Privacy Policy
Effective Date: 23 February 2026
Last Updated: 23 February 2026
This Privacy Policy explains how Equine Practitioner ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our practice management platform ("Service") at app.equinepractitioner.app and related domains.
For questions about this policy, contact us at .
1. Information We Collect
1.1. Account Information
When you create an account, we collect:
- Name
- Email address
- Authentication credentials (managed by Firebase Authentication)
- Profile photo (if provided)
1.2. Practice and Subscription Information
When you set up your practice and subscribe, we collect:
- Practice name and contact details
- Practice logo (if uploaded)
- Practice postcode
- Subscription and billing information (processed by Stripe)
1.3. Practice Data You Enter
In the course of using the Service, you enter and store data including:
- Client names, addresses, phone numbers, and email addresses
- Horse details, veterinary history, and medical information
- Appointment records
- Treatment notes and clinical records
- Photos and documents
- Invoice and payment records
- Activity logs and notes
This data is entered by you and stored on your behalf. You are the data controller for your clients' personal information, and we act as a data processor.
1.4. Automatically Collected Information
We automatically collect:
- Browser type and version
- Device type
- Pages visited and features used within the Service
- IP address
- Timestamps of access
We do not use tracking cookies for advertising purposes. We do not serve advertisements within the Service.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process subscription payments
- Send transactional emails (invoices, appointment confirmations, welcome emails)
- Provide customer support
- Detect and prevent fraud or abuse
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data for advertising or marketing by third parties.
3. Third-Party Services
We use the following third-party services to operate the Platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Firebase (Authentication) | User login and identity | Email, name, auth tokens |
| Google Cloud Firestore | Data storage | All practice data (encrypted at rest) |
| Google Cloud Run | Application hosting | Request data in transit |
| Google Firebase Storage | Photo and file storage | Uploaded photos and documents |
| Stripe | Payment processing | Email, subscription details, payment method (we do not store card numbers) |
| Resend | Transactional email delivery | Recipient email, email content |
| Google Maps Distance Matrix API | Travel time calculation | Practice and appointment postcodes only |
Each third-party service operates under its own privacy policy and data processing terms. We select providers that maintain appropriate security standards and, where applicable, comply with GDPR and UK data protection requirements.
4. Data Storage and Security
4.1. Your data is stored on Google Cloud infrastructure located in the Europe West (London, UK) region.
4.2. All data is encrypted in transit (TLS/SSL) and at rest (Google Cloud default encryption).
4.3. Each user account's data is logically isolated. Your practice data is not accessible to other users of the Service.
4.4. We implement access controls to limit internal access to your data to what is necessary for providing and supporting the Service.
4.5. While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure.
5. Data Retention
5.1. Your data is retained for as long as your account is active.
5.2. If you cancel your subscription, your data will be retained for 90 days to allow for reactivation or data export. After 90 days, your data may be permanently deleted.
5.3. You may request earlier deletion of your data by contacting .
5.4. Certain data may be retained longer where required by law (for example, financial transaction records).
6. Your Rights
Under UK GDPR and applicable data protection legislation, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Request your data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at . We will respond within 30 days.
7. Your Responsibilities as Data Controller
7.1. When you enter your clients' personal information into the Service, you act as the data controller for that information. We act as a data processor on your behalf.
7.2. You are responsible for ensuring you have a lawful basis (such as consent or legitimate interest) to collect and store your clients' personal data using the Service.
7.3. You are responsible for responding to any data subject access requests from your clients regarding data you have entered into the Service. We will assist you where reasonably practicable.
7.4. If you become aware of a data breach affecting your clients' data, you should notify us at and take appropriate steps as required by applicable data protection law.
8. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at .
9. International Data Transfers
9.1. Our primary data storage is within the United Kingdom (Google Cloud, London region).
9.2. Some third-party services we use may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in accordance with UK GDPR requirements.
10. Cookies
The Service uses essential cookies and local storage for:
- Authentication (keeping you logged in)
- Application functionality (user preferences, session state)
We do not use cookies for advertising, tracking, or analytics by third parties.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.