Veta holds some of the most personal data a family generates. Here's exactly how we protect it — written plainly, because trust should be legible.
All records — text, photos, PDFs, voice memos — are encrypted at rest (AES-256) and in transit (TLS 1.3). Keys rotate quarterly.
Sensitive fields (diagnoses, medications) are encrypted with per-user keys. Even Veta operators can’t read them without explicit parent consent.
Every vet, co-parent, or pet-sitter you share with sees only what you grant — for only as long as you grant it. One-tap revoke.
Export everything anytime (JSON, PDF, or FHIR-compatible). Delete your account and we delete the record — no ghost copies, no dark archives.
Audited annually · Latest: Q1 2026
Built to HIPAA technical safeguards; pets aren’t covered under HIPAA, but we hold ourselves to the spec.
Full data subject rights, portability, and deletion within 30 days.
Public scope on HackerOne. Rewards up to $10k for critical findings.
Penetration test twice a year by an independent third party
Background checks on all engineers with production access
Two-person review required for any schema change
Immutable audit log of every data access, readable by you
No third-party ad trackers, no analytics SDKs that leak PII
Staff training on data handling every quarter
Every credible disclosure gets a personal reply within 24 hours. Critical issues are patched and shipped within the week.