Privacy Policy

Last updated: May 12, 2026

The privacy of your data—and it is your data, not ours—matters to us. This policy explains what data we collect, why we collect it, how we handle it, and your rights. We promise we never sell your personal data.

When we say Company, we, us, or our, we mean Clean Wake AB, a company registered in Sweden.

When we say Services, we mean our website at digitalclinic.vet and the Digital Clinic platform.

When we say you or your, we mean visitors to our website, customers, and users of our Services.

Quick Summary

  • We collect only what we need to provide our Services
  • We never sell your personal data
  • We use third-party processors—you can see who they are below
  • Your data is primarily stored in Germany (EU)
  • You have rights to access, correct, and delete your data
  • We take security seriously

What We Collect and Why

Our guiding principle is to collect only what we need. Here's what that means in practice:

Identity and Access

When you sign up, we collect:

  • Name and email address — to create your account and communicate with you
  • Phone number — for account recovery and optional notifications
  • Professional information — your role, profession, competencies, and licenses (for veterinary professionals)
  • Organization details — clinic or practice name and address

We use this information to provide and personalize our Services, verify professional credentials, and send essential communications.

Billing Information

For paid accounts, we collect:

  • Billing address — to process payments and comply with tax requirements
  • Payment information — processed securely by our payment providers; we don't store full card numbers
  • Bank account details — for specialists receiving payouts
  • VAT/organization numbers — for invoicing purposes

Content You Provide

When you use The Digital Clinic, you may upload:

  • Case information — patient data, medical histories, symptoms
  • Media files — images, videos, audio recordings, documents
  • Communications — chat messages, call recordings, notes

Important: You are responsible for ensuring you have the right to upload this content, including obtaining consent from pet owners for any personal data about them or their animals.

Automatically Collected Information

When you use our Services, we automatically collect:

  • Log data — IP address, browser type, pages visited, time spent, referring URLs
  • Device information — device type, operating system, unique identifiers
  • Location data — general location based on IP address (we don't use precise GPS location)

We use this information to maintain security, improve our Services, and troubleshoot issues.

We don't use third-party tracking. Our analytics are self-hosted on our own infrastructure—we don't share your browsing behavior with Google, Facebook, or other advertising networks.

Cookies

We use cookies and similar technologies for essential functionality, security, and analytics. See our Cookie Policy for details.

How We Use Your Information

We process your personal data for these purposes:

To Provide Our Services

  • Creating and managing your account
  • Enabling communication between veterinary professionals and specialists
  • Processing payments and generating invoices
  • Facilitating case management and consultations

Legal basis: Performance of our contract with you.

To Improve Our Services

  • Analyzing usage patterns to improve features
  • Troubleshooting technical issues
  • Developing new functionality

Legal basis: Our legitimate interests in improving our Services.

To Communicate With You

  • Sending essential service notifications
  • Responding to support requests
  • Providing product updates (you can opt out)

Legal basis: Performance of our contract; our legitimate interests; or your consent (for marketing).

To Ensure Security

  • Detecting and preventing fraud
  • Protecting against unauthorized access
  • Monitoring for abuse

Legal basis: Our legitimate interests in maintaining a secure platform.

To Comply With Law

  • Responding to legal requests
  • Maintaining required records
  • Fulfilling tax obligations

Legal basis: Legal obligation.

When We Share Your Information

Within Your Organization

Data you upload to The Digital Clinic may be visible to other authorized users in your organization—including clinic staff, administrators, and specialists involved in cases. This is fundamental to how the platform works.

With Specialists

When you request a consultation, relevant case information is shared with the specialist. Specialists agree to confidentiality obligations as part of their terms.

With Service Providers

We use third-party service providers to operate our platform. These processors only access your data as needed to perform services for us and are bound by data protection agreements.

See our Sub-processors page for the current list.

We maintain Standard Contractual Clauses with processors outside the EU to ensure adequate protection for your data.

With Pet Owners

If you're a pet owner using our Services, your data may be shared with:

  • The veterinary clinic managing your pet's care
  • Specialists consulted about your pet's case
  • Authorized staff within the clinic or group

For Legal Reasons

We may disclose your information if required by law, court order, or government request. We'll notify you when legally permitted.

Business Transfers

If Clean Wake AB is acquired or merges with another company, your information may be transferred. We'll notify you before your data becomes subject to a different privacy policy.

Testimonials

We may post customer testimonials, comments, and reviews on our website or in marketing materials. These may contain personal information such as names or job titles. We obtain consent before posting testimonials with personal attribution. If you'd like to request removal of your information from a testimonial, please contact us.

Data Controller vs. Data Processor

Under GDPR, we act in different roles depending on the situation:

When We're the Data Controller

We determine why and how to process your data for:

  • Account management
  • Billing and payments
  • Platform analytics
  • Marketing communications

When We're the Data Processor

Veterinary practices are the data controllers for patient and pet owner data they upload to The Digital Clinic. We process this data on their behalf according to their instructions.

