Privacy policy

Your data, our responsibility.

How we handle the information you trust to Heel. Written to be readable. If anything here is unclear, write to us — we'll fix it.

Last updated · May 20, 2026

The short version: Heel collects what it needs to track your pet's vet bills and reimbursements, stores it encrypted, never sells it, and lets you take it all out or delete it at any time.

1. What we collect

When you sign up and use Heel, we collect the following:

  • Account information— your email address, hashed password (or your OAuth provider's identifier if you sign in with Google or Apple), and any optional profile details you choose to add.
  • Pet information — names, species, breed, dates of birth, weight, and any medical notes you add. This is the heart of your Heel account.
  • Documents — vet receipts, EOBs, and any other files you upload. Stored encrypted at rest.
  • Derived data — line items, reimbursement calculations, categorizations, and ledger entries that come from processing the documents you upload.
  • Usage data — basic analytics about how you use the app (which pages you view, error logs). We use a self-hosted analytics tool — no third-party tracking pixels.
  • Billing information — handled by Stripe. We see the last four digits of your card and the billing email, nothing more.

We don't collect: your phone number, your home address, your social security number, your real-time location, your contacts, or any data not directly relevant to tracking pet expenses.

2. How we use it

Your data powers three things:

  1. The product itself. Reading receipts, matching EOBs, computing reimbursements — none of this works without the data.
  2. Customer support. If you write to us, we may look at your account to help. Operational access requires explicit grant from you, is audit-logged, and is time-bounded.
  3. Service improvement.Aggregated, de-identified usage patterns help us decide what to build next. Individual data is never used for marketing or for any purpose you wouldn't expect.

3. Who else sees your data

Heel runs on a small number of well-known infrastructure providers. The current list:

  • AWS — encrypted database and document storage (US-East region).
  • Stripe — payment processing. We never see full card numbers.
  • Postmark — transactional email delivery.
  • A document-AI provider (under contract) for auto-reading receipts and EOBs. The contract prohibits the provider from retaining document contents after processing or using them to train models.

We do not share data with your insurer, your vet, advertisers, or any data broker. We do not sell data under any circumstances.

4. Your rights

You can, at any time:

  • Export everything as a CSV bundle plus your original uploaded files. From Settings → Data → Export.
  • Correct anythingthat's wrong. Most fields are directly editable in the app; for the few that aren't, write to support and we'll fix them.
  • Delete your account and all associated data. From Settings → Account → Delete. After confirmation, deletion is permanent within 30 days (including backups).
  • Object to processingfor any reason. Write to us and we'll either accommodate your request or explain why we can't.

Residents of California, the EU, the UK, and other jurisdictions with comparable laws have additional specific rights under CCPA, GDPR, and similar statutes. Those rights apply to you in full; the controls above are how you exercise them.

5. How long we keep data

Active account data is retained for as long as your account exists. When you delete your account:

  • Documents, ledger data, and pet records are deleted within 30 days, including from backups.
  • Payment records are retained for 7 years for tax and accounting purposes (required by law). These contain only your email, payment amount, and date — nothing about your pets or vets.

6. Children's privacy

Heel is intended for adult use. We don't knowingly collect data from anyone under 13. If you're a parent and believe your child has signed up, write to us and we'll delete the account.

7. Changes to this policy

If we change this policy in a way that affects your rights or how we use your data, we'll email everyone with an active account at least 30 days before the change takes effect. The full revision history is available on request.

8. Contact

For any privacy-related question — including data export, deletion, or correction requests — write to us through the support contact form. We aim to respond within 3–5 business days.