Privacy Policy

1. Introduction

1.1 Pakta Technologies (OPC) Pvt. Ltd., operating under the trade name "Furrie" ("we", "our", "us") operates the veterinary teleconsultation platform accessible at furrie.in, app.furrie.in, and associated applications (the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Platform.

1.2 We are committed to processing your data in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and other applicable Indian laws.

1.3 By using the Platform, you consent to the collection and processing of your data as described in this Privacy Policy. If you do not consent, please do not use the Platform.

2. Data Controller

2.1 For the purposes of applicable data protection legislation, the data controller is:

Pakta Technologies (OPC) Pvt. Ltd.
Operating under the trade name "Furrie"
Mumbai, Maharashtra, India
Email: support@furrie.in

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

Category	Data Elements	Purpose
Account Data	Full name, email address, phone number, profile photograph	Account creation, authentication, communication
Pet Health Data	Pet name, species, breed, date of birth, approximate age, weight, gender, allergies, current medications, pre-existing conditions, vaccination records, dietary details, photographs, videos of symptoms	Veterinary consultation, treatment planning, care plan creation
Consultation Data	Concerns described, symptom selections, uploaded photos/videos of symptoms, video call recordings (when recording is enabled), in-call text chat, follow-up messages	Clinical assessment, treatment documentation, quality assurance
Treatment Records	SOAP notes (created by Veterinarians), Treatment Plans (observations, diagnosis, lab tests, medications, dietary advice, home care, warning signs, follow-up instructions), Care Plans and step responses	Continuity of veterinary care, medical record keeping
Payment Data	Pack purchase/request records, transaction amounts, transaction status	Service delivery, billing, accounting
Communication Data	Emails sent/received, support enquiries, feedback, ratings	Service improvement, dispute resolution
Invite Data	Invite code, referrer/invitee relationship	Referral programme administration

3.2 Data Collected Automatically

Category	Data Elements	Purpose
Device Data	Browser type and version, operating system, screen resolution, device identifiers	Platform compatibility, debugging
Usage Data	Pages visited, features used, click patterns, session duration, timestamps	Analytics, service improvement
Network Data	IP address, approximate geolocation (city-level, derived from IP)	Security, fraud prevention, compliance
Error Data	JavaScript errors, API failures, performance metrics	Bug identification, reliability improvement

3.3 Data from Third Parties

We may receive limited data from:

Authentication providers (Supabase Auth): email confirmation status, session tokens.
Payment processors (when enabled): transaction success/failure status, transaction reference ID. We do not receive or store your credit/debit card numbers, UPI PINs, or bank account details.

4. Sensitive Personal Data

4.1 Under Indian law, "sensitive personal data or information" includes medical records and history. Your Pet Health Data and Treatment Records are treated as sensitive personal data.

4.2 We collect and process this sensitive data based on your explicit consent, which you provide by:

creating an account and registering a pet;
booking and participating in a consultation;
continuing to use the Platform after being presented with this Privacy Policy.

4.3 You may withdraw consent at any time by emailing support@furrie.in. Withdrawal of consent may result in our inability to provide certain services (e.g., veterinary consultations require access to pet health data).

5. How We Use Your Data

5.1 We process your personal data for the following purposes:

Purpose	Legal Basis
Providing and operating the teleconsultation service	Performance of service / Consent
Matching you with available Veterinarians	Performance of service
Enabling Veterinarians to assess your pet's health and create Treatment Plans	Consent (sensitive data)
Creating and managing Care Plans and tracking step completion	Consent
Processing payments and managing consultation credits	Performance of service
Sending appointment reminders, Treatment Plan emails, and service notifications	Consent / Legitimate interest
Administering the invite/referral programme	Performance of service
Monitoring service quality through consultation recordings (when recording is enabled)	Consent (obtained in-session via notice-based continuation)
Improving the Platform through anonymised usage analytics	Legitimate interest
Detecting and preventing fraud, abuse, and security incidents	Legitimate interest / Legal obligation
Complying with applicable laws and responding to lawful government requests	Legal obligation

5.2 We do not sell, rent, or trade your personal data to any third party for their marketing purposes.

5.3 We do not use your data for automated decision-making or profiling that produces legal effects concerning you.

6. Data Sharing

6.1 We share your data only with the following categories of recipients, and only to the extent necessary for the stated purpose:

6.1.1 Veterinarians on the Platform

Your Pet Health Data, consultation media, and contact details are shared with the Veterinarian assigned to your consultation so they can provide clinical advice. Veterinarians are bound by professional confidentiality obligations under the Indian Veterinary Council Act, 1984.

6.1.2 Third-Party Service Providers

We use the following trusted service providers to operate the Platform:

Provider	Service	Data Shared	Data Location
Supabase	Database, authentication	Account data, pet data, consultation records	Singapore (AWS ap-southeast-1)
Daily.co	Video consultation infrastructure	Video/audio streams, participant metadata	Cloud (US/EU)
UploadThing	File and image storage	Pet photos, consultation media, Treatment Plan PDFs	Cloud (US)
Resend	Transactional email delivery	Email addresses, email content (names, plan numbers)	US
Sentry	Error monitoring	Anonymised error traces, device metadata	US
Vercel	Platform hosting	Request logs, IP addresses (transient)	Edge network (global)
Cashfree (when enabled)	Payment processing	Transaction metadata, amounts	India

Each provider processes data under their own privacy policies and is contractually obligated to use data only for the services they provide to us.

6.1.3 Legal and Regulatory Authorities

We may disclose personal data if required by law, regulation, legal process, or governmental request, including in response to:

a court order or subpoena;
a request from a law enforcement or regulatory authority;
the need to protect the safety of any person or animal.

6.1.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the successor entity, subject to this Privacy Policy.

7. Data Retention

7.1 We retain your data for the following periods:

Data Type	Retention Period	Rationale
Account Data	Duration of active account + 3 years after deletion request	Continuity of service, legal/accounting obligations
Pet Health Data & Treatment Records	Duration of active account + 5 years after deletion	Veterinary record-keeping obligations, continuity of care
Consultation Recordings	90 days from consultation date, or longer if under dispute	Quality assurance, dispute resolution
Follow-up Messages	1 year from thread creation	Service continuity
Payment Records	7 years	Indian tax and accounting regulations
Usage/Analytics Data	2 years (anonymised after 6 months)	Platform improvement
Error Logs	90 days	Debugging

7.2 Upon account deletion request, we will:

delete or anonymise your account data within thirty (30) days;
retain pet health records and treatment records for the minimum period required for veterinary and legal record-keeping;
delete consultation recordings within ninety (90) days unless subject to an ongoing dispute or legal hold.

8. Data Security

8.1 We implement the following technical and organisational security measures:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at rest: Database contents are encrypted at rest using AES-256 encryption provided by our database hosting provider.
Row-Level Security (RLS): Database access policies ensure that Customers can only access their own data and Veterinarians can only access data for their assigned consultations.
Role-based access control: The Platform enforces distinct access levels for Customers, Veterinarians, and Administrators.
Authentication security: OTP-based authentication with rate limiting, session management via secure HTTP-only cookies, and JWT verification on every server-side request.
Security headers: HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), X-Frame-Options, and other protective headers.
Error monitoring: We use Sentry for real-time error detection. Error reports are anonymised and do not contain personal health data.
Access logging: Administrative actions are logged in an append-only audit trail.

8.2 While we implement reasonable security measures in accordance with the Information Technology (Reasonable Security Practices and Procedures) Rules, 2011, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

8.3 In the event of a data breach that is likely to result in a risk to your rights, we will notify affected users and the relevant authorities in accordance with applicable law.

9. Your Rights

9.1 Under the DPDP Act, 2023 and other applicable laws, you have the following rights as a Data Principal:

Right	Description	How to Exercise
Right to Access	Obtain confirmation of whether we process your personal data and access to that data	Email support@furrie.in
Right to Correction	Request correction of inaccurate or incomplete personal data	Edit in-app or email support@furrie.in
Right to Erasure	Request deletion of your personal data, subject to legal retention obligations	Email support@furrie.in
Right to Withdraw Consent	Withdraw previously given consent for data processing	Email support@furrie.in
Right to Nominate	Nominate another individual to exercise your rights in case of death or incapacity (per DPDP Act)	Email support@furrie.in
Right to Grievance Redressal	Lodge a complaint about our data processing	Email support@furrie.in

9.2 We will respond to your request within thirty (30) days. In complex cases, we may extend this by an additional fifteen (15) days, with written notice to you of the reason for the extension.

9.3 We may request verification of your identity before processing requests to access, correct, or delete personal data.

10. Children's Privacy

10.1 The Platform is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from individuals under eighteen (18).

10.2 If we become aware that we have collected personal data from an individual under eighteen (18), we will delete such data promptly.

11. Cookies and Tracking Technologies

11.1 The Platform uses the following categories of cookies and similar technologies:

Type	Purpose	Duration
Essential cookies	Authentication session management, CSRF protection	Session / 7 days
Functional cookies	Language preferences, UI state	1 year
Analytics	Anonymised usage patterns via Vercel Analytics (first-party, privacy-friendly)	24 hours

11.2 We do not use third-party advertising cookies or cross-site tracking pixels.

11.3 You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly.

12. Cross-Border Data Transfers

12.1 Some of our third-party service providers (see Section 6.1.2) process data outside of India, primarily in the United States and Singapore.

12.2 Where data is transferred outside India, we ensure that:

the transfer is necessary for the performance of the service;
the recipient provides an adequate level of data protection through contractual commitments or recognised certifications;
the transfer complies with the provisions of the DPDP Act, 2023 regarding cross-border data transfers.

13. Changes to This Privacy Policy

13.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer.

13.2 Material changes will be notified via:

email to the address associated with your account; and/or
a prominent notice on the Platform.

13.3 Your continued use of the Platform after the updated Policy takes effect constitutes your acceptance of the changes.

14. Grievance Officer

14.1 In compliance with the Information Technology Act, 2000 and rules thereunder, we have appointed a Grievance Officer:

Name: Aenesh Angshu Sengupta
Email: support@furrie.in
Response Time: Acknowledgement within forty-eight (48) hours; resolution within fifteen (15) days.

14.2 If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India (once constituted under the DPDP Act) or the appropriate consumer forum.

15. Data Protection Officer

15.1 For data protection enquiries, you may contact:

Email: support@furrie.in

We will designate a formal Data Protection Officer as required once the relevant provisions of the DPDP Act, 2023 come into force.

16. Contact

For any questions, concerns, or requests regarding this Privacy Policy: