Legal

Privacy policy

How we process personal and kennel data — from account and subscription to everyday use of the Platform.

Last updated:

VilaControl (“we”, “Platform”) is committed to your privacy and the security of data you entrust to us. This policy describes our practices under applicable data protection law, including the GDPR for users in the EEA, UK and Switzerland, and US state privacy laws where applicable. For subscription and billing rules, see also our Terms of use and subscription.

1. Data we collect

To provide professional kennel management, we collect:

1.1. Account and registration data (controller)

  • Identity: Full name, tax or business identifier where required, date of birth when applicable.
  • Contact: Email address, phone/WhatsApp number and postal address.
  • Credentials: Encrypted password (we cannot access your plain-text password) and access logs.

1.2. Kennel and operational data (processor on your instructions)

We store information you enter about your animals, including:

  • Names, registry/pedigree records, microchip IDs, birth and death dates.
  • Genealogical data (pedigree trees, ancestors and descendants).
  • Health history (vaccinations, deworming, procedures, weight).
  • Financial data linked to operations (costs, sales, suppliers).

Note: This operational data belongs to you. VilaControl acts as a processor facilitating management on your instructions, unless we are controller for specific account or billing data.

1.3. Usage and technical data

We automatically collect IP address, browser type, pages visited and session times for security auditing and performance improvement.

2. How we use data

  • Service delivery: Enable management features, reports, digital pedigrees where applicable, and zootechnical metrics.
  • Communication: Vaccination alerts, system notifications, billing notices and product updates.
  • Improvement: Analyse aggregated usage to develop features for breeders and clinics.
  • Security: Prevent fraud, illegal activity and protect system integrity.
  • Legal bases (GDPR): contract performance, legitimate interests (security, product improvement), legal obligation, and consent where required (e.g. non-essential cookies).

3. Sharing and international transfers

VilaControl does not sell or rent personal or kennel data for third-party marketing. Sharing is limited to:

  • Service providers: Payment gateways (primarily Stripe for card and recurring subscriptions, PCI DSS compliant as processor), cloud hosting and email delivery — bound by contract to protect data where applicable.
  • Legal requirement: When required by law, regulation or competent court order.

Data may be processed outside your country (including Brazil and the United States). For EEA/UK users, transfers rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.

3.1. Payment data and card statement

Sensitive card data is generally processed directly by Stripe (capture or tokenisation per official flows). We retain only data needed for contract management (billing status, subscription IDs, last digits or brand when provided for reconciliation). See Stripe's privacy policy.

Charges may appear on your statement as MacroData (possibly truncated or uppercase per issuer rules), as explained in our Terms of use.

4. Security and retention

  • Encryption: Data in transit via HTTPS/TLS; sensitive data encrypted at rest where applicable.
  • Backups: Automated daily backups to reduce data loss risk.
  • Access control: Server access restricted to authorised personnel.

We retain data while your account is active and as required for legal, tax and dispute purposes, then delete or anonymise when no longer necessary.

5. Your rights

Depending on your location, you may have the right to:

  • Access and confirmation of processing;
  • Rectification of inaccurate or incomplete data;
  • Erasure (“right to be forgotten”) subject to legal exceptions;
  • Restriction and objection to certain processing;
  • Data portability (including kennel export where available);
  • Withdraw consent where processing is consent-based;
  • California residents (CCPA/CPRA): know, delete, correct and opt out of “sale”/“sharing” — we do not sell personal information as defined by CCPA.

EEA/UK users may lodge a complaint with their local supervisory authority. UK: ICO. EEA: your national DPA.

6. Cookies and tracking

We use essential cookies for session security. Analytics cookies (e.g. Google Analytics) may be used in anonymised or consent-based form depending on your region and settings.

7. Policy changes

We may update this policy periodically. Material changes will be notified by email or prominent notice on the Platform.

8. Contact and data protection

To exercise your rights or contact our privacy team:

Privacy contact

To exercise your privacy rights or contact our data protection team, write to the address below.

privacidade@vilacontrol.com.br

Continued use of the Platform means processing under this policy and the Terms of use. Terms of use.

View plans Back to home