If you're a pet owner with questions about how a veterinary practice handles your data, please contact them directly.

International Data Transfers

Our primary infrastructure is in Germany (EU). However, some of our service providers are located outside the EU (primarily in the United States).

For transfers outside the EU, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all processors
  • Additional security measures where appropriate

Use of Artificial Intelligence

The Digital Clinic includes AI-assisted features such as consultation transcription, clinical note structuring, case summarisation, translation, document OCR, and knowledge-base search. These features send the content you submit (audio recordings, note text, case data, uploaded documents) to AI providers for processing, and return the result to the platform. Some providers are customer-selectable from your organization's configured allowlist; others are platform-level for specific features (audio transcription, knowledge-base search). The current AI providers are listed on our Sub-processors page.

We separate AI providers into customer-selectable and platform-level arrangements so you know exactly what is selectable and what isn't:

Customer-Selectable LLM Providers

For chat, structured clinical notes, case summaries, drug matching, language detection, and message translation, you choose which provider(s) we use for your organization (Mistral AI, OpenAI, Anthropic). Your configured allowlist is enforced in code before any LLM request leaves the platform — a misconfiguration fails loudly and is logged, never silently bypassed.

Customer-Selectable OCR Provider

Document OCR uses Mistral OCR (EU/France). When your allowlist excludes Mistral, OCR falls back to local text extraction (Apache Tika) inside our own application — no document bytes are sent to any external provider.

Platform-Level Providers (Not Customer-Selectable)

Two features rely on a specific provider for architectural reasons:

  • Audio transcription uses Gladia (EU/France) to convert recorded audio into text. Audio is sent to Gladia, transcribed, and returned via webhook. Gladia retains audio only for the duration of the transcription job and does not train models on customer audio.
  • Knowledge-base search uses OpenAI embeddings (US) to convert text into vectors for similarity search. Vector dimensions are fixed in our database schema, so supporting alternative embedding providers would require a platform migration.

Neither provider can be swapped per customer; if a particular provider is incompatible with your requirements, the corresponding feature can be disabled for your organization at onboarding. Organizations requiring EU-only processing can restrict the customer-selectable allowlist to Mistral AI (France) — combined with Gladia (France), all customer-content AI processing stays in the EU except knowledge-base search.

No Automated Decision-Making

AI outputs are suggestions for a licensed veterinary professional to review, edit, and validate. No AI output becomes part of a legal medical record without the veterinarian's explicit validation. Every AI-generated output is clearly labelled in the interface, and our chat interface carries a persistent disclaimer that responses are AI-generated and should be verified before clinical use.

We do not use AI to make decisions with legal or similarly significant effects on any data subject, within the meaning of GDPR Article 22.

No Training on Your Data

Our AI providers contractually commit not to use the data we send them via their API to train their models. See the provider DPA links on our Sub-processors page.

Transfers

Where an AI provider is located outside the EU/EEA, transfers are governed by the Standard Contractual Clauses incorporated into our Data Processing Agreement (§8 and §15).

Audit Logging

We track AI usage per operation (provider, model, token counts, timestamp) for audit and cost attribution. This metadata does not include the content submitted to the AI provider or returned to the platform.

How Long We Keep Your Data

We retain your data only as long as necessary:

  • Account information — Duration of account + 2 years
  • Case data — Duration of account + 7 years (for medical record requirements)
  • Billing records — 7 years (Swedish accounting requirements)
  • Log data — 12 months
  • Deleted account data — Purged within 90 days

Some data may be retained longer if required by law or to resolve disputes.

Your Rights

You have the following rights under GDPR and Swedish law:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data.

Right to Erasure

You can ask us to delete your personal data, subject to legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

Contact us at team@digitalclinic.vet or use the settings in your account. We'll respond within 30 days.

Right to Complain

If you're unhappy with how we handle your data, you can lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.

How We Protect Your Data

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, role-based access controls, regular security reviews, and employee training.

For details on our security practices, see our Security page.

If you discover a vulnerability, please report it to team@digitalclinic.vet.

Children's Privacy

Our Services are not directed at children under 18. We don't knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. The version on our website is always the current version — check the date at the top of this page.

For material changes that significantly affect how we handle your data, we'll make reasonable efforts to notify you (for example, via a notice on the platform or by email).

Contact Us

For questions about this policy or your personal data:

Clean Wake AB • Sprängarvägen 27 • 184 70 Åkersberga • Sweden • Email: team@digitalclinic.vet

Privacy Contact • Hannes Schippmann • Email: privacy@digitalclinic.vet

To exercise your data protection rights or to lodge a complaint about how we handle your information, contact us at the address above.

Additional Information for Specific Regions

For California Residents

Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information we collect and the right to opt out of the sale of personal information. We do not sell personal information.

For UK Residents

References to GDPR include the UK GDPR as retained in UK law. Your supervisory authority is the Information Commissioner's Office (ICO).

Back to home