Broby Vets LogoBroby VetsBack to Home

Privacy Policy

Effective Date: July 28, 2025 (Last Updated)

Privacy Policy

Broby Pte. Ltd. ("Broby", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect from users, how we use it, how it's stored, and your rights regarding your information. This Policy applies to the use of our Service by account holders and any data processed through our platform. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect various types of information to provide and improve our Service:

Account Information: When you register, we collect personal information such as your name, email address, professional details (e.g., clinic or license information, if provided), and password. This is necessary to create and manage your user account (Supabase Auth is used for managing login info).

Payment Information: If you subscribe, our payment processor (Stripe) will collect your payment details (credit card number, billing address, etc.). Note: Broby itself generally does not store full payment card details; these are handled by Stripe. We may retain records of your transactions (e.g., subscription plan, payment dates, amounts) for billing and accounting.

Usage Data: We automatically collect data about how you interact with the Service. This may include:

  • Log data such as your IP address, browser type, device information, pages or features accessed, access times and dates, and referring website.
  • Analytics data via cookies or similar technologies (see "Cookies" below). For example, we use Google Analytics to gather aggregate information on user behavior, which may track page views, session length, and other usage statistics.
  • Service logs and content: When you use the platform's features, we may log your actions (e.g., queries you input, AI responses provided, voice recordings you upload for transcription) for troubleshooting and to improve the Service.

User Content: As described in the Terms, any data you input into the Service, such as case descriptions, messages, uploaded files (images, audio), etc., is collected and stored in our system (e.g., in our Supabase database). This might occasionally include personal data about others (for instance, if you include a pet owner's name or contact within a case record – we encourage you to avoid uploading personal data of others without consent). We treat all such content as confidential to you, with handling per this Policy.

Audio Data: If you use any voice-to-text features (ASR – Automatic Speech Recognition), your audio recordings will be sent to our speech recognition service (hosted on Google Cloud Run) for transcription. We collect the transcript results and may store the original audio for processing and service improvement. Audio data might include your voice or any background voices if present.

Cookies and Tracking Data: We use cookies and similar tracking technologies to enhance your experience (see "Cookies and Similar Technologies" below for details). Cookies may collect information about your browsing actions and preferences over time.

We do not actively collect any sensitive personal data like government ID numbers, health records of individuals (apart from veterinary medical context which usually pertains to animals and not "personal data" of a human under privacy laws, except incidental client info), or information about your personal health, ethnicity, or religious beliefs. We ask that you not input unnecessary personal information about individuals into the Service. Our Service is focused on animal health data and professional use.

2. How We Use Your Information

Broby uses the collected information for the following purposes:

  • Provide and Maintain the Service: We use your data to create your account, authenticate you at login, and allow you to use the platform's features. For example, we use your case input to generate AI analysis or to return relevant information to you.
  • Service Improvement: Data (including aggregated usage data and anonymized content) helps us debug issues, develop new features, and improve the accuracy and performance of our AI models and other functionalities. For instance, we may analyze common queries or errors to refine our algorithms.
  • Customer Support: If you reach out to us, we will use your contact information and any details you provide to respond to your questions or resolve issues. We may also use your email to send important account or service-related notices (e.g., password resets, security alerts, maintenance downtime notifications).
  • Payments and Accounting: We use payment and transaction data to manage subscriptions, send invoices/receipts, and keep accounting records. For example, we might email you a receipt after a successful charge or remind you of an upcoming renewal.
  • Communication and Updates: We may send you emails to inform you about new features, updates, or promotions for the Service (only if you have not opted out of such marketing communications). If you are in Singapore or Malaysia, such communications will be sent in compliance with applicable spam/marketing laws. You can unsubscribe from marketing emails at any time by following the link in the email.
  • Analytics and Usage Monitoring: We use analytics data (from Google Analytics or internal tools) to understand user engagement and improve UI/UX. This helps us know which features are most used, how users navigate the app, etc. All such data is typically in aggregate form and does not directly identify individual users.
  • Ensure Security and Prevent Misuse: Information (especially log and device information) may be used to monitor for suspicious activities, enforce our Terms of Service, and protect against fraudulent, unauthorized, or illegal activity. For example, we might analyze logs to detect multiple login attempts or use automated tools to prevent abuse of the API.
  • Compliance with Legal Obligations: We may process and retain personal data as needed to comply with laws and regulations, such as financial regulations (for transaction records) or responding to lawful requests by authorities. If we are legally required to retain certain data or disclose data to government agencies or regulatory bodies, we will do so in accordance with applicable law.

