Skip to main content
    PetChartPetChart
    PlatformPricingEarly AccessResourcesFAQClient PortalClinic Sign In
    Back to Home

    Security & Compliance

    Enterprise-grade security infrastructure designed to protect veterinary practice data.

    Last updated: March 6, 2026

    Encryption

    AES-256 encryption at rest. TLS 1.2+ for all data in transit. All production data paths are encrypted.

    Access Controls

    Granular role-based permissions, row-level security, and least-privilege enforcement.

    Audit Logging

    Immutable audit trails for data access, modifications, and administrative actions.

    Important Notice

    PetChart provides security tools and infrastructure controls to help veterinary practices manage their data. Each practice is responsible for configuring these controls appropriately for their specific regulatory obligations, including state veterinary board requirements and data protection laws applicable to their jurisdiction. PetChart does not provide legal, regulatory, or compliance advice. Practices should consult qualified legal counsel to determine their specific obligations.

    1. Security Architecture

    PetChart's infrastructure is built on a defense-in-depth security model. The platform employs multiple layers of technical controls to protect data confidentiality, integrity, and availability. All security controls described below are features of the platform that practices may configure according to their needs.

    2. Technical Safeguards

    Data Encryption

    • All data encrypted at rest using AES-256 encryption via the underlying infrastructure provider.
    • All data transmitted over TLS 1.2 or higher. No plaintext data transmission paths exist.
    • Sensitive credentials (SMS verification codes) are hashed using SHA-256 before storage.
    • API keys are stored as one-way cryptographic hashes; original keys are never persisted.

    Authentication & Access Control

    • Row-level security (RLS) policies enforce data isolation at the database layer.
    • Granular, permission-based access controls (e.g., medical records, billing, appointments, controlled substances).
    • Role separation enforced via dedicated database tables — roles are never stored in user-editable profiles.
    • Account lockout after repeated failed login attempts with configurable lockout duration.
    • Server-side rate limiting on API endpoints and edge functions.
    • Leaked password protection available via the authentication provider.

    Monitoring & Audit

    • Immutable audit logs record data access, modifications, and deletions with timestamps and user attribution.
    • Activity logging tracks login, logout, and sensitive administrative operations.
    • Controlled substance access is restricted and logged separately with DEA number masking for non-administrator staff.

    3. Administrative Safeguards

    • Staff invitation workflow with role and permission assignment at onboarding.
    • Immediate access revocation capabilities for offboarded staff.
    • Account deactivation controls that enforce sign-out on next session.
    • Configurable session management including temporary session support.
    • Administrative audit trail for staff role changes, promotions, and demotions.

    4. Infrastructure & Physical Security

    PetChart is hosted on cloud infrastructure provided by established third-party providers that maintain industry-standard certifications (including SOC 2 and ISO 27001). Physical security of data center facilities, including access monitoring, environmental controls, and redundancy, is managed by these infrastructure providers under their respective compliance programs.

    PetChart does not independently certify, audit, or guarantee the physical security controls of its infrastructure providers. Practices requiring specific infrastructure certifications should review the compliance documentation of the underlying providers directly.

    5. Data Protection & Privacy

    • Private storage buckets for medical attachments, imaging, and sensitive documents. No public bucket access for sensitive data.
    • Signed, time-limited URLs for authorized file access — no permanent public links to sensitive files.
    • Soft-delete patterns preserve data integrity while supporting record retention policies.
    • Client portal access is scoped to the authenticated client's own records and pets only.
    • Clients are restricted from modifying clinical fields (allergies, weight, medications) — only staff with appropriate permissions can modify medical data.

    6. Regulatory Alignment

    PetChart provides technical controls that may assist practices in meeting various regulatory requirements, including state veterinary practice acts and general data protection regulations.

    Data Protection

    The platform includes technical and administrative controls for securing sensitive veterinary data. Practices are responsible for determining applicable regulatory requirements and ensuring their own compliance program meets all obligations.

    DEA

    Controlled substance logs include access restrictions, DEA number masking, and dedicated audit trails to support DEA recordkeeping requirements. Practices remain responsible for their own DEA compliance obligations.

    7. Incident Response

    PetChart maintains incident response procedures for identified security events. In the event of a confirmed data breach affecting practice data, PetChart will notify impacted practices in accordance with applicable laws and the terms of any applicable agreements. Notification timelines and procedures are subject to the requirements of the applicable jurisdiction.

    PetChart's incident response obligations are limited to events within PetChart's direct control. Practices are responsible for their own incident response procedures related to their use of the platform, including unauthorized access resulting from compromised practice-managed credentials.

    8. Shared Responsibility

    Security is a shared responsibility between PetChart and the practices using the platform.

    PetChart Responsibilities

    • Platform infrastructure security
    • Encryption implementation
    • Access control enforcement at the application layer
    • Security patching of platform components
    • Audit logging infrastructure

    Practice Responsibilities

    • Configuring appropriate user roles and permissions
    • Managing staff credentials and access
    • Enabling available security features (e.g., leaked password protection)
    • Compliance with applicable laws and regulations
    • Staff security awareness and training

    9. Limitation of Liability

    The security controls and compliance-related features described on this page are provided as part of the PetChart platform and are subject to the terms and limitations set forth in PetChart's Terms of Service. Nothing on this page constitutes a warranty, guarantee, or certification of compliance with any specific regulatory framework. PetChart's liability is limited as set forth in the applicable agreement between PetChart and the practice.

    10. Contact

    Security & Compliance Inquiries

    For security concerns, vulnerability reports, or compliance inquiries, contact us at tharlinhtet@vertexone-technologies.com.

    General support: tharlinhtet@vertexone-technologies.com
    PetChart

    Patient records, scheduling, billing, and client communication in one operating system for modern clinics.

    tharlinhtet@vertexone-technologies.com
    Singapore
    Start Free Trial

    Platform

    • Features
    • Veterinary EHR
    • Practice Management
    • Compare
    • Pricing

    Resources

    • Resource Hub
    • Blog
    • Guides
    • Templates

    Access

    • Clinic Login
    • Client Portal
    • Privacy Policy
    • Terms of Service
    • Security

    © 2026 PetChart. All rights reserved. Built by VertexOne Technologies

    Privacy · Terms