Privacy Policy

Last updated: May 2026

1. Introduction

PawPassRx(“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and documentation services. By using PawPassRx you agree to the collection and use of information in accordance with this policy.

2. Information we collect

We collect the following categories of information:

  • Personal identification: Name, email address, and mailing address provided during account creation or checkout.
  • Animal details: Your animal's name, breed, type, and optional photo for registration purposes.
  • Health questionnaire responses: Information provided in the mental health questionnaire for ESA/PSD letter services. This data is HIPAA-protected.
  • Payment information: Payment processing is handled entirely by Stripe. PawPassRx does not store credit card numbers, bank details, or other financial credentials.
  • Usage data: Standard web analytics including pages visited, time on site, and browser type, used to improve our service.

3. How we use your information

We use the information we collect to:

  • Process your orders and issue registration certificates and ID cards
  • Facilitate licensed professional review for ESA and PSD letter requests
  • Send order confirmations and document delivery notifications
  • Send renewal reminders when your documentation is approaching its expiration date
  • Enable registration verification through the PawPassRx verification system
  • Respond to customer support inquiries
  • Improve the functionality and content of our website

4. User-contributed photos and content

When you upload a photo of your animal during registration or assessment, we use it for the purposes of producing your ID card, certificate, and other documentation tied to your account. By default, your photo is not used for anything else.

At the time you upload a photo, we offer an optional checkbox that lets you explicitly opt in to allow PawPassRx to use that specific photo on social media and in marketing materials. This consent is per-upload and opt-in only — leaving the checkbox unchecked means your photo is used solely for your own documentation and is never used in PawPassRx marketing.

If you opt in and later change your mind, contact us at [email protected] and we will remove your photo from any active marketing channels we control. Already- published material on third-party platforms (e.g. screenshots saved by other users, archive.org) may persist outside our control.

We never use photos that depict identifying information about people other than what the owner has voluntarily included, and we never use photos for any purpose that could reasonably be considered embarrassing, defamatory, or contrary to the animal's welfare.

5. HIPAA compliance

Health questionnaire data submitted as part of ESA or PSD letter services is treated as protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). We implement the following safeguards:

  • Health information is transmitted and stored using industry-standard encryption
  • Only the licensed mental health professional assigned to your case has access to your health questionnaire data
  • PawPassRx general staff do not have access to protected health information
  • Health data is never used for marketing or sold to third parties

6. Data sharing

We do not sell your personal information. Data is shared only with the following limited categories of service providers, solely to operate our service:

  • Licensed mental health professionals: Receive health questionnaire data solely for the purpose of conducting your professional consultation and issuing your letter.
  • Stripe: Our payment processor. Stripe receives payment information necessary to process your transaction. See Stripe's privacy policy at stripe.com/privacy.
  • Resend: Our transactional email provider, used to deliver order confirmations, documents, and renewal reminders.
  • Twilio: Our SMS provider, used to deliver renewal reminders and clinician communications when you have opted in to text messages. Twilio receives the recipient phone number and message contents only.
  • Anthropic: Powers our website chat assistant. When you use chat, your messages are sent to Anthropic's API for response generation. Anthropic does not use customer chat content to train its models. Health questionnaire data is never sent through chat.
  • Supabase: Our database and file-storage provider. Account, order, and animal records (including PHI) are stored in Supabase Postgres with encryption at rest and in transit.
  • Vercel: Our website hosting and serverless-functions provider. Vercel processes incoming HTTP requests and standard server logs (IP address, user agent, request path).

7. Data retention

  • Registration records are retained indefinitely to support the verification system. Registrations must remain verifiable for the duration they may be presented to landlords, airlines, or businesses.
  • Health questionnaire data is retained for 3 years following your consultation, or as required by the applicable state licensing law governing the professional who reviewed your case.
  • Account and order data is retained for as long as you maintain an account with PawPassRx plus an additional period as required for legal and tax compliance.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data (subject to retention obligations)
  • Object to or restrict certain processing
  • Data portability where technically feasible

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Contact

For privacy-related questions or requests, contact our privacy team at [email protected].