We will not use personal information for purposes beyond what we have notified you of, unless we obtain your consent or unless permitted by law. We do not sell your personal data for marketing purposes.

3. Data Storage and Security

Hosting and Storage Locations: Your data is primarily stored on secure servers located in Singapore. Specifically, we use:

  • AWS (Amazon Web Services): Our application servers (including the AI processing backend) run on AWS infrastructure (e.g., an AWS EC2 t4g.nano instance in the Asia Pacific (Singapore) region).
  • Supabase (Database and Auth): Our primary user database and authentication services are provided by Supabase, hosted in the Singapore region (Supabase's Southeast Asia hosting). This means your account info and stored case data reside in data centers in Singapore.
  • Cloud Storage: If we store files or backups, they would also be in a secure cloud storage in Singapore or nearby region to serve our user base efficiently.

Third-Party Processing: Some data is processed or transmitted to third-party services as needed (see Section 4 below). For example, as noted, OpenAI (which may operate servers outside Singapore) processes text input to generate AI responses, and Google Cloud (which may also be outside Singapore depending on the service endpoint) processes audio for transcription. We carefully select reputable providers and aim to have agreements or settings in place to protect your data (e.g., using OpenAI in a mode where they do not store or use our API data for their own purposes).

Data Security Measures: We employ a variety of security measures to protect personal data:

  • Communication with the Service is encrypted via HTTPS to prevent eavesdropping.
  • Passwords are hashed and managed via Supabase Auth – we never store plain text passwords.
  • We restrict access to personal data to authorized personnel who need it to operate or support the Service. Our team is trained on the importance of confidentiality and privacy.
  • We use authentication and access controls, and we regularly update our software dependencies and perform security reviews. Supabase and AWS infrastructure provide additional security features (firewalls, etc.).
  • We monitor for potential security breaches and have procedures in place to respond if an incident occurs. If a data breach occurs that affects your personal data, we will notify you and the relevant authorities as required by law (e.g., under PDPA, we would notify the PDPC and affected individuals if the breach is likely to result in significant harm).

Data Retention: We retain personal data only as long as necessary for the purposes set out in this Policy, or as required by law. For example:

  • Account information is kept as long as your account is active. If you delete your account or it's terminated, we will remove or anonymize personal data associated with your account within a reasonable time after closure, except where retention is required for legal or legitimate business purposes.
  • Payment records may be kept for a number of years for tax and financial auditing purposes as required by law.
  • Logs and backups are routinely purged over time. We might keep application logs for a short period (e.g., a few months) and analytic data indefinitely in aggregate form (without personal identifiers).
  • Anonymized data (which no longer identifies you) may be retained indefinitely, since it does not impact your privacy.

Accuracy: You are responsible for providing accurate information, and we take reasonable steps to ensure data in our systems is accurate and up-to-date. If your information changes, please update your profile or notify us so we can correct our records.

4. Disclosure of Information to Third Parties

We do not sell or rent your personal information to third-party marketers. However, we do share certain information with third parties in the following contexts, as necessary to run our business:

Service Providers: We use trusted third-party companies to support our Service. These providers only receive the information necessary for them to perform their functions. Key service providers include:

  • OpenAI: We send text data (e.g., your query, case description) to OpenAI's API in order to get AI-generated responses. OpenAI will process the content of your queries to return an answer. According to OpenAI's policies, they do not use API data to train their models by default for clients, and they maintain confidentiality of the data. However, using the service implies such data passes through OpenAI's servers (which may be outside your country). We ensure, through our agreement/settings with OpenAI, that your data is handled in compliance with privacy norms. No user account info (like your name or email) is sent to OpenAI, only the query content necessary for the AI to function.
  • Google Cloud (Speech-to-Text): If you use voice input, your audio is sent to Google Cloud's speech recognition service to be converted to text. Google may process the audio data to return a transcription. We do not allow Google to use this data for their own purposes beyond providing us the transcription. Audio processing might occur on Google servers not located in Singapore (depending on service architecture).
  • Stripe: As mentioned, for payment processing we use Stripe. Stripe will receive billing information (such as your credit card number, expiration, CVC, and billing name/address) when you enter it on our payment form. Stripe is PCI-DSS compliant and will process your payments securely. We share with Stripe the minimum information needed to charge you (and Stripe may share back with us info like the last4 digits of your card, card brand, and payment status). Stripe's use of your data is governed by their own privacy policy. By subscribing, you agree to Stripe's collection and use of your payment data for processing your payments.
  • Supabase: Our platform runs on Supabase for database, authentication, and certain server functions. As our data processor, Supabase will have access to the data stored in our databases (which includes your account info and any stored case data). Supabase is a privacy-conscious platform (GDPR-compliant, etc.) and will only use our data to keep our service running as per our instructions.
  • Email/Communication Tools: If we send emails, we might use an email service provider (ESP) or SMTP relay that processes your email address and the content of emails (for account verification, notifications, etc.). These providers are bound to handle data securely and only on our behalf.
  • Analytics: Google Analytics uses cookies and receives certain info about your device and browsing (e.g., IP (which we may anonymize), user agent, etc.). This helps us analyze usage. Google may store this data on servers globally. We have configured Google Analytics to not collect unnecessary personal info (and in regions that require, we will obtain cookie consent first).

