Privacy
Privacy Policy
Last updated: February 15, 2026
PIPEDA Compliance Program
- Chief Privacy Officer: DVMReady Privacy Team
- Business Location: Canada
- Primary contact: info@dvmready.com
- Retention policy: user account and sync data is retained for 2 years from last activity, then auto-deleted.
Data We Collect
- Account email and authentication metadata (if you create an account).
- Study progress data (case completion, study plan state, and optional display name).
- Consent records for terms acceptance and optional email updates.
- Cookie preference categories (essential, analytics, functional).
How Data Is Used
- To provide account login and cross-device sync.
- To restore your study progress and export your data on request.
- To operate optional analytics only after consent.
- To send optional study updates only when you provide express consent.
Third-Party Processors
- Supabase (authentication/database hosting)
- jsDelivr CDN (delivery of Supabase browser SDK)
- Site hosting provider for dvmready.com static content delivery
Data Residency and Cross-Border Transfers
Data is stored on servers in the USA and/or Canada, depending on infrastructure configuration. By using this site, you consent to cross-border data transfers.
GDPR and International User Rights
CASL and Email Consent
- Terms acceptance and optional marketing consent are separate checkboxes.
- Marketing consent is not pre-checked and can be withdrawn at any time.
- Consent text and timestamps are recorded with account metadata.
- Unsubscribe requests are accepted without login at /unsubscribe/ and processed within 10 days.
Security and Breach Notification
- HTTPS is enforced for production traffic.
- Privacy-impacting incidents are reviewed immediately.
- Where required by PIPEDA obligations, users are notified within 72 hours of a discovered breach.
Contact and Complaints
For privacy requests, corrections, export assistance, or complaints contact: info@dvmready.com.