Privacy Policy

1. General Information

KADMEIA SLU (hereinafter "KADMEIA", "we" or "the company") is the data controller for personal data collected through the website kybervet.com, in accordance with the General Data Protection Regulation (GDPR).

KYBERVET is a trademark owned by KADMEIA SLU.

Controller Contact Details

2. Data We Collect

Contact and Identification Data

• Full name
• Email address
• Phone number (optional)
• Company or organization

Technical Data

• IP address
• Browser and device information
• Pages visited and time spent
• Referral source

3. How We Use Your Data

• Inquiry management: responding to information requests related to KYBERVET.
• Commercial communication: sending information about our services, only with explicit consent.
• Service improvement: aggregated analysis to improve the website and solutions offered.
• Legal compliance: fulfillment of legal and tax obligations.

4. Legal Basis for Processing

Each purpose has its own legal basis:

• Operation of the «AI Diagnosis» assistant (temporary processing of your messages, including sending them to the AI provider to generate the responses): legitimate interest (Art. 6.1.f GDPR) in providing the guidance you yourself initiate. When you request a report, that processing becomes based on the performance of pre-contractual measures at your request (Art. 6.1.b GDPR). The AI notice shown before you start is transparency information (Art. 50 of the AI Act), not a consent legal basis.
• Preparing and sending the report you request (retaining the conversation and your contact details for the time needed to draft it, have a person review it and send it to you): pre-contractual measures at your request (Art. 6.1.b GDPR). This is processing necessary to provide the service you ask for; without it we cannot draft the report. Retention is limited to that purpose (see point 5).
• Commercial contact about the diagnosis, extended retention for your follow-up, access to the free course and commercial communications: consent (Art. 6.1.a GDPR), given separately for each purpose through optional checkboxes. Only if you authorise contact/follow-up do we retain your data for an extended period (point 5).
• Compliance with legal obligations (tax and accounting): Art. 6.1.c GDPR.

You may withdraw your consent at any time, without affecting the lawfulness of prior processing.

5. Data Retention

Personal data will be retained for the time necessary to fulfill the purpose for which it was collected and to determine any potential liabilities arising from the processing.

«AI Diagnosis» assistant conversations: The transcript is retained for 7 days by default. If you request a report, the transcript and your contact details are retained for 30 days, the time needed to draft it, have a person review it and send it to you (Art. 6.1.b GDPR). That period is extended to a maximum of 180 days only if you authorise us, through the corresponding checkbox, to contact you for follow-up (Art. 6.1.a GDPR). Once the periods expire, the data is deleted automatically; only the consent evidence and the acknowledgement of the AI notice are retained, with no associated personal content.

6. Data Recipients

Data will not be transferred to third parties, except where required by law or for the provision of contracted services.

To provide the «AI Diagnosis» assistant, your data may be communicated to the following third parties, which act as data processors:

Anthropic PBC (AI model of the «AI Diagnosis» assistant)

Purpose: Generate the responses of the «AI Diagnosis» conversational assistant and the draft report from what you write.

Data processed: The content of the messages you send to the assistant. We expressly ask you not to enter patient data or third parties' personal data; before retaining it we apply automatic redaction of obvious patterns (emails, phone numbers).

Location: United States. Transfer under Standard Contractual Clauses (SCC) and Anthropic's Data Processing Agreement (DPA). Anthropic deletes API inputs and outputs by default within 30 days, except for the exceptions published by Anthropic (for example, longer retention for legal obligations or for trust and safety reasons).

Privacy policy: https://www.anthropic.com/legal/privacy

Supabase, Inc. (hosting of the conversation and lead data)

Purpose: Hosting the database where the conversation is stored — temporarily by default (7 days) and up to 180 days if you consent to us keeping it to prepare the report — and the lead's contact details.

Location: United States. Data hosted in the EU region (Ireland, eu-west-1). Transfer under Standard Contractual Clauses (SCC).

Privacy policy: https://supabase.com/privacy

Resend (Plus Five Five, Inc.) — email delivery

Purpose: Sending the address confirmation email (double opt-in) so we can prepare and send you the report. In addition, when you request a report, we use this same provider to internally deliver a draft of the report to our KYBERVET team for human review before sending it to you; that internal email contains your email address and the draft content.

Data processed: The recipient's email address, the content of the email itself (including, for the internal draft, the report text) and an internal session/request identifier that accompanies the notice for our handling.

Location: United States. Transfer under Standard Contractual Clauses (SCC) and Resend's Data Processing Agreement (DPA).

Privacy policy: https://resend.com/legal/privacy-policy

Telegram FZ-LLC (internal lead notification)

Purpose: When you request a report, our team receives an internal notification via Telegram to handle it. The notification does NOT include the conversation transcript: it contains only an indicator that there is a new contact, the name of your clinic (if provided), whether your enquiry fits our services and whether you requested a report (and whether it is pending your email confirmation), and an internal —protected— link to your record.

Data processed: Clinic name (if provided), an indicator of enquiry fit and of your report request status, and an internal conversation identifier. Your email and the content of the messages are not sent through this channel.

Location: United Arab Emirates. Transfer under Standard Contractual Clauses (SCC).

Cloudflare, Inc. (anti-abuse protection of the «AI Diagnosis» assistant)

Purpose: Verify that whoever uses the assistant is a person and protect the chat and the form submission against automated use (Cloudflare Turnstile service).

Legal basis: Legitimate interest (Art. 6.1.f GDPR) in protecting the service against abuse and automated use. Cloudflare, in addition to acting on our behalf in that verification, processes certain signals as its own controller to improve its bot detection in aggregate, based on its legitimate interest, as described in its Turnstile Privacy Addendum.

Data processed: IP address and technical browser signals needed for the anti-abuse verification (Turnstile token). It is not used for advertising profiling.

Location: United States. Transfer under Standard Contractual Clauses (SCC) and Cloudflare's Data Processing Addendum.

Privacy policy: https://www.cloudflare.com/privacypolicy/ · Turnstile Privacy Addendum

7. User Rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and portability by sending an email to info@kybervet.com.

You may also file a complaint with the competent data protection authority if you believe your rights have not been respected.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction.

9. Changes to This Policy

We reserve the right to update this privacy policy at any time. Changes will be effective upon publication on this page.