Data Processing Agreement

1. Definitions

2. Scope and Purpose of Processing

VetSentro processes personal data solely to provide the following services to your clinic:

• Patient management — Storing and managing pet owner profiles, pet records, medical histories, and vaccination tracking
• Appointment scheduling — Calendar management, online booking portal, walk-in queue, and appointment status tracking
• Medical records — SOAP-format clinical notes, treatment records, visit attachments, and controlled substance logging
• Billing and invoicing — Invoice generation, payment recording (cash, GCash, Maya, card), and financial reporting
• Inventory management — Product and medication stock tracking, low-stock alerts, and expiry monitoring
• SMS notifications — Appointment reminders, vaccination alerts, booking confirmations, and OTP delivery for the pet owner portal
• Pet owner portal — Providing pet owners with access to their pet records, appointment history, invoices, and online booking
• QR pet passports — Generating shareable QR codes that display limited public pet profile information for cross-clinic use

We do not process personal data for any purpose beyond operating the Service for your clinic. We do not use clinic data for advertising, marketing analytics, profiling, or sale to third parties.

3. Categories of Data Processed

3.1 Pet Owner Data

• Full name, phone number, email address
• Home address and city
• Contact preference (SMS, email, or both)
• Internal clinic notes about the client

3.2 Pet Data

• Name, species, breed, sex, date of birth
• Weight, color/markings, microchip number
• Known allergies
• Photo (stored in encrypted cloud storage)
• QR code identifier for pet passport

3.3 Medical Records

• Appointment details (date, time, purpose, assigned veterinarian)
• Visit records in SOAP format (subjective, objective, assessment, plan)
• Clinical vitals (temperature, heart rate, respiratory rate, weight)
• Diagnoses, treatment notes, and follow-up dates
• Vaccination records (vaccine name, date, batch number, brand, next due date)
• Controlled substance administration logs
• Visit attachments (photos, lab results, uploaded documents)

3.4 Financial Data

• Invoice details (line items, amounts, tax, discounts)
• Payment method used (cash, GCash, Maya, card, bank transfer)
• Payment status and transaction identifiers
• Outstanding balance tracking

3.5 Clinic Staff Data

• Full name, phone number, email address
• Professional role (admin, veterinarian, staff)
• Authentication credentials (password hashes managed by Supabase Auth)
• Session and login activity data

3.6 Technical Data

• IP addresses (for rate limiting and audit logging)
• Browser and device type
• Push notification subscription endpoints (for the pet owner portal)
• Error logs (with personally identifiable information scrubbed before collection)

4. Processor Obligations

As the Processor, VetSentro commits to:

• Process personal data only in accordance with the Controller's instructions and solely for the purposes described in Section 2
• Ensure that all persons authorized to process personal data are bound by confidentiality obligations
• Implement appropriate technical and organizational security measures as described in Section 5
• Not engage any sub-processor without the Controller's awareness, and only engage sub-processors under data processing terms no less protective than this DPA
• Assist the Controller in fulfilling data subject rights requests under RA 10173 as described in Section 9
• Notify the Controller of any personal data breach without undue delay as described in Section 10
• Upon termination, delete or return all personal data as described in Section 12

5. Technical and Organizational Security Measures

VetSentro implements the following measures to protect personal data throughout its lifecycle:

5.1 Encryption

• All data in transit encrypted via HTTPS/TLS
• Data at rest encrypted using database-level encryption
• Sensitive credentials (API keys for SMS and payment services) stored using database-level encryption
• File storage uses signed URLs with time-limited access tokens

5.2 Multi-Tenancy Isolation

• All clinic data is scoped by a unique clinic identifier (clinic_id) at the database level
• Row-Level Security (RLS) policies enforced by PostgreSQL ensure that clinics can never access another clinic's data, even in the event of an application-level bug
• Pet owners accessing the owner portal can only view data for their own pets and appointments

5.3 Access Controls

• Role-based access control: administrator, veterinarian, and staff roles with appropriate permissions
• Pet owner portal uses separate OTP-based authentication via SMS
• Service role credentials restricted to server-side operations only (never exposed to browsers)
• Session management with automatic token refresh and expiry

5.4 Rate Limiting

• Public endpoints: 60 requests/minute per IP address
• Appointment booking: 20 requests/minute per IP
• Owner login (OTP): 20 requests/hour per IP to prevent brute-force
• Payment webhooks: 30 requests/minute per IP

5.5 Audit Logging

• Sensitive operations (staff changes, deletions, billing modifications) are logged with actor identity, action type, and a JSON diff of changes
• IP addresses recorded for audit trail purposes
• Audit logs are available to clinic administrators within the platform

5.6 Error Monitoring

• Application errors are monitored for stability and performance. Before any error data is transmitted to our monitoring service, personally identifiable information is automatically scrubbed:
• Phone numbers (Philippine format) are replaced with [PHONE]
• Email addresses are replaced with [EMAIL]
• Authorization headers, cookies, and session tokens are stripped entirely

5.7 File Upload Security

• MIME-type validation (not extension-based) for all uploads
• Maximum file size: 10 MB per attachment
• Allowed types: JPEG, PNG, WebP for photos; plus HEIC, HEIF, PDF for medical attachments
• Files stored in a private storage bucket accessible only via time-limited signed URLs

6. Sub-Processors

VetSentro engages the following sub-processors to provide the Service. Each is bound by data processing terms that provide a level of protection no less than this DPA:

We will inform you of any intended changes to this list of sub-processors. If you object to a new sub-processor, you may terminate the Service within 30 days of notice.

Note on payment processing: If your clinic enables online payment collection, a payment processor will be engaged as an additional sub-processor. Only the transaction amount, invoice identifier, and payment method are shared. No medical data is transmitted to the payment processor.

7. Data Transfers

The Service is designed for Philippine veterinary clinics. However, some sub-processors operate infrastructure outside the Philippines:

• Supabase — Database infrastructure may be hosted in cloud regions outside the Philippines. Data is encrypted in transit and at rest.
• Vercel — Application hosting uses edge and serverless infrastructure across multiple regions. Philippine traffic is routed to the nearest available edge location.
• Sentry — Error monitoring data (with PII scrubbed) is processed on US-based infrastructure.
• Semaphore — SMS delivery is processed within Philippine telecommunications infrastructure.

All cross-border data transfers are protected by encryption in transit (TLS) and at rest, and are subject to the sub-processors' respective data protection commitments. Under RA 10173 Section 21, transfers are permissible when adequate safeguards are in place.

8. Data Retention and Deletion

8.1 Retention During Active Subscription

• All clinic data is retained for the duration of the active subscription
• Archived records (patients, pets marked as archived) remain in the database but are hidden from active views
• Audit logs are retained for the lifetime of the subscription

8.2 Temporary Data

• OTP codes for pet owner login expire automatically after 5 minutes
• Visit summary access tokens have configurable expiration dates
• Rate limiting records are purged every 5 minutes

8.3 Post-Termination

• Upon subscription cancellation, clinic data is retained for a 30-day grace period to allow for reactivation or data export
• After the grace period, all clinic data is permanently deleted from our systems, including: patient records, medical histories, invoices, uploaded files, and audit logs
• Exception: Financial records (invoices, payment records) may be retained longer as required by Philippine tax regulations (Bureau of Internal Revenue)
• Backup copies are purged according to the sub-processor's backup retention schedule (typically 7–30 days after deletion from primary storage)

8.4 Data Export

Controllers may request a full export of their clinic data at any time by contacting support@vetsentro.com. Data will be provided in a structured, machine-readable format (CSV or JSON) within 15 business days.

9. Data Subject Rights

Under RA 10173, data subjects (pet owners, clinic staff) have rights including access, correction, erasure, objection, and portability. As the Controller, your clinic is responsible for handling these requests. VetSentro will assist you as follows:

• Access and correction: The platform provides built-in functionality for clinic staff to view, update, and correct patient and owner records directly
• Erasure: Clinic administrators can archive patient and owner records. For permanent deletion requests, contact our support team and we will process the deletion within 15 business days
• Portability: Data export is available as described in Section 8.4
• Objection: Pet owners can manage their notification preferences (SMS reminders, billing updates, vaccination alerts) directly within the pet owner portal

If VetSentro receives a data subject request directly, we will promptly redirect the request to the appropriate clinic (Controller) unless we are legally required to respond directly.

10. Data Breach Notification

In the event of a personal data breach affecting your clinic's data, VetSentro will:

• Notify the affected Controller(s) without undue delay and no later than 72 hours after becoming aware of the breach, as required by RA 10173
• Provide a description of the nature of the breach, including the categories and approximate number of data subjects affected
• Describe the likely consequences of the breach and the measures taken or proposed to mitigate its effects
• Cooperate with the Controller in notifying the National Privacy Commission (NPC) and affected data subjects as required by law
• Document the breach, its effects, and the remedial actions taken in writing

Our error monitoring system operates continuously with automated alerting. We maintain an incident response procedure to detect, contain, and remediate security incidents promptly.

11. Audit and Compliance

VetSentro will make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA:

• Built-in audit logs: Clinic administrators have access to activity and audit logs that track sensitive operations within the platform (available on Professional and Enterprise plans)
• Security documentation: Upon written request, we will provide information about our security practices, sub-processor agreements, and compliance measures
• Compliance audits: Enterprise plan Controllers may request a compliance assessment. We will cooperate with reasonable audit requests, subject to confidentiality obligations and scheduling

12. Effect of Termination

Upon termination of the Service agreement:

• VetSentro will cease processing personal data on behalf of the Controller, except as necessary to complete any outstanding obligations
• The Controller may request a data export (Section 8.4) during the 30-day grace period
• After the grace period, all personal data will be permanently deleted, except where retention is required by law (Section 8.3)
• VetSentro will provide written confirmation of data deletion upon request

This DPA survives termination with respect to any personal data that is retained after termination in accordance with Section 8.3.

13. Contact

For questions about this DPA or to exercise any rights described herein:

Note: This Data Processing Agreement is provided for informational purposes. We recommend having it reviewed by a Philippine-licensed attorney familiar with RA 10173 before relying on it for regulatory compliance.