Trust & Security
Your patients’ records are yours. Full stop.
Data security is the second most cited concern veterinary professionals have about AI. This page is our answer — written plainly, claiming only what our architecture actually does, and saying clearly what we are not.
Our three pledges
Pledge 1
Your data never trains AI models
VetGeni does not train models on your patient records — and the AI providers we use (OpenAI and Anthropic) do not use data submitted through their APIs to train theirs. Your cases make your notes better, not someone else’s model.
Pledge 2
Your records belong to you
Every SOAP note, discharge document, and recording in your account is yours. We do not sell it, share it with third parties for marketing, or claim any ownership over your clinical work.
Pledge 3
Delete whenever you want
You can remove records from your account or request full account deletion at any time — the process is published on our data deletion page and does not require a phone call to a retention department.
How your data is protected
Encrypted in transit
All traffic between your browser or phone and VetGeni uses TLS 1.2+. There is no unencrypted path to your records.
Encrypted at rest
Records, recordings, and files are stored encrypted at rest on our cloud infrastructure providers.
Row-level access control
Database access is scoped with row-level security: every query is checked against the account it belongs to at the database layer, not just in application code.
Audited infrastructure
VetGeni runs on AWS (US regions), Supabase managed Postgres, and Vercel — providers that each maintain SOC 2 Type 2 audits of their platforms.
Payments never touch us
Billing runs entirely through Stripe-hosted checkout. Your card number is never sent to or stored on VetGeni servers.
Least-privilege operations
Production access is limited to what operating the service requires, and administrative surfaces are gated behind separate authentication.
What actually happens to a recording
You record the appointment
Audio uploads over TLS to encrypted storage in your account. Nothing is public, and nothing leaves the processing pipeline described here.
It is transcribed and structured
Speech is converted to text and organized into clinical sections. Drug doses, differentials, and toxicology content are checked by retrieval against Wiley-licensed veterinary references — not recalled from a model’s memory.
Generation runs through enterprise AI APIs
Drafting uses OpenAI and Anthropic APIs under terms that exclude API data from model training. Your case improves your note; it does not become training data.
The draft lands in your account — editable
You review, edit, and approve every output. It is stored encrypted, scoped to your account, and deletable whenever you choose.
What we never do
- Sell your data, or share it with third parties for their marketing
- Train AI models on your patient records — ours or anyone else’s
- Hold your records hostage: export and deletion are always available
- Claim certifications we do not hold — what you read here is the real posture
The honest compliance picture
HIPAA:HIPAA governs human health records, so no veterinary platform is “HIPAA-regulated” — including this one. Vendors who lead with HIPAA badges for veterinary data are marketing, not informing. What VetGeni does is apply the same grade of protection voluntarily: encryption everywhere, scoped access, and deletion rights.
SOC 2:the infrastructure VetGeni runs on — AWS, Supabase, and Vercel — maintains SOC 2 Type 2 audits. VetGeni itself is not yet SOC 2 certified as a company, and we would rather tell you that directly than imply otherwise. In the meantime, this page documents our real practices, and we will gladly complete your clinic’s or university’s security questionnaire — contact us.
Your rights: export your records, delete your records, or delete your whole account — the process is published on the data deletion page, and our privacy policy covers the details.
Security FAQ
- Is VetGeni HIPAA compliant?
- HIPAA applies to human health records, so veterinary patient data is not HIPAA-regulated — for any vendor. What matters is whether a veterinary platform voluntarily applies equivalent protections. VetGeni does: encryption in transit (TLS 1.2+) and at rest, row-level access controls, least-privilege operations, and published deletion rights.
- Is my data used to train AI models?
- No. VetGeni does not train models on your records. Generation runs through OpenAI and Anthropic APIs, and both providers’ API terms exclude customer API data from model training. VetGeni’s clinical accuracy comes from retrieval against Wiley-licensed veterinary references, not from training on customer cases.
- Who can see my patient records?
- Your account — and, for clinic plans, the team members you add. Row-level security enforces this scoping at the database layer. VetGeni staff access to production data is limited to what operating and supporting the service requires.
- Where is my data stored?
- On AWS cloud infrastructure in US regions and Supabase managed Postgres, with files and recordings in AWS S3. All providers maintain SOC 2 Type 2 audits of their platforms.
- Is VetGeni itself SOC 2 certified?
- Not yet — and we would rather say that plainly than imply otherwise. VetGeni runs on SOC 2-audited infrastructure providers, and this page documents our actual practices. If your clinic or university has a security questionnaire, contact us and we will complete it.
- How do I delete my data?
- You can delete records inside the app, and you can request full account deletion at any time via the data deletion page. Some billing records may be retained where the law requires it.
Try it on a real case — your data stays yours.
14-day free trial, no credit card required. Every record encrypted, owned by you, and deletable any time.