Privacy Policy
This Policy explains what Petra collects, why, who can see it, and how you take it with you. It applies to the websites at petraverify.id, the owner app, the vet app, the verifier page, and the APIs that back them, all operated by Petra Inc., a Delaware corporation.
Petra’s product is built so that you keep what’s yours. The relevant ownership statements live in Section 4 of the Terms of Service. This Policy describes the privacy mechanics that make that ownership real.
1. Roles
When a pet owner uses the owner app, Petra is the controller of the personal data the owner provides (their name, contact info, billing information when applicable). For records relating to their pets, Petra acts as the owner’s service provider: we store and process pet data on the owner’s behalf.
When a clinic uses the vet app, Petra is a processor for the credentials and patient records the clinic enters. The clinic is the controller of that data and remains so. Our processor obligations are spelled out in the Data Processing Addendum.
Verifiers (airlines, borders, boarding facilities, third-party vets) accessing the public verifier or scanning a QR code do not create an account, and we do not attach an identity to their requests.
2. What we collect
From owners
- Account information: name, email, phone (optional), mailing address (optional)
- Pet records: species, breed, sex, date of birth, weight, color, microchip identifier, photos, vaccination history, primary vet
- Credentials issued for your pet: rabies certificates, USDA Form 7001, EU AHC, FAVN titer, heartworm test, parasite treatment records, and others as the catalog grows
- Trip records: destination, departure date, the pet involved, any generated travel packets
- Optional uploads: rabies certificates, lab reports, prior vet records. We OCR these to suggest data; the source files remain yours
From clinics
- Clinic information: name, address, phone, USDA accreditation status, state license details
- Staff information: name, email, role (vet/tech), license number for credential issuers
- Patient and client records the clinic enters or receives through the intake flow
- The credentials the clinic issues and the metadata around them
Automatically
- Standard server logs (IP address, browser, request URL, timestamp, response code) for security and debugging
- Authentication events from our auth provider (WorkOS), including sign-in time and session ID
- Aggregate analytics (page views, feature usage) through Google Analytics. Visitors in the EU are asked to consent before any analytics calls fire; outside the EU, analytics are on by default and you can opt out by blocking the script in your browser or using browser-level Do Not Track / cookie controls
3. Why we collect it
We use the data above to:
- Run the platform (display your pets, issue credentials, verify them)
- Generate travel paperwork (Form 7001, EU AHC, travel packets, wallet passes)
- Send transactional emails (a new credential request, an intake form, a credential expiring soon)
- Communicate operationally (security incidents, terms changes, account notices)
- Improve the product through aggregate, anonymized usage analysis (subject to your consent for analytics cookies)
- Comply with our legal obligations and respond to lawful requests
We may use aggregated, de-identified data (never personal data) to operate and improve the platform, and to support any trust network described in Section 5. We do not sell your data, share it with advertisers, or use your personal data to train machine-learning models for parties other than you.
4. Who sees it
You, by default
Owner data and clinic data are private to the owner or clinic that created them. Visibility expands only when you explicitly authorize it.
Clinics you visit
When an owner authorizes a clinic through the intake flow, the clinic sees the owner’s contact info plus the pet’s profile. The owner can see this happen at the moment they tap “Share” in the owner app and can withdraw the relationship later.
Verifiers
Anyone with a credential’s QR code or URL can verify its signature, type, validity dates, and revocation status through the public verifier, without an account, without identifying themselves to Petra. Verification calls are logged for the credential’s issuer and subject (you can see who scanned), but verifier identity is not collected.
Service providers
We use a small set of third parties to operate the platform. Each is bound by a written data-processing agreement and is granted only the access necessary to perform its service:
- Amazon Web Services: hosting, database, key management, file storage (regions: us-east-1)
- Vercel: frontend hosting for the four web apps
- WorkOS: authentication and session management
- Amazon SES: transactional email delivery
- Stripe: payment processing for owner Premium subscriptions (engaged only when an owner upgrades)
- Google Analytics: aggregate usage analytics (consent-gated in the EU; default-on elsewhere)
We don’t sell data to data brokers, advertisers, or list-rental services. Period.
