Protecting pet