Privacy Policy

NexGen Technologies ("we", "us", or "our") operates VetAssistant AI (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union and European Economic Area. By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Data Controller: NexGen Technologies Email: [email protected] Ireland: +353 838654992 Chile: +569 53858376 For all privacy-related inquiries or to exercise your data rights, please contact us at the email address above.

3.1 Information You Provide Directly • Email Address: When you make a purchase, you may provide your email address to receive your access code and purchase confirmation. • Chat Messages: The questions and messages you submit to the AI assistant. • Clinic Information: For B2B users, we collect clinic name, email, and contact information during registration. 3.2 Information Collected Automatically • Visitor ID: A unique identifier generated and stored in your browser's localStorage to track anonymous usage (5 free questions). • Access Codes: Codes you redeem are stored in localStorage to maintain your session. • Usage Data: Number of questions asked, timestamps, and session information. • Device Information: Browser type, operating system, and device type for service optimization. • IP Address: Collected for security purposes and fraud prevention. 3.3 Information from Third Parties • Payment Information: When you make a purchase, Stripe (our payment processor) handles all payment card information. We receive only: - Transaction ID - Payment status - Last 4 digits of card (for reference only) - Email address associated with payment We do NOT store complete credit card numbers, CVV codes, or other sensitive payment details on our servers.

We use the collected information for the following purposes: 4.1 Service Provision • To provide AI-generated responses to your pet care questions • To manage your access codes and question credits • To process payments and deliver purchased services • To authenticate clinic users via API keys 4.2 Service Improvement • To analyze usage patterns and improve AI responses • To identify and fix technical issues • To develop new features and services • To train and improve our AI models using anonymized data 4.3 Communication • To send purchase confirmations and access codes • To respond to support inquiries • To send important service updates (you can opt out of non-essential communications) 4.4 Security and Compliance • To prevent fraud and abuse • To enforce our Terms of Service • To comply with legal obligations

For users in the EU/EEA, we process personal data based on the following legal grounds: 5.1 Contract Performance (Article 6(1)(b)) • Processing necessary to provide the Service you requested • Managing your account and purchased credits • Processing payments 5.2 Legitimate Interests (Article 6(1)(f)) • Improving our Service and AI capabilities • Analyzing usage patterns • Fraud prevention and security • Customer support 5.3 Legal Obligation (Article 6(1)(c)) • Compliance with applicable laws and regulations • Responding to legal requests • Tax and accounting requirements 5.4 Consent (Article 6(1)(a)) • Marketing communications (when applicable) • Use of non-essential cookies (if implemented) You may withdraw consent at any time by contacting us.

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances: 6.1 Service Providers • Stripe: Payment processing (PCI-DSS compliant) • Abacus.AI/OpenAI: AI model providers for generating responses (chat messages are processed but not stored for training without consent) • Cloud Hosting: Infrastructure providers for secure data storage 6.2 Legal Requirements We may disclose information if required by law or in response to: • Valid legal process (subpoena, court order) • Government requests • Protection of our rights and safety • Prevention of fraud or illegal activities 6.3 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy. 6.4 With Your Consent We may share information for other purposes with your explicit consent.

We retain your information for as long as necessary to fulfill the purposes described in this policy: 7.1 Retention Periods • Chat Messages: Retained for up to 12 months for service improvement, then anonymized or deleted • Access Codes: Retained until fully used or for 24 months of inactivity • Payment Records: Retained for 7 years as required for tax/legal compliance • Visitor IDs: Stored in your browser; cleared when you clear browser data • Clinic Accounts: Retained for the duration of the business relationship plus 24 months 7.2 Deletion You may request deletion of your data at any time (see Section 9). Some data may be retained for legal compliance even after deletion request.

We implement industry-standard security measures to protect your information: 8.1 Technical Measures • HTTPS/TLS encryption for all data in transit • Encrypted database storage • Regular security audits and updates • Secure API authentication for clinic access • Rate limiting to prevent abuse 8.2 Organizational Measures • Limited access to personal data (need-to-know basis) • Employee confidentiality agreements • Regular security training • Incident response procedures 8.3 Third-Party Security • All service providers are vetted for security compliance • Stripe is PCI-DSS Level 1 certified • Cloud providers maintain SOC 2 compliance Important: While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal data: 9.1 Right to Access You can request a copy of the personal data we hold about you. 9.2 Right to Rectification You can request correction of inaccurate or incomplete data. 9.3 Right to Erasure ("Right to be Forgotten") You can request deletion of your personal data, subject to legal retention requirements. 9.4 Right to Restrict Processing You can request that we limit how we use your data. 9.5 Right to Data Portability You can request your data in a machine-readable format for transfer to another service. 9.6 Right to Object You can object to processing based on legitimate interests, including profiling. 9.7 Right to Withdraw Consent Where processing is based on consent, you can withdraw it at any time. 9.8 Right to Lodge a Complaint You have the right to file a complaint with a supervisory authority if you believe your rights have been violated. How to Exercise Your Rights: Contact us at [email protected] with your request. We will respond within 30 days. We may need to verify your identity before processing certain requests.

10.1 What We Use We use browser localStorage (not traditional cookies) to store: • visitorId: Unique identifier for anonymous usage tracking • vetassistant_code: Your redeemed access code for session persistence • language: Your preferred language setting (EN/ES) 10.2 Purpose These storage mechanisms are essential for: • Tracking your remaining free questions • Maintaining your session with purchased credits • Remembering your language preference 10.3 Managing Local Storage You can clear localStorage through your browser settings: • Chrome: Settings → Privacy → Clear browsing data → Cookies and site data • Firefox: Settings → Privacy → Cookies and Site Data → Clear Data • Safari: Preferences → Privacy → Manage Website Data Note: Clearing localStorage will reset your free question count and require you to re-enter any access codes. 10.4 Third-Party Services Stripe may use cookies for fraud prevention and payment processing. Please refer to Stripe's Privacy Policy for details.

Your information may be transferred to and processed in countries other than your country of residence, including: • Chile: Where our company is legally registered • Ireland: Where we operate from and where our Stripe payment processing is based • United States: Where some of our service providers (AI providers) are located 11.1 Safeguards for EU/EEA Users For transfers outside the EU/EEA, we ensure appropriate safeguards: • Standard Contractual Clauses (SCCs) approved by the European Commission • Data processing agreements with all service providers • Verification that recipients maintain adequate data protection 11.2 Your Consent By using the Service, you consent to the transfer of your data to these countries, which may have different data protection laws than your jurisdiction.

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take steps to delete such information from our systems. If you are under 18, please do not use the Service or provide any personal information.

Our Service may contain links to third-party websites or services, including: • Stripe (payment processing) • Veterinary clinics' websites • Educational resources We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information. This Privacy Policy applies only to VetAssistant AI and does not cover any third-party services.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. 14.1 Notification of Changes • We will update the "Last Updated" date at the top of this policy • For material changes, we will provide notice through: - Email (if you've provided one) - Prominent notice on our website - In-app notification 14.2 Your Continued Use Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, please stop using the Service. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: NexGen Technologies Email: [email protected] Ireland: +353 838654992 Chile: +569 53858376 For EU/EEA Users: If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. Response Time: We aim to respond to all privacy-related inquiries within 30 days. Complex requests may require additional time, and we will keep you informed of any delays.