Trust Center

Trust before novelty.

You're considering storing your pet's medical records, your family's routines, and your emergency contacts with us. Here is exactly how that data is protected — in plain English first, technical detail second, and honest "in progress" labels where we're not done.

Who can see your pet's data

Live

Only active members of your household. When you invite a sitter, they get a role that limits what they see. When you remove someone, access ends immediately.

Technical detail

Every database table is protected by row-level security policies that resolve through active household membership — the same rule the database enforces no matter which app screen, API route, or query is involved. Client-side checks are never the security boundary. Cross-household access attempts return nothing, and membership roles (owner, admin, member, caregiver, sitter, viewer) are checked server-side on privileged actions.

Last verified: July 17, 2026

Share links

Live

Care cards and emergency summaries are shared through links that expire on a schedule you pick, show a view count, and can be revoked with one tap.

Technical detail

Tokens are 48-character random hex values generated by the database. Public share pages resolve tokens through a single server-side function that checks revocation and expiry before returning a purpose-built payload — there is no anonymous read path to the underlying tables. Care cards are snapshots: sharing one never exposes your live account.

Last verified: July 17, 2026

PetPal AI boundaries

Live

The AI answers only from your pet's records, tells you which records it used, admits when it doesn't know, and never diagnoses. If you describe an emergency, it tells you to contact a vet first.

Technical detail

Context for every AI request is assembled server-side from queries scoped to one pet in the caller's household — the model never receives another household's data. System instructions forbid invented records, diagnoses, and dosage advice, and require explicit uncertainty when the records don't contain the answer. Conversations are stored in your account and count toward plan limits. Document extraction is stored as an unreviewed draft until you approve it, and original files are never modified.

Last verified: July 17, 2026

Encryption & infrastructure

Live

Your data is encrypted in transit and at rest, on infrastructure used by thousands of production applications.

Technical detail

PetPal runs on Supabase (Postgres, US-East) and Vercel. All traffic uses TLS (HTTPS). Data at rest is encrypted by the underlying cloud storage layer. Documents live in a private storage bucket accessed through short-lived signed URLs; pet portrait photos are the only publicly-addressable media. Secrets (AI keys, billing keys) exist only in server-side configuration — never in the browser.

Last verified: July 17, 2026

Your data is portable

In progress

Export everything as structured JSON from Settings, anytime. Ask us to delete your account and we'll honor it.

Technical detail

The export includes pets, records, vaccinations, medications and dose history, routines, appointments, expenses, care cards, and household metadata. Deletion is currently a support-handled request honored within 30 days; self-serve deletion is in progress (labeled honestly in Settings, not hidden).

Last verified: July 17, 2026

What PetPal is not

Live

PetPal is not a veterinary provider, does not diagnose, and never replaces emergency care. It is also not HIPAA-regulated software, and we don't claim certifications we don't hold.

Technical detail

We avoid vague security language ("military-grade", "bank-level") on principle. Claims on this page describe implemented behavior; where something is in progress — self-serve deletion, per-user access logs surfaced in the UI, independent security review — we say so. Sensitive record contents are never placed in analytics events.

Last verified: July 17, 2026

Questions or a security concern? info@techrunnersva.com — security reports get priority handling.