Back to Home

How We Protect Your Data

Last updated: March 18, 2026

1. Our Commitment

VetStream is built for veterinary professionals. We understand that you handle sensitive patient and client information every day, and we treat your data with the same care you give your patients. This page explains, in plain language, how we protect the information you trust us with.

2. Where Your Data Lives

Your account data is stored in a PostgreSQL database hosted on Supabase (AWS infrastructure, US region). The VetStream application is deployed on Vercel's edge network for fast, reliable access.

3. Lab Report Lifecycle

Here's exactly what happens when you upload a lab report:

  1. You upload a PDF lab report through the VetStream interface.
  2. The PDF is parsed in-memory to extract its text content.
  3. The extracted content is sent to the OpenAI API for parsing and email generation.
  4. The PDF file is not stored on our servers after processing.
  5. Generated email drafts are stored in your account for your reference.

4. Encryption

We use multiple layers of encryption to protect your data:

  • In transit: All data transmitted between your browser and our servers is encrypted with TLS/HTTPS.
  • Passwords: Your password is hashed using bcrypt and is never stored in plain text.
  • At rest: Your database is encrypted at rest via Supabase's infrastructure-level encryption.

5. OpenAI & Model Training

VetStream uses the OpenAI API to power lab report parsing and email generation. Per OpenAI's API data usage policy, data submitted through the API is not used to train OpenAI's models.

OpenAI may retain API inputs for up to 30 days for abuse and misuse monitoring purposes, after which the data is deleted. Your lab report content is not used for any purpose other than generating your requested output.

6. Access Controls

Only you can access your account data. VetStream staff do not access patient data or lab reports in the course of normal operations. Database access is restricted to essential infrastructure maintenance and is protected by role-based access controls.

7. Payment Security

All payment processing is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of certification in the payment industry. VetStream never sees or stores your full card numbers.

8. Compliance Status

VetStream is not currently SOC 2 certified. As we grow, obtaining SOC 2 Type II certification is on our roadmap. We are committed to transparency about our security practices and welcome any questions about how we protect your data.

9. Questions?

If you have questions about our security practices or how your data is handled, please contact us at support@vetstream.org.