Privacy Policy

Effective date: May 16, 2026

Who We Are

CliniCycle is a peer-to-peer marketplace for used veterinary equipment, operated at clinicycle.com.

For the purposes of applicable data protection law, CliniCycle is the data controller responsible for your personal information.

Contact: privacy@clinicycle.com

What Information We Collect and Why

We only collect information that is necessary for a specific, legitimate purpose. Below is a full account of what we collect, why we collect it, and the legal basis we rely on under GDPR.

Data	Purpose	Legal Basis
Name, email address	Account creation and identification	Contract performance
Practice name, address, state	Seller onboarding and verification	Contract performance
Listing details, photos, pricing	Operating the marketplace	Contract performance
Payment and payout information	Processing transactions via Stripe secure payment holds	Contract performance / Legal obligation
Messages sent through the platform	Facilitating buyer-seller communication	Contract performance
Device, browser, IP address	Security, fraud prevention, platform stability	Legitimate interests
Pages visited, search queries, listings viewed	Product improvement and analytics	Legitimate interests
Cookies and tracking data	Session management and usage analytics	Consent
Email address (marketing)	Sending CliniCycle news, features, and promotions	Consent

We do not collect sensitive personal data (such as health, financial account, or government ID information) beyond what Stripe requires for payment processing, which is governed by Stripe's own privacy policy.

How We Use Your Information

We use your information to:

Create and manage your account
Facilitate transactions between buyers and sellers
Process payments and payouts through our Stripe payment system
Send transactional emails (offer notifications, payment confirmations, dispute updates)
Detect fraud and maintain platform security
Analyze usage patterns to improve CliniCycle
Send you marketing communications about CliniCycle features, promotions, and veterinary equipment market insights, where you have given consent to receive them

What We Will Never Do

We will never sell, rent, lease, or trade your personal information to third parties for their own marketing or commercial purposes. Your data exists to operate and improve CliniCycle — nothing else.

Marketing Communications and Your Right to Withdraw Consent

Where we send you marketing emails, we do so only with your consent. You may withdraw that consent at any time by:

Clicking the unsubscribe link in any marketing email, or
Emailing us at privacy@clinicycle.com

Withdrawal of consent does not affect the lawfulness of any processing carried out before you withdrew it. Transactional emails directly related to your account activity (such as payment confirmations and offer notifications) are sent on the basis of contract performance and cannot be opted out of while your account is active.

Who We Share Your Information With

We share your information only with third-party service providers necessary to operate the platform. Each provider is contractually required to process your data securely and solely for the purposes we specify:

Stripe — payment processing, secure fund holding, and seller payouts
Supabase — database hosting and authentication
Resend — transactional and marketing email delivery
Vercel — platform hosting and infrastructure

We do not share your information with any other third parties except where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of CliniCycle or its users.

If we are ever acquired or merged with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

International Data Transfers

Our service providers (including Stripe, Supabase, Vercel, and Resend) may process your data in the United States or other countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms.

Data Retention

We retain your personal information for as long as your account is active and for a reasonable period afterward to comply with legal and financial obligations. Specifically:

Account data — retained for the duration of your account, then deleted within 90 days of account closure
Transaction records — retained for 7 years to meet financial and tax record-keeping requirements
Marketing consent records — retained until you withdraw consent, then deleted within 30 days

You may request earlier deletion at any time (see Your Rights below), subject to any legal retention obligations that apply.

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete data
Right to erasure — request deletion of your personal data ("right to be forgotten")
Right to restriction — request that we limit how we use your data while a dispute is resolved
Right to data portability — request your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests or for direct marketing purposes
Right to withdraw consent — where processing is based on consent, withdraw it at any time without penalty
Right to lodge a complaint — you have the right to complain to your local data protection authority if you believe we have handled your data unlawfully

To exercise any of these rights, contact us at privacy@clinicycle.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Cookies and Tracking

We use cookies and similar technologies for the following purposes:

Strictly necessary cookies — keeping you signed in and maintaining session security. These cannot be disabled as the platform will not function without them.
Analytics cookies — understanding how users navigate CliniCycle so we can improve it. These are only set with your consent.
Marketing cookies — we do not currently use third-party advertising cookies.

You may withdraw cookie consent or manage your preferences at any time through your browser settings. Disabling analytics cookies will not affect your ability to use the platform.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encrypted data transmission via TLS
Secure credential storage and authentication via Supabase Auth
PCI-compliant payment handling via Stripe
Role-based access controls limiting internal data access

No system is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and we will notify affected users without undue delay.

Children

CliniCycle is intended for veterinary professionals and is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have done so, we will delete it promptly.

Changes to This Policy

We may update this policy periodically. When we do, we will update the effective date at the top of this page. For material changes, we will notify you by email at least 14 days before the change takes effect, giving you the opportunity to review the updated policy and, where applicable, withdraw consent.

Contact and Complaints

For any questions about this policy or to exercise your rights:

Email: privacy@clinicycle.com

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the Republic of Ireland, this is the Data Protection Commission (dataprotection.ie). In the UK, this is the Information Commissioner's Office (ico.org.uk).