Law enforcement and legal process
We will disclose data when we’re legally required to do so (e.g., a valid subpoena or court order). When the law allows, we’ll notify the affected user before disclosing.
5. Anonymous credential commitments
You authorize Petra to publish anonymous credential commitments (cryptographic hashes derived from the credential, plus issuer identifier, validity dates, and revocation status) to a trust network operated by Petra or by a federation of credential issuers and registries. Petra may participate in, contribute to, or operate such a network. These commitments are designed so that:
- No personal data goes on the network. Microchip numbers, owner identities, pet names, free-text notes: none of this is ever published. Only the cryptographic commitment is.
- Verification can happen without Petra. A party holding the credential body can prove it matches a published commitment without needing Petra in the loop.
- Personal data stays subject to your rights. The off-platform personal data we hold remains subject to the access, portability, correction, and deletion rights in Section 7. Published commitments, because they are not personal data, are technical artifacts that persist.
As of the “Last updated” date above, Petra has not published any such commitments. This Section discloses the possibility and obtains your consent in advance so that if and when publication begins, it does not require a fresh consent event. If operational details become relevant (network name, governance, federation members), we will update this Section.
6. How long we keep it
While your account is active, we keep your data for as long as you’ve told us to keep it. When you delete data through the app or close your account, we remove it from the live database within 24 hours and purge it from backups within 7 days. Signed credentials that have already been issued may persist in the verifier’s revocation status surface beyond deletion of the underlying record, because revocation cannot work otherwise; you can revoke any credential at any time.
Server logs are kept only as long as our infrastructure providers retain them for security and debugging purposes — typically on the order of weeks rather than years, with the exact window depending on the provider (our application logs are configured for short retention; some lower-level platform logs sit with our cloud providers under their own policies). Authentication events are retained by our auth provider (WorkOS) under their retention policy. Aggregated, fully anonymized analytics may be kept longer.
Any anonymous credential commitments published under Section 5 are not personal data and are not deleted on account closure or deletion request. They are technical artifacts derived from the credential. The off-platform personal data tied to a credential remains subject to deletion as described above.
7. Your rights
Depending on where you live, you have some or all of the following rights:
- Access: get a copy of the data we hold about you
- Portability: get that copy in a machine-readable format you can take elsewhere
- Correction: fix data that’s wrong (most fields you can edit directly in the app)
- Deletion: delete data, or close your account and have all your data deleted
- Restriction: ask us to stop processing data for specific purposes
- Objection: object to processing where applicable law allows
- Withdrawal of consent: withdraw consent to analytics or marketing emails at any time
Most rights can be exercised directly from the app. For anything that isn’t self-serve, email hello@petraverify.id and we’ll respond within 30 days. If we can’t honor a request (e.g., we’re legally required to keep something), we’ll tell you why.
8. International transfers
Petra’s servers are hosted in AWS us-east-1 (Virginia, USA). If you’re using the platform from outside the United States, your data is transferred to and processed in the US. For transfers from the EU/EEA/UK, we rely on the Standard Contractual Clauses adopted by the European Commission and the UK addendum. Our subprocessors (above) have committed to equivalent safeguards.
9. Children
Petra is not directed to children under 16. We don’t knowingly collect personal data from anyone under 16. If you believe we have, write to hello@petraverify.id and we’ll delete it promptly.
10. Security
We follow current industry-standard practices for data security: encryption in transit (TLS 1.2+) and at rest (AES-256), per-clinic signing-key isolation in AWS KMS, role-based access control across the engineering team, audit logging on production systems, and quarterly review of access. We will notify affected users and relevant regulators of a security incident affecting personal data within 72 hours of becoming aware of it, as the law requires.
11. Changes
We’ll update this Policy from time to time. Material changes will be communicated through the app and by email at least 14 days in advance. The “Last updated” date at the top of this page reflects the most recent revision.
12. Contact
Privacy questions, exercise of rights, complaints: hello@petraverify.id. EU/EEA residents may also contact their local data protection authority.