Hearth
← Back to home

Privacy Notice

Last updated: 2026-04-15. Hearth is a closed beta. This notice is proportional to that scope and will be expanded before any public launch.

What we collect

From vets and dispatchers: name, email, password (hashed with bcrypt), phone number, SMS consent status, and — for vets — a service address and its coordinates.

From dispatcher-entered requests: customer (pet owner) name and phone number, service address and coordinates, pet details (name, species, weight, gender), and appointment details (proposed time and price). Customers do not sign up for Hearth directly; dispatchers attest they have the customer’s permission to enter this data.

How we use it

  • Match requests to nearby licensed veterinarians within a 25-mile service radius.
  • Send SMS notifications for new requests, appointment updates, and reminders (vet and dispatcher only — customers do not receive SMS).
  • Coordinate the appointment lifecycle (open → claimed → confirmed → en route → completed) and keep an audit record of state transitions.

Who receives your data

We don’t sell or rent your data. We do share it with the following service providers, strictly to operate the platform:

  • Supabase — hosted Postgres database (data at rest).
  • Vercel — application hosting and request logs.
  • Google Maps Platform — geocoding of service and customer addresses; address autocomplete.
  • Twilio — SMS delivery, including the recipient phone number and the message text.

Your rights

From /account, signed-in users can:

  • Download a JSON export of every record Hearth stores about them — profile, vet profile, requests created or claimed, and related audit events.
  • Delete their account. On deletion, the account is soft-deleted; customer names and phone numbers on any requests that user created are replaced with[deleted].
  • Opt out of SMS by unchecking the SMS consent box, or by replying STOP to any message.

Retention

During the closed beta we retain data indefinitely for continuity. Before Hearth opens beyond invited users we will publish a concrete retention window and purge older records automatically.

Security

Passwords are hashed with bcrypt. Traffic is served exclusively over HTTPS. Secrets live in server-side environment variables, never in the client bundle. The app enforces per-user authorization on every API route and redacts customer PII from vets who haven’t yet claimed the request.

Contact

Questions, corrections, or a request to be forgotten that the in-app flow can’t cover? Email robby@hearth.pet.