Privacy Policy

MaskotIA ("we", "our", "the Service") is the data controller for the personal data we collect about you, your clinic and your pets. We operate from Mexico.

Controller contact: MaskotIA · email: soporte@maskotia.com · country of operation: Mexico. (The full legal entity name and fiscal domicile will be published once the company's legal registration is complete.)

This document serves as the Privacy Notice for Mexico (LFPDPPP) and as the Data Processing Policy for Colombia (Law 1581 of 2012). Sections 7-B and 7-C detail the country-specific rights and procedures.

We collect the following categories of information:

• Account information: name, email, password (hashed), country, preferred language.

• Professional information for veterinarians and clinics: clinic name, professional license, address, tax ID (RFC, NIT, etc.).

• Pet information: name, species, breed, weight, age, photos, medical history.

• Clinical records: SOAP notes, diagnoses, prescriptions, vaccines, appointments.

• Payment data: processed directly by our external payment processor. We do NOT store full credit card numbers — only a subscription ID and the last 4 digits the processor shares with us.

• Usage data: pages visited, features used, errors encountered (for analytics and product improvement).

• To deliver the Service (host your records, send reminders, run AI features).

• To process payments via our payment provider.

• To send transactional emails (appointment reminders, vaccine alerts, account notifications).

• To provide customer support.

• To improve the Service through aggregated, anonymized analytics.

• To comply with legal obligations (tax records, AML/KYC).

We use the following providers, which process data on our behalf:

• Cloud infrastructure — database, authentication and file storage (USA / EU).

• Application hosting provider (USA).

• External payment processor acting as Merchant of Record — payment processing and tax collection (USA / UK).

• AI model providers for clinical assistance and symptom triage (USA).

• Transactional email delivery provider (USA).

These providers act as data processors under our instructions and are bound by their own privacy policies.

Pet medical records and clinical notes may be sent to our AI model providers to generate SOAP notes, symptom triage and other automated features. These providers process the data on a per-request basis and do not use it to train their public models, per their commercial terms.

We do not sell your personal data. We only share it:

• With the third-party providers listed above.

• When required by law, court order or a competent regulatory authority.

• With your explicit consent (e.g. when you enable a pet's public QR profile).

Depending on your country of residence, you may have the right to:

• Access the personal data we hold about you.

• Rectify inaccurate or incomplete data.

• Delete your account and associated data.

• Object to certain processing activities.

• Export your data in a portable format.

• Lodge a complaint with a competent data protection authority.

To exercise these rights, contact us at soporte@maskotia.com. We will respond within a reasonable timeframe in accordance with applicable law.

Your data is processed in accordance with the data-protection legislation of your country of residence, in addition to the Mexican laws governing the Operator. Applicable frameworks in the region include: Mexico — Federal Law on Protection of Personal Data Held by Private Parties (ARCO rights: Access, Rectification, Cancellation and Objection); Brazil — Lei Geral de Proteção de Dados (LGPD); Argentina — Personal Data Protection Law 25.326; Colombia — Law 1581 of 2012 (Habeas Data); Chile — Law 19.628; Peru — Law 29733.

You may file a complaint with the data-protection authority of your country, for example: INAI (Mexico), ANPD (Brazil), AAIP (Argentina), the Superintendence of Industry and Commerce (Colombia), or the National Authority for the Protection of Personal Data (Peru).

Where your country's law requires express consent for specific processing (for example, sensitive data), we will request it separately and you may withdraw it at any time.

Controller: MaskotIA, operating in Mexico (contact: soporte@maskotia.com). This notice is issued under the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations.

Primary purposes (necessary for the service): create and manage your account; host and manage clinical records, pets and appointments; run the AI features you request; process payments; send transactional communications (reminders, confirmations, account notices); provide support; and comply with tax and legal obligations.

Secondary purposes (NOT necessary, subject to your non-objection): product analytics, satisfaction surveys and promotional communications about MaskotIA. You may object to these purposes by writing to soporte@maskotia.com without affecting the provision of the service.

Sensitive data: the service may contain pet health data and the professional's tax data. We do not process sensitive personal data of the human data subject unless you voluntarily provide it; in that case, your registration and use of the service constitute your express consent for the primary purposes described here.

ARCO rights: you have the right to Access, Rectify, Cancel or Object to the processing of your data, as well as to revoke your consent and limit its use or disclosure. To exercise them, send your request to soporte@maskotia.com stating your name, the associated account and the right you wish to exercise. We will respond within a maximum of 20 business days and, if applicable, make it effective within the following 15 business days.

Transfers: to provide the service we transfer data to the processors listed in section 4 (cloud infrastructure, payment processor, AI and email providers, located mainly in the US/EU). These transfers are necessary for the service under article 37 of the LFPDPPP.

Changes to this notice: any change will be communicated by email or within the app and published on this page with its update date.

If you believe your data-protection rights have been infringed, you may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI): www.inai.org.mx.

Data controller: MaskotIA (contact and service channel: soporte@maskotia.com). This policy is issued under Law 1581 of 2012 and Decree 1377 of 2013 (Personal Data Protection / Habeas Data regime).

Authorization: by registering and accepting this document you grant your prior, express and informed authorization to process your personal data for the purposes described in sections 3 and 7-B. We keep proof of your authorization (date and accepted version).

Data subject rights (art. 8): to know, update and rectify your data; to request proof of the authorization granted; to be informed of the use given to your data; to file complaints with the Superintendence of Industry and Commerce (SIC) for infringements; to revoke authorization and/or request deletion of data where there is no legal duty to retain it; and to access your personal data free of charge.

Sensitive data: you are not obliged to authorize the processing of sensitive data. When a feature requires data of this nature, we will indicate it and it will be optional.

Inquiries and claims procedure (PQR): direct your requests to soporte@maskotia.com. INQUIRIES will be handled within a maximum of ten (10) business days, extendable by five (5) more business days. CLAIMS will be handled within a maximum of fifteen (15) business days, extendable by eight (8) more business days, informing you of the reasons for the delay where applicable.

Supervisory authority: Superintendence of Industry and Commerce (SIC) — www.sic.gov.co. Effective date: this policy applies from its last-updated date and for as long as MaskotIA processes personal data.

We retain your data for as long as your account is active and for up to 6 months after deletion for legal, accounting and audit purposes. Aggregated and anonymized data may be retained longer for statistical purposes.

The Service is not directed at children under 18. If you believe a minor has provided us personal data without parental consent, contact us and we will delete it.

We implement industry-standard security measures: TLS encryption in transit, hashed passwords, row-level security (RLS) on our database, access logs and regular backups. No system is 100% secure, but we take reasonable steps to protect your data.

Your data may be transferred to and processed in countries other than your country of residence (notably the USA, where our hosting providers operate). We rely on standard contractual clauses and the privacy commitments of those providers to ensure an adequate level of protection.

We use strictly necessary cookies for Service operation (authentication, language) and optional analytics cookies that you can disable from your browser. We do not use third-party advertising cookies.

Material changes to this Policy will be announced by email or within the application at least 14 days before they take effect.

For privacy questions or to exercise your rights: soporte@maskotia.com