Last Updated: March 30, 2026
Legal Review Required. This document is a starting draft intended for review by qualified legal counsel before use with customers. It does not constitute legal advice.
PawPIMS, LLC ("PawPIMS," "we," "us," or "our") provides a cloud-based veterinary practice information management system (the "Service"). This Privacy Policy describes how we collect, use, store, and disclose information in connection with the Service.
Who this policy covers. This policy covers information processed through the PawPIMS platform. It applies to:
What this policy does not cover. This policy does not govern how our Customers use the Service to manage their own clients' data. Customers are responsible for their own privacy practices and their relationships with their clients. If you are a client of a veterinary practice that uses PawPIMS, please contact that practice for information about how they handle your data.
When a veterinary practice subscribes to PawPIMS, we collect:
Customers submit veterinary practice data to the Service, which may include:
We treat Customer Data as the Customer's information. We process it only to provide the Service and as described in this Privacy Policy and our Data Processing Addendum.
We automatically collect:
If you contact us via email, our support system, or our website contact form, we retain the content of those communications.
We use Customer Data to operate and maintain the Service, including:
We use Customer and account information to:
PawPIMS uses a multi-tenant, schema-per-tenant database architecture. Each Customer's data is stored in a logically isolated database schema that is strictly separated from other Customers' data. No Customer can access another Customer's data through the Service. Access controls, tenant isolation, and audit logging are implemented at the application and database level to enforce this separation.
PawPIMS does not store, process, or transmit full payment card numbers. All payment card transactions are processed by PayJunction, our PCI DSS-compliant payment processor. When you provide payment card information, it is submitted directly to PayJunction and returned to us only as a token. We store the token, the last four digits of the card, and the expiration date. PawPIMS operates at PCI DSS SAQ A compliance level as a result of this tokenized architecture.
PawPIMS's SMS features allow Customers to send text messages to their clients. SMS delivery is provided through Twilio. The following applies to SMS:
If you are a clinic client who has received an unwanted SMS from a veterinary practice using PawPIMS, please contact the practice directly or reply STOP to opt out.
PawPIMS offers optional Google Calendar integration that allows Authorized Users to sync appointments with their Google Calendar accounts. If you connect a Google account to PawPIMS:
https://www.googleapis.com/auth/calendar (read and write access to your Google Calendar)Disclosure required by Google API Services User Data Policy: PawPIMS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
When a document is signed through PawPIMS's electronic signature feature, we record and store:
These records are retained as part of the Customer's audit trail for the duration required by the Customer's record retention obligations, plus an additional period as agreed with the Customer.
If a Customer uses PawPIMS to maintain controlled substance dispensing logs (as required by DEA 21 CFR Part 1304), this information is stored as Customer Data. PawPIMS maintains an immutable audit trail for these records. Controlled substance records are subject to federal 2-year minimum retention requirements; Customers are responsible for compliance with DEA and state board of pharmacy retention requirements applicable to their practice.
We do not sell personal information. We may share information in the following circumstances:
We share data with trusted service providers who help us operate the Service. Our current key subprocessors include:
| Subprocessor | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Cloud infrastructure, database hosting, and compute | All Customer Data |
| Twilio | SMS delivery | Client phone numbers, SMS message content |
| PayJunction | Payment processing | Payment card information (tokenized) |
| Google (OAuth/Calendar) | Calendar integration | OAuth tokens, appointment data |
A complete and current list of subprocessors is available at [pawpims.vet/subprocessors] or by written request. We will provide 30 days' advance notice of material changes to our subprocessor list.
We may disclose information if we believe in good faith that disclosure is required by applicable law, regulation, or court order, or to protect the rights, safety, or property of PawPIMS, its Customers, or others.
If PawPIMS undergoes a merger, acquisition, or sale of assets, Customer Data may be transferred as part of that transaction. We will provide notice before Customer Data becomes subject to a different privacy policy.
We may share information with third parties when Customers explicitly authorize such sharing (e.g., laboratory integrations).
| Data Category | Retention Period |
|---|---|
| Customer Data (active subscription) | Duration of Subscription Term |
| Customer Data (post-termination) | 60 days after termination, then deleted |
| Backup archives | Purged on normal backup rotation cycle (max 90 days) |
| Electronic signature audit records | Subscription Term + 5 years |
| Billing and payment records | 7 years (tax compliance) |
| Usage and log data | 12 months rolling |
| Support communications | 3 years |
Customers are solely responsible for ensuring their use of the Service complies with state veterinary practice act record retention requirements (generally 3–7 years depending on state) before requesting deletion or terminating their subscription.
We implement commercially reasonable technical and organizational measures to protect Customer Data, including:
No security measure is 100% effective. In the event of a security breach, we will notify affected Customers as described in Section 7.3 of the Terms of Service.
PawPIMS is a Service Provider under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) with respect to personal information submitted by our Customers about their clients. PawPIMS does not sell or share this personal information for cross-context behavioral advertising.
Regarding our own collection of personal information from business contacts (Customer employees, billing contacts, etc.):
To submit a CCPA request, contact us at privacy@pawpims.vet. We will respond within 45 days.
Clinic clients (pet owners) who wish to exercise their California privacy rights with respect to data held by their veterinary practice should contact that practice directly. The veterinary practice is the "Business" under CCPA; PawPIMS acts only as their Service Provider.
Veterinary patient records may be protected under state law. Applicable state veterinary practice acts vary; approximately 35 states have statutes or regulations addressing the confidentiality of veterinary records. Customer Customers are responsible for complying with applicable state law regarding access to, disclosure of, and retention of veterinary records maintained through the Service.
The Service is not directed to individuals under 18 years of age. PawPIMS does not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child's information has been collected in error, contact us at privacy@pawpims.vet.
The Service is operated from the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
PawPIMS does not currently offer a Standard Contractual Clauses (SCC) addendum or otherwise specifically target users in the European Union or United Kingdom. Customers with EU or UK operations should contact us before subscribing to discuss their specific requirements.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on our website with a new "Last Updated" date and notify active Customers via email or an in-Service notice. We will provide at least 30 days' notice before a material change takes effect. Continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.
For privacy questions, to exercise your rights, or to report a concern:
For security incidents or suspected breaches, contact: security@pawpims.vet