe / Middle East |
| Google Cloud Storage | File uploads and attachments | Europe / Middle East |
| LLM Providers (OpenAI, Anthropic, etc.) | AI functionality | United States |
| PostHog | Product analytics | Europe / US |
| Google Analytics | Marketing analytics | United States |
| Google Workspace | Email delivery | US / Europe |
7. AI and Machine Learning — Data Use Disclosure
7.1. Real-Time AI Processing: Input data is sent to LLM providers and the response is stored in your account.
7.2. LLM providers may change at any time without notice.
7.3. Anonymous Training: We may use anonymized and de-identified AI interaction data to improve our models. All personally identifiable information is removed.
7.4. What We Do NOT Do:
- We do not sell your AI conversation data.
- We do not provide your identifiable raw data to LLM providers for their own training.
- We do not use your data for advertising.
8. Cross-Border Data Transfers
Your data may be processed outside your country of residence. Our primary hosting is on Google Cloud Platform with plans to migrate to the Middle East region (Dammam, Saudi Arabia). AI processing occurs in the United States. We rely on adequacy decisions, standard contractual clauses, and Google Cloud security certifications (SOC 2, ISO 27001).
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | Until account deletion + 90 days |
| Business & CRM Data | As long as Business exists |
| Medical Records | As long as Business exists |
| AI Conversations | As long as Business exists |
| Invoices / Financial | Minimum 7 years |
| System Logs | 90-day rolling window |
| Backups | Database: 30 days. Server: 7 days |
| Anonymized Data | Indefinitely |
10. Your Rights
| Right | Description |
|---|---|
| Right of Access | Request a copy of your personal data. |
| Right to Rectification | Request correction of inaccurate data. |
| Right to Erasure | Request deletion, subject to legal retention requirements. |
| Right to Data Portability | Request your data in a machine-readable format. |
| Right to Restrict Processing | Restrict how we process your data. |
| Right to Object | Object to processing based on legitimate interest. |
| Right to Withdraw Consent | Withdraw your consent at any time. |
To exercise any of these rights, contact us at privacy@baitari.vet. We will respond within thirty (30) days.
11. Data Security
11.1. Technical Measures
- Encryption in Transit: HTTPS/TLS for all data transfers.
- Encryption at Rest: Application-level encryption + Google Cloud infrastructure encryption.
- Authentication: Token-based authentication with context-specific keys.
- Access Control: Advanced role and permission system with Business-level data isolation.
- Multi-Tenant Isolation: Cross-Business access is prevented at both application and database levels.
11.2. Organizational Measures
- Limited internal access to production data.
- Google Cloud infrastructure (SOC 2, ISO 27001, PCI DSS).
- Automated hourly database backups.
- Daily server disk snapshots.
12. Children's Privacy
The Services are not directed at individuals under sixteen (16). We do not knowingly collect data from children.
13. Cookies and Tracking Technologies
We use cookies and similar technologies. For details, please refer to our Cookie Policy.
14. Third-Party Links
The Platform may contain links to third-party services. We are not responsible for their privacy practices.
15. Changes to This Privacy Policy
Material changes will take effect no earlier than thirty (30) days after notification via email and/or in-platform notice.
16. Contact and Complaints
- Privacy Inquiries: privacy@baitari.vet
- General Contact: hello@baitari.vet
We will acknowledge receipt of your inquiry within five (5) business days and provide a substantive response within thirty (30) days.
17. Jurisdiction-Specific Provisions
Jordan
These data protection practices align with applicable Jordanian law.
Saudi Arabia (PDPL)
Saudi residents have rights under the PDPL, including the right to report data breaches.
United Arab Emirates
UAE residents are subject to Federal Decree-Law No. 45 of 2021 concerning Personal Data Protection.
Egypt
The Personal Data Protection Law No. 151 of 2020 applies to Egyptian residents.
European Economic Area (GDPR)
EEA residents have full rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.
bAItari.vet | Amman, Jordan
This Privacy Policy is available in Arabic. In the event of any discrepancy, the English version shall prevail for legal interpretation purposes.