Business Partners (Aggregated Data): We may share aggregated, anonymized insights with partners or external organizations. For example, we might compile statistics or case trends from many users and share reports with an insurance company or research institution to aid their understanding of veterinary healthcare trends. These reports will not contain personal data – no individual vet or clinic or pet owner will be identifiable. We might include statistics like "X% of cases of condition Y followed recommendation Z," etc. Organizations can use such data for research or product development, but they cannot trace it back to you or your clients. Sharing anonymized data is a way to contribute to industry knowledge without compromising user privacy.

Legal Compliance: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., regulatory compliance, court orders, or law enforcement demands). For instance, if a regulator in Singapore or Malaysia requests certain data as part of an investigation, and we are legally compelled, we will comply. We will limit the disclosure to what is legally necessary.

Enforcing Our Rights: If necessary, we may disclose data to legal advisors or in legal proceedings to enforce our Terms or protect the rights, property, or safety of Broby, our users, or others. For example, sharing information with our lawyers or debt collection agencies if you violate agreements or refuse to pay amounts owed.

Business Transfers: If Broby is involved in a merger, acquisition, investment due diligence, reorganization, or asset sale, your information may be transferred as part of that deal. We would ensure that any acquiring entity or new combined entity respects the privacy commitments in this Policy or gives you notice and possibly new choices. For example, if another company acquires Broby, your data would likely be one of the transferred assets, but the use of your data would still be subject to this Policy (unless you're notified otherwise).

We will not share your personal information with third parties for their own marketing purposes without your consent.

5. International Data Transfer

As noted, some of our third-party processors are located in countries outside of your own. If you are in Singapore or Malaysia, please be aware that your data may be transferred to and processed in other countries, such as the United States. These countries may have data protection laws that differ from those in your jurisdiction. In such cases, we take steps to ensure appropriate safeguards are in place (for example, using standard contractual clauses or ensuring the service providers are certified under frameworks like EU-US Data Privacy frameworks if applicable, etc.). By using our Service, you consent to this transfer of your data to the extent such consent is required by law.

For Singapore data (PDPA), we will ensure any overseas recipient is bound to protect the data to standards comparable to Singapore's PDPA requirements, unless an exception applies. For example, OpenAI and Google are large organizations that implement security and privacy measures; we also contractually or via terms ensure they only use the data to provide the service to us. If we transfer any Malaysia personal data, we will similarly comply with Malaysia's Personal Data Protection Act 2010 (PDPA) on cross-border transfers (ensuring the recipient country has sufficient protection or obtaining consent).

6. Your Rights and Choices

We want you to be in control of your personal information. Subject to applicable law, you have several rights regarding your data:

Access and Correction: You have the right to request a copy of personal data we hold about you and to request correction of any inaccuracies. Most of your basic info can be reviewed and edited by logging into your account (e.g., update your profile info). If you need a full export or have trouble, contact us at our support email. We may need to verify your identity before releasing data. We will respond to access or correction requests as required by law.

Withdrawal of Consent: For data that you have given consent for us to use, you have the right to withdraw that consent. For example, you can opt out of marketing emails by unsubscribing. If you wish to withdraw consent for us to collect or use your personal data entirely, you should discontinue use of the Service and request account deletion. Important: If you withdraw consent for core data uses, we may not be able to provide you the Service (because certain data uses are required for operation). We will explain the consequences if you make such a request.

Account Deletion: You may request that we delete your personal data. You can do this by contacting support. We will proceed to delete or anonymize the personal data we hold about you that we are not legally required to retain. Note that content you provided that has been anonymized (and no longer identifiable to you) may not be deletable because it's no longer personal data. Also, residual copies of data might remain in backups for a short period but we will ensure they are deleted as well in due course.

