Cliny Pet

Your data, our promise — how GDPR shapes Cliny Pet

May 10, 2026Cliny Pet Editorial4 min read
privacy
gdpr
trust

Where your data lives

Every photo you upload, every pet profile you create, every conversation you have with our AI — all of it lives on servers in the European Union. Specifically: data centers located in Germany and France.

We didn't pick that geography by accident. The European Union has the world's most rigorous data-protection regime — the General Data Protection Regulation, better known as the GDPR. The regulation requires, among many other things, that personal data be processed in jurisdictions with strong legal safeguards.

Our entire infrastructure is built to satisfy it:

  • Our database and backups remain within the EU, with EU-only data residency.
  • Your photos and uploaded files sit in EU-region image storage — never stored in the US, never mirrored outside the EU.
  • Our application servers run in those same EU data centers.
  • Our AI provider is contracted with a data processing agreement that explicitly limits where your data can be processed.

This is the boring infrastructure work that no marketing page usually mentions. We think it's the most important promise we make.

Who can see it

The shortest answer: you.

The longer answer:

  • Your account — you can see everything you've created.
  • Our internal engineering and support team, under strict access controls, only when investigating a problem you've reported. Every access is logged.
  • Our AI provider — to generate triage responses. The data is sent for assessment, the response comes back, and the contract with our AI provider explicitly forbids them from training their models on your data.
  • No advertisers. No data brokers. No third-party analytics that resell your information. The two analytics tools we use are privacy-preserving by design and process data on EU infrastructure.

You'll notice "your veterinarian" is not on the list. Even if you take a triage to your vet — and we encourage you to — the vet doesn't get an account-level view of your history. You bring what you want to share. The clinic has no automated pipe into your Cliny Pet account, and we don't sell or sync your data anywhere downstream.

What you can do with it

The GDPR gives you specific, legal rights over your data. We honor all of them:

  • Export. You can request a full export of your account data at any time. You get back a structured JSON file (pet profiles, conversation history, triage assessments) plus a zip archive of every photo you've uploaded. Self-service export tools are on our roadmap; until then, the support contact in the footer can process requests within the regulatory timeline.
  • Delete. You can ask us to delete your account. The deletion is immediate-soft — your data becomes inaccessible to you and our systems within seconds, and is hidden from any internal access. The permanent purge happens 30 days later. The 30-day window exists for one reason: if you delete by accident and email us within those 30 days, we can recover it. After 30 days, the data is unrecoverable, and our backups roll out of retention shortly after.
  • Withdraw consent. Any consent you've given for non-essential processing — analytics, marketing communications — can be withdrawn at any time, from the footer's "Cookie preferences" link or your account settings. The withdrawal is immediate.
  • See what we have. You have the right to ask what categories of personal data we hold about you. We respond within the regulatory timeline (one month under the GDPR, with limited exceptions allowed).
  • Correct what's wrong. If something in your account is inaccurate, you can edit it directly, or ask us to fix it if the edit isn't surfaced in the UI.

These aren't favors. They are your legal rights under two of the world's strongest data protection laws. Treating them as the floor — not the ceiling — of how we behave is what "GDPR-compliant by design" actually means.

The frameworks behind the words

A short orientation, because the acronyms get thrown around a lot:

  • GDPR — General Data Protection Regulation (EU, 2018). The European regulation that codified rights like the ones above and made them enforceable across the entire European Union. Heavy fines, harmonized standards, and a strong default toward user control of personal data. It has its own definitions of personal data and processing, and gives you the right to lodge a complaint with the competent data-protection supervisory authority if you have a concern about your data.
  • EU data residency. The principle that personal data of EU residents should be processed inside the EU. We extend this to all of our users, EU or not — the safer default is to keep everything in the EU regardless of where the user is.

You don't have to be a privacy lawyer to use Cliny Pet. We do the legal work so you can do the pet-care work.

Why we ship the disclaimer everywhere

You'll see a small line at the bottom of every page: Cliny Pet is not a veterinarian. You'll also see it under the call-to-action on the landing page, in the FAQ, and at the end of every triage assessment.

That repetition is deliberate. We could mention it once and move on — but we believe the safe, transparent thing is to make sure no user ever forgets what we are and what we aren't. The same logic applies to data: we'd rather be a little boring about where your data lives, who sees it, and what your rights are, than have you wonder.

Trust is built in small, repeated moments. The disclaimer is one of those moments. EU data residency is another. The exportable archive is a third. Together, they're how we earn the right to be in the room when something is wrong with your pet.

That's the promise. Thank you for trusting us with it.