Privacy Notice
Last updated: May 2026
VetFlash is committed to protecting personal data. This Privacy Notice explains how Tamir Spiegel Ltd trading as VetFlash (“VetFlash”, “we”, “us”, “our”) collects, uses, shares, stores and protects personal data when you use our website, platform, AI tools and related services (the “Services”).
This Privacy Notice is intended to comply with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018, and equivalent laws in other jurisdictions where VetFlash operates.
- Controller Details
For most account, billing, website, marketing, security, support and business administration activities, Tamir Spiegel Ltd trading as VetFlash is the controller of your personal data.
ICO registration: ZB785465.
Contact: info@vetflash.io.
Where VetFlash processes personal data submitted by a business customer or veterinary practice into the Services, VetFlash may act as processor and the customer may act as controller. That processing is governed by our Data Processing Agreement where applicable.
- Who Uses VetFlash
VetFlash is intended for veterinary professionals and veterinary nurses using the Services for professional purposes. The Services are not intended for children and we do not knowingly allow individuals under 18 to create accounts.
Users must not submit client-identifiable personal data, special category data, payment card data, passwords, or other highly sensitive information unless it is necessary, lawful, and appropriately minimised.
- Personal Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Account data | Name, email address, username, password credentials, account settings, professional role, practice details, subscription status. |
| Contact and support data | Emails, support requests, feedback, complaints, contact preferences. |
| Billing data | Billing name, address, payment status, invoices, transaction references, payment provider metadata. We do not intend to store full payment card details. |
| Professional verification data | Information used to assess whether you are an eligible veterinary professional or veterinary nurse. |
| Platform usage data | Login activity, messages, feature usage, fair usage data, timestamps, account activity. |
| AI content | Prompts, uploaded files, chatbot interactions, generated outputs, feedback, and related metadata. |
| Technical data | IP address, device type, browser type, operating system, time zone, logs, cookies, analytics identifiers, security events. |
| Marketing data | Marketing preferences, newsletter sign-ups. |
| Cookie data | Consent preferences, cookie identifiers, analytics and tracking data where consent is required and given. |
AI content may contain personal data where you choose to submit it. Pet health information is not inherently personal data; however, it may become personal data where it relates to or can be linked to an identified or identifiable natural person, such as a pet owner, client, staff member, or veterinary professional.
- Sources of Personal Data
We collect personal data from:
– you when you register, use the Services, contact us, subscribe, pay, submit prompts, upload files, or provide feedback;
– your employer, veterinary practice, or organisation where they create or manage access for you;
– payment providers, authentication providers, hosting providers, analytics providers, email providers, and other service providers;
– cookies and similar technologies when you use our website or platform;
– public or professional sources where needed to verify professional eligibility.
- How We Use Personal Data
We use personal data for the following purposes and lawful bases:
| Purpose | Data used | Lawful basis |
|---|---|---|
| Create and manage accounts | Account data, professional data, technical data | Contract; legitimate interests |
| Provide the Services and AI-assisted outputs | Account data, AI content, usage data, technical data | Contract; legitimate interests; processor instructions where applicable |
| Process subscriptions and payments | Billing data, account data, transaction metadata | Contract; legal obligation; legitimate interests |
| Provide support and respond to enquiries | Contact data, support data, account data, AI content where supplied | Contract; legitimate interests |
| Verify eligibility and prevent account sharing or abuse | Account data, professional data, usage data, technical data | Contract; legitimate interests |
| Maintain security and prevent fraud | Technical data, usage data, logs, account data | Legitimate interests; legal obligation |
| Improve, monitor and audit the Services | Usage data, feedback, AI content where needed, technical data | Legitimate interests; consent where required |
| Send service communications | Account data, contact data | Contract; legitimate interests |
| Send marketing communications | Contact data, marketing preferences, campaign data | Consent or legitimate interests where permitted by law; PECR compliance |
| Comply with legal, tax, accounting and regulatory obligations | Account data, billing data, records, logs | Legal obligation; legitimate interests |
| Handle disputes and enforce terms | Account data, usage data, support data, billing data, logs | Legitimate interests; legal obligation |
| Use cookies and similar technologies | Cookie data, device data, analytics data | Consent where required; legitimate interests for strictly necessary cookies |
Where we rely on legitimate interests, we balance those interests against your rights and freedoms under applicable data protection laws. Our legitimate interests include providing and improving the Services, maintaining security, preventing abuse, supporting customers, managing business records and enforcing our Terms.
- Special Category Data
VetFlash does not require users to submit special category personal data for normal use.
If you choose to submit special category personal data (such as health information relating to a living individual), you are responsible for ensuring that you have a lawful basis and, where applicable, compliance with Article 9 GDPR or equivalent provisions under applicable data protection laws, including any required conditions, notices, or permissions.
We may reject, delete, restrict, or anonymise unnecessary sensitive data where appropriate.
- AI Processing
VetFlash uses AI tools to generate assistance outputs for veterinary professionals.
AI prompts, uploaded files, outputs and feedback may be processed by VetFlash and third-party AI service providers to provide the requested output, operate the Services, maintain security, troubleshoot issues, audit performance and improve service quality.
Where available, we will configure AI providers to restrict use of customer content for third-party model training unless you have been clearly informed and a lawful basis exists.
You should not include client-identifiable information in AI prompts, uploads, feedback or support requests unless it is necessary, lawful and minimised. You remain responsible for professional judgement and for verifying AI outputs before relying on them.
VetFlash does not use AI outputs to make solely automated decisions about individuals that produce legal or similarly significant effects.
- Cookies and Similar Technologies
We use cookies and similar technologies to operate the website, remember preferences, measure usage, protect against abuse and, where enabled, support marketing or embedded third-party content.
Strictly necessary cookies may be used without consent. Analytics, marketing, tracking and non-essential third-party cookies are used only where legally permitted and where required, with consent.
More information is available in our Cookie Policy at vet-flash.com/cookie-policy.
- Sharing Personal Data
We may share personal data with:
– hosting, infrastructure, backup, security, monitoring and IT providers;
– AI service providers used to generate outputs;
– payment providers such as Stripe or PayPal where used;
– email, marketing, analytics, cookie consent and support providers;
– professional advisers, insurers, auditors and legal advisers;
– regulators, courts, law enforcement, tax authorities, or public authorities where required or permitted by law;
– another organisation in connection with a merger, acquisition, restructuring, investment, sale, or transfer of all or part of our business.
We do not sell personal data. We do not share personal data with third parties for their own direct marketing unless you have consented or the law otherwise permits it.
Our current working sub-processor and international transfers annex (add a link) is maintained separately and should be completed against the live platform before publication.
9A. Teleos Integration Credentials
If you connect Teleos yourself through the Services, your Teleos credentials are stored locally in your browser for convenience and are used to connect to Teleos when you use the integration. You can remove these local credentials by disconnecting Teleos in the Services or clearing your browser storage.
VetFlash does not intend to retain user-managed Teleos credentials server-side. If VetFlash configures Teleos credentials for a customer on request, those credentials may be stored in VetFlash systems solely to provide the requested integration and can be deleted on request.
- International Transfers
We may use service providers located in the United Kingdom, the European Economic Area, the United States and other countries.
Where we transfer personal data internationally, we will use transfer mechanisms permitted under applicable data protection laws. Depending on the destination and provider, this may include:
adequacy regulations or adequacy decisions;
the UK International Data Transfer Agreement (“IDTA”);
the UK Addendum to the EU Standard Contractual Clauses;
the EU Standard Contractual Clauses (“SCCs”);
participation in recognised international data transfer frameworks, including the EU-US Data Privacy Framework and the UK Extension where applicable; or
another lawful transfer mechanism available under applicable data protection law.
Where required, we assess international transfers and implement appropriate safeguards, which may include encryption, access controls, data minimisation, contractual restrictions, retention controls, vendor due diligence and restrictions on onward transfers.
You may contact us for more information about safeguards relevant to transfers of your personal data.
- Security
We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
These measures may include access controls, confidentiality obligations, TLS/HTTPS, encryption where supported, secure credential handling, logging, backups, supplier due diligence, incident response and least privilege access.
No internet service can be guaranteed to be completely secure. You are responsible for securing your own account credentials, devices, browser, network and any data you choose to submit.
More information is available in our Security Annex (vet-flash.com/security) where applicable.
- Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Notice, including to provide the Services, comply with legal obligations, resolve disputes, maintain security, prevent fraud, and enforce agreements.
Typical retention periods include:
| Data | Typical retention |
|---|---|
| Account data | For the life of the account, then a reasonable period for backup, legal, fraud prevention and dispute purposes. |
| Billing and tax records | Usually up to six years where required for tax, accounting, and legal purposes. |
| AI prompts, uploads, outputs, and feedback |
We may retain prompts and transcripts processed by third-party AI providers for up to 45 days in order to deliver the Services, provide user support, ensure security, perform quality and safety auditing, and comply with legal obligations, unless the data is deleted or anonymised earlier. We do not use this data for training AI models unless explicitly stated or with your consent.
|
| Support records | For as long as needed to manage the request and maintain business records. |
| Security logs | For a proportionate period needed for security, investigation, and audit purposes. |
| Marketing records | Until you unsubscribe or object, plus suppression records to respect opt-outs. |
| Cookie consent records | For a reasonable period to evidence consent choices. |
| Backups | Until overwritten or deleted through normal backup cycles. |
We may anonymise data so that it can no longer identify an individual and use anonymised information indefinitely.
- Your Rights
Depending on the circumstances, you may have the right to:
– request access to your personal data;
– request correction of inaccurate personal data;
– request erasure of personal data;
– object to processing based on legitimate interests;
– request restriction of processing;
– request data portability;
– withdraw consent where processing is based on consent;
– object to direct marketing at any time;
– complain to the ICO.
To exercise your rights, contact info@vetflash.io. We may need to verify your identity before responding.
We aim to respond to valid requests within one month. We may extend this period where permitted by law if a request is complex or you have made multiple requests.
You can complain to the Information Commissioner’s Office at https://www.ico.org.uk. We would appreciate the opportunity to address your concern first.
- Marketing
You may receive marketing communications where you have consented or where we are otherwise permitted by law to send them.
You can opt out of marketing at any time by using the unsubscribe link in a message or contacting info@vetflash.io.
We may still send non-marketing service messages, such as account, security, billing, legal, or platform notices.
- Third-Party Links and Embedded Content
Our website or Services may contain links to third-party websites, plug-ins, applications, videos, payment pages, or embedded content. We are not responsible for the privacy practices of third parties. You should read their privacy notices before using their services.
- Changes to This Notice
We may update this Privacy Notice from time to time. Updated versions will be posted on our website or made available through the Services. Where changes are material, we will take reasonable steps to notify users where required.