Objection and Restriction: In certain jurisdictions, you may have the right to object to or ask us to restrict processing of your data. For example, if you feel our processing is not in accordance with law, or if you contest the accuracy of data, you can request a pause on processing. We will review such requests and comply if required by law.

Portability: If applicable, you may request an electronic copy of your data for portability purposes (this typically applies in some jurisdictions like EU – even though our primary market is SG/MY, we will try to accommodate reasonable requests).

Managing Cookies: You can manage cookies through your browser settings. You can choose to refuse or delete cookies. However, note that if you disable cookies, some features of our Service (like staying logged in, or analytics) may not function properly. We provide information on cookies in the next section, and if required, we will implement a cookie consent banner where applicable.

To exercise any of your rights, please contact us (see "Contact Us" below). We will require you to verify your identity (to ensure the person making the request is actually you) and clearly specify your request. We will respond within a reasonable time frame and in accordance with applicable law. Some requests might be declined if they infringe on others' rights or if we have overriding legitimate grounds or legal obligations (we will inform you if so, and why).

7. Cookies and Similar Technologies

Cookies are small text files that websites place on your device to store data that can be recalled by the server in the domain that placed the cookie. We use cookies and similar technologies for several reasons:

  • Essential Cookies: These are necessary for the Service to function. For example, we might use a session cookie to keep you logged in as you navigate between pages. Without these, you would have to log in repeatedly.
  • Preference Cookies: These remember your settings and preferences (e.g., language or interface customizations) to provide a more personalized experience.
  • Analytics Cookies: We use Google Analytics and possibly other analytics tools which set cookies to collect information about how users use our site. This helps us understand traffic patterns and user interactions (e.g., which pages are visited, how long is spent on site, etc.). We use this data in aggregate form to improve usability and performance. Google Analytics may set cookies such as _ga etc., which collect anonymized information (Google Analytics may anonymize your IP address by default in certain regions). The data collected via Google Analytics is subject to Google's Privacy Policy. You can opt-out of Google Analytics by using a browser add-on if you wish.
  • Third-Party Cookies: Aside from Google Analytics, most cookies on our Service are first-party (set by our domain). However, if we embed content from third parties or integrate with other services, those third parties might set their own cookies. For instance, a support chat widget or a video embed might set cookies. We will inform you if any such usage is present and get consent if needed.
  • Advertising Cookies: Currently, our Service does not use any advertising networks or targeted advertising cookies. (We are a B2B tool for vets, not an ad-supported consumer site.)

Your Choices regarding cookies:

  • When you first visit our site, you might see a notice about cookies. By continuing to use the site, you consent to cookies as described (in jurisdictions where explicit consent is required, we will obtain it accordingly).
  • You can typically remove or reject cookies via your browser settings. Each browser is different, but look for a "Privacy" or "Cookies" section in your browser's settings or preferences. You can also set your browser to block all cookies from specific sites or altogether. Keep in mind, blocking all cookies might impair functionality.
  • You can also use in-browser tools or extensions to manage tracking. For example, Google provides an opt-out for Google Analytics (as noted above).

Do Not Track: Our site currently does not respond to "Do Not Track" signals, in part because no uniform standard for DNT has been adopted by industry. We treat all user requests as described in this Policy regardless of DNT signals.

For more details on our cookie usage or assistance with opting out, feel free to contact support.

8. Children's Privacy

Our Service is not intended for use by minors. We do not knowingly collect personal data from individuals under 18 years old. (Our target users are licensed professionals, who by definition are adults in their jurisdictions.) If you are under 18, you should not use or register for the Service. If we become aware that we have inadvertently collected personal information from someone under 18, we will take steps to delete such information. If you believe we might have any information from or about a minor, please contact us so we can investigate and address it.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. If we make material changes, we will notify you by posting the updated policy on our website and adjusting the "Last Updated" date at the top. In some cases, we may also send an email notification or prompt you via the app. Please review this Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated terms.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • By Email: support@brobyvets.com
  • By Mail: Broby Pte. Ltd. – Privacy Officer, Singapore.
  • By Phone: +65 8138 2564.

We will do our best to address any issues and work to resolve concerns. If you are in Singapore and feel we have not managed your data properly, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC). If you are in Malaysia, you can reach out to the Personal Data Protection Department (PDP) under the communications ministry. We would, however, appreciate the chance to deal with your concerns first, so please contact us.

Thank you for trusting Broby with your professional needs. We value your privacy and are committed to safeguarding your data while providing you a useful service.

By using our Service, you confirm that you agree to both the Terms & Conditions and the Privacy Policy as outlined above.

Last Updated: July 28, 2025