Privacy Policy

The controller responsible for data processing within the meaning of the GDPR is:

We are currently not required to appoint a data protection officer. For questions regarding data protection, please contact support@petla.app.

This privacy policy informs you about which personal data we collect when you use our platform and services, how we process it and what rights you have. Personal data is any data that can be used to personally identify you.

You have the following rights at all times regarding your personal data:

• Access (Art. 15 GDPR) — You may request information about whether and which personal data we process about you.
• Rectification (Art. 16 GDPR) — You may request the correction of inaccurate or incomplete data.
• Erasure (Art. 17 GDPR) — You may request the deletion of your data, provided no statutory retention obligations apply.
• Restriction (Art. 18 GDPR) — You may request the restriction of the processing of your data.
• Data Portability (Art. 20 GDPR) — You may request that we provide your data in a commonly used, machine-readable format.
• Objection (Art. 21 GDPR) — You may object to the processing of your data insofar as it is based on legitimate interests.
• Withdrawal (Art. 7(3) GDPR) — Consents given (e.g. for marketing or analytics cookies) may be withdrawn at any time with effect for the future.

In addition, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.

To exercise your rights, please contact support@petla.app.

All data transfers are encrypted via TLS/HTTPS. Database connections are SSL-secured.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operations).

When you book a veterinary appointment through our platform, we collect the following data:

• Contact data: Salutation, first name, last name, email address, phone number
• Pet data: Name, species, breed, sex, date of birth, neutering status, housing type where applicable (outdoor/indoor cat)
• Appointment details: Reason for visit/symptoms, free-text notes, preferred appointment
• For home visits: Address including geo-coordinates (for route calculation)
• File uploads: Photos or medical reports (JPEG, PNG, PDF; max. 3 files of 5 MB each)
• Consent data: GTC acceptance (timestamp), marketing consent (yes/no)
• Technical data: IP address upon form submission, CSRF token (httpOnly cookie)

The data is transmitted to the respective veterinary practice for appointment processing. Confirmation and reminder emails are sent automatically.

Legal basis: Art. 6(1)(b) GDPR (performance of contract or pre-contractual measures).

Some veterinary practices offer a digital new client form via Petla. In addition to the data listed in section 5, the following information is collected:

• Extended contact data: Date of birth, full address
• Extended pet data: Weight, colour, country of origin, microchip number, EU pet passport number
• Health information: Pre-existing conditions, medications, allergies, surgeries, stays abroad
• Insurance data: Insurance type, insurer, policy number, policyholder, tariff

Upon form submission, the timestamp, confirmation text and IP address are logged.

Legal basis: Art. 6(1)(b) GDPR (performance of contract — initiation of the treatment contract with the veterinary practice).

When booking and conducting a video consultation, the following data is processed:

• Contact and pet data: As described in section 5
• File uploads: Photos, medical reports (JPEG, PNG, HEIC, PDF; max. 5 files of 10 MB each, total max. 25 MB)
• Payment data: Payment processing via Stripe (see section 10); Petla only stores the Stripe customer ID and payment status, not full card data
• Participant metadata: Join and leave times, call duration
• Consultation summaries: Summaries created by the veterinarian that may be sent to you by email
• Feedback: Technical rating and optional feedback after the call

Video transmission is provided by Daily.co (Daily, Inc., USA). The connection is end-to-end encrypted. Video calls are not recorded.

Uploaded files are automatically deleted after the appointment is completed.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Petla provides veterinary practices with a dashboard for managing appointments, patients and new client forms. In this context, Petla processes personal data of pet owners (end customers) on behalf of and according to the instructions of the respective veterinary practice.

The veterinary practice is the data controller for data processed via the dashboard. Petla is a data processor pursuant to Art. 28 GDPR. The Data Processing Agreement (DPA) is available at petla.app/avv and contains the complete list of sub-processors engaged.

Legal basis: Art. 6(1)(b) GDPR (contract with the veterinary practice), Art. 28 GDPR (data processing).

For sending transactional emails (appointment confirmations, reminders, cancellations, access links, consultation summaries), we use the following services:

• Resend, Inc. (USA) — Primary email service. Safeguarded by EU Standard Contractual Clauses.
• Wildbit, LLC (Postmark) (USA) — Fallback email service. Safeguarded by EU Standard Contractual Clauses.

For video consultations, SMS and voice call notifications to veterinarians are sent via Twilio, Inc. (USA, EU Standard Contractual Clauses).

Marketing emails are only sent with explicit consent. Consent may be withdrawn at any time.

Legal basis: Art. 6(1)(b) GDPR (transactional communication), Art. 6(1)(a) GDPR (marketing consent).

Payment processing for paid video consultations is handled by Stripe, Inc. Petla does not store complete payment data (credit card numbers, etc.). These are processed directly by Stripe as a PCI-DSS certified payment service provider. Petla only stores the Stripe customer ID and payment status.

Stripe processes data in Ireland (EU) and, where applicable, in the USA. Safeguarding is provided by the EU-US Data Privacy Framework.

Stripe privacy policy: stripe.com/de/privacy

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Cookie consent is obtained via Usercentrics GmbH (Munich, Germany). You may withdraw your consent at any time via the cookie settings.

Legal basis: Art. 6(1)(f) GDPR (technically necessary), Art. 6(1)(a) GDPR (consent for analytics cookies).

To ensure system stability and for error resolution, we use the following services:

• Sentry (Functional Software, Inc.) — Error monitoring and performance monitoring. Data is processed on EU servers (de.sentry.io). In the event of an error, technical context data (e.g. browser version, URL) may be captured.
• Axiom, Inc. (USA) — Logging and observability. Safeguarded by EU Standard Contractual Clauses.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in system stability and error resolution).

When booking home visits, we use the Google Maps Platform (Google Ireland Ltd) for address autocomplete, geocoding and route calculation. Your address and the derived geo-coordinates are processed.

Google may process data in the USA. Safeguarding is provided by the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(b) GDPR (performance of contract — planning of the home visit).

Some of our service providers process data in the USA. Transfers are made in each case on the basis of appropriate safeguards:

Insofar as Petla processes personal data on behalf of veterinary practices, this is done on the basis of a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. The DPA is available at petla.app/avv and contains the complete and current list of all sub-processors engaged.

We store your personal data only for as long as necessary for the respective processing purpose:

• Booking and customer data: For the duration of the usage relationship or according to the instructions of the respective veterinary practice (as controller).
• File uploads for video consultations: Automatic deletion after the appointment is completed.
• Technical logs: Limited retention for error resolution and system monitoring.
• Analytics data: According to the settings of the respective analytics tools (pseudonymised/anonymised).

You may request the deletion of your data at any time (Art. 17 GDPR), provided no statutory retention obligations apply. Please contact support@petla.app.