Privacy Policy
Last updated: March 3, 2026
1. Introduction
FuzzyCat Inc. ("FuzzyCat," "we," "us," or "our") operates the FuzzyCat payment facilitation platform at fuzzycatapp.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services ("Service"). By using FuzzyCat, you consent to the practices described in this policy.
This policy applies to all users of the Service, including clients, veterinary clinics, and administrators.
2. Information We Collect
We collect the following categories of information:
2.1 Information You Provide
- Account information: Name, email address, phone number, and role (client or veterinary clinic) provided during registration.
- Clinic information: Clinic name, state, ZIP code, and Stripe Connect account details for clinics.
- Pet information: Pet name provided during registration.
- Payment plan data: Veterinary bill amounts, payment schedules, payment statuses, and transaction history.
- Communications: Records of support inquiries, feedback submissions, and any correspondence with us.
2.2 Information Collected Through Payment Processors
- Financial information: We use Stripe to process debit card payments and ACH transfers. FuzzyCat does not store your card numbers, bank account numbers, or routing numbers on our servers. All payment credentials are handled directly by Stripe in compliance with PCI DSS Level 1 standards. We receive only tokenized references, transaction statuses, and the last four digits of your payment method for display purposes.
2.3 Information Collected Automatically
- Usage data: Pages visited, features used, clickstream data, browser type, device type, operating system, IP address, and referring URLs.
- Performance data: Page load times, errors, and application performance metrics.
- Bot detection data: Browser signals and interaction patterns collected by Cloudflare Turnstile during account registration to prevent automated abuse. This data is processed by Cloudflare and is not stored by FuzzyCat.
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and payment plans.
- Process payments, including deposits and biweekly installments via Stripe.
- Send payment confirmations, reminders, and notifications about your plan status via email (Resend) and SMS (Twilio).
- Facilitate clinic payouts via Stripe Connect.
- Respond to support requests and communicate with you about our services.
- Improve our platform and analyze usage patterns.
- Monitor application health, detect errors, and debug issues.
- Prevent fraud, unauthorized access, and automated abuse.
- Comply with legal obligations and enforce our Terms of Service.
4. How We Share Your Information
We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so. We share information only in the following circumstances:
- Stripe (payment processing): Stripe processes your debit card deposits, ACH installments, and clinic payouts. Stripe receives the data necessary to complete these transactions. See Stripe's Privacy Policy.
- Veterinary clinics: If you are a pet owner, we share your name, plan status, and payment progress with the veterinary clinic associated with your plan so they can track receivables.
- Service providers: We use the following providers who process data on our behalf under contractual obligations:
- Supabase — Authentication and database hosting (United States)
- Vercel — Application hosting, edge functions, and web analytics (United States)
- Resend — Transactional email delivery
- Twilio — SMS notifications
- PostHog — Product analytics (United States)
- Sentry — Error monitoring and performance tracking
- Cloudflare — Bot detection via Turnstile during registration
- Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of FuzzyCat, our users, or others.
- Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.
5. Data Security
We implement industry-standard security measures to protect your information:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS enforced).
- Sensitive financial data is handled exclusively by PCI DSS Level 1 compliant processors (Stripe) and is never stored on our servers.
- Authentication is managed by Supabase Auth with role-based access controls and optional multi-factor authentication (MFA).
- We enforce Content Security Policy (CSP) headers, HTTP Strict Transport Security (HSTS), and other browser security headers to prevent common web attacks.
- API access uses SHA-256 hashed keys with granular permission scopes.
- All payment state changes are recorded in an immutable audit log.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Cookies, Analytics, and Tracking
We use cookies and similar technologies to maintain your session, remember your preferences, and understand how our platform is used. Below is a summary of the tracking technologies we employ:
| Technology | Purpose | Type |
|---|---|---|
| Supabase Auth cookies | Session management and authentication | Essential (session) |
| Theme preference | Remembering light/dark mode selection | Functional (persistent) |
| PostHog | Product analytics, feature usage, and funnel analysis | Analytics |
| Sentry | Error monitoring and performance tracking | Analytics |
| Vercel Analytics | Page view tracking and audience insights | Analytics |
| Vercel Speed Insights | Core Web Vitals and page performance | Analytics |
You can control cookie settings through your browser preferences, though disabling essential cookies may prevent you from logging in. PostHog respects the Do Not Track browser signal. To opt out of PostHog analytics specifically, you can enable Do Not Track in your browser settings.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:
- Payment records and audit logs: Minimum seven (7) years, in compliance with IRS record-keeping requirements and applicable financial regulations.
- Account information: Retained while your account is active and for up to two (2) years after account closure.
- Analytics data: Aggregated and de-identified analytics data may be retained indefinitely.
When data is no longer needed, it is securely deleted or anonymized.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to know: Request information about the categories and specific pieces of personal information we have collected about you.
- Right to access: Obtain a copy of the personal information we hold about you in a portable format.
- Right to correction: Request correction of inaccurate personal information.
- Right to deletion: Request deletion of your personal information, subject to legal retention requirements (such as the 7-year financial record retention described in Section 7).
- Right to opt out: Opt out of marketing communications at any time. Note that transactional communications related to active payment plans cannot be opted out of.
To exercise any of these rights, contact us at privacy@fuzzycatapp.com. We will respond to verifiable requests within 45 days. We will not discriminate against you for exercising your privacy rights.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:
- Categories of personal information collected: Identifiers (name, email, phone), financial information (transaction history, payment statuses — not raw account numbers), internet/electronic activity (usage data, IP addresses), and professional information (clinic name, business details for clinic accounts).
- Sale of personal information: We do not sell your personal information and have not done so in the preceding 12 months.
- Sharing for cross-context behavioral advertising: We do not share your personal information for cross-context behavioral advertising purposes.
- Right to limit use of sensitive personal information: We only use sensitive personal information (financial data) as necessary to provide the Service, and not for profiling or advertising purposes.
- Non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying you services, charging different prices, or providing a different quality of service.
To exercise your California privacy rights, contact us at privacy@fuzzycatapp.com or use the subject line "CCPA Request."
10. Do Not Sell My Personal Information
FuzzyCat does not sell your personal information to third parties. We do not exchange personal information for monetary or other valuable consideration. If our practices change in the future, we will update this policy, provide notice, and offer you the right to opt out before any sale occurs.
11. Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify affected users via email as soon as reasonably practicable and no later than as required by applicable law (within 72 hours of discovery where required by state law).
- Provide details about the nature of the breach, the types of information affected, and the steps we are taking to address it.
- Notify applicable regulatory authorities as required by law.
- Offer guidance on steps you can take to protect yourself, such as changing passwords or monitoring account activity.
12. Data Processing Location
All data is processed and stored in the United States. Our primary infrastructure is hosted on Vercel (US regions) with database services provided by Supabase (US data centers). If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.
13. Children's Privacy
FuzzyCat is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a minor, we will take steps to delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@fuzzycatapp.com.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and sending a notification to the email address associated with your account. Your continued use of FuzzyCat after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, contact us at:
FuzzyCat Inc.
Email: privacy@fuzzycatapp.com
For California privacy requests, you may also email us with the subject line "CCPA Request" at the address above.