Privacy Policy

VetAccess (“VetAccess”, “we”, “us”, “our”) operates an online marketplace that connects Australian veterinary clinics with animal health suppliers for appointment bookings, education sessions and product visits.

This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have. It applies to everyone who uses the VetAccess website and platform (“the Service”), whether as a clinic, a supplier company, or an individual representative.

We handle personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

VetAccess is deliberately scoped around business and scheduling information only — clinics, suppliers, appointment slots and bookings. We do not collect, store, or process animal patient records, clinical notes, or any individually identifiable veterinarian treatment information. If you are looking for a clinical practice management system, VetAccess is not that product.

We collect information you provide directly to us, including:

• Account information: name, email address, phone number, and password (stored securely — see Section 5).
• Clinic information: clinic name, address, suburb, state, postcode, clinic type, and the categories of suppliers you choose to allow.
• Supplier company information: company name, category, website, and details of representatives, managers and administrators.
• Booking information: appointment times, appointment types, purpose of visit, notes, and booking status history.
• Billing information: for supplier accounts, subscription and billing details are collected and stored directly by our payment processor, Stripe — see Section 6.
• Communications: messages you send us via the contact form or email.

We also automatically collect limited technical information, including:

• Login session identifiers (cookies) needed to keep you signed in securely.
• Basic usage and error logs (e.g. page requests, timestamps) used to operate and troubleshoot the Service.

We use the information we collect to:

• Create and manage your account and verify your identity.
• Operate the marketplace — including matching suppliers with clinics within their assigned territory, and processing bookings, confirmations, declines and cancellations.
• Send transactional emails such as booking confirmations, calendar invites, cancellation notices, and account-related messages.
• Process supplier subscription payments and manage billing.
• Maintain platform security, prevent fraud and misuse, and keep an audit trail of significant account actions.
• Respond to support requests and communicate important changes to the Service.
• Comply with our legal obligations, including tax and financial record-keeping requirements.

We do not sell your personal information to third parties, and we do not use your information for advertising or marketing by unrelated third parties.

We take the security of your information seriously. In particular:

• Passwords are never stored in plain text — they are hashed using industry-standard, one-way encryption.
• Database access controls (Row Level Security) are enforced at the database level, so a clinic can never access another clinic’s bookings, and a supplier can never access another supplier’s data — this is enforced by the database itself, not just the application.
• Payment card details are never stored on our systems. All payment processing is handled directly by Stripe, a PCI-DSS compliant payment processor used by major platforms worldwide.
• Encrypted connections (HTTPS/TLS) are used for all traffic between your browser and our servers.
• Access to administrative systems and credentials is restricted and not shared outside of those who operate the platform.

While we take reasonable steps to protect your information, no method of transmission or storage is completely secure. If you believe your account has been compromised, please contact us immediately.

To operate VetAccess, we rely on a small number of trusted infrastructure providers, each of which processes a limited slice of information strictly to perform their function:

• Supabase — securely hosts our database and handles account authentication.
• Stripe — processes supplier subscription payments. Stripe collects and stores payment card details directly; VetAccess never receives or stores full card numbers.
• Resend — delivers transactional emails (booking confirmations, calendar invites, account notifications).
• Vercel — hosts the VetAccess website and application.

Each of these providers has its own privacy policy governing how it handles data on our behalf, and we have selected providers that maintain industry-standard security and compliance certifications.

We use a small number of essential cookies to keep you securely signed in to your account. We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from logging in or using the Service.

We disclose information only:

• Between clinics and suppliers as necessary to facilitate a booking (e.g. a clinic’s name and address is shared with a supplier rep once they book a slot).
• To the third-party service providers listed in Section 6, solely to operate the Service.
• If required by law, regulation, legal process, or governmental request.
• To protect the rights, property, or safety of VetAccess, our users, or the public.
• In connection with a merger, acquisition, or sale of business assets, with notice to affected users.

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or out-of-date information.
• Request deletion of your account and associated personal information, subject to our legal and accounting record-keeping obligations.
• Lodge a complaint about how we handle your personal information.

To exercise any of these rights, contact us using the details in Section 12. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We retain personal information for as long as your account is active, and for a reasonable period afterwards to comply with legal, tax and accounting obligations, resolve disputes, and enforce our agreements. Booking history may be retained in an anonymised or aggregated form for reporting purposes.

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal reasons. We will post the updated version on this page with a revised “last updated” date. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how your information is handled, contact us at hello@vetaccess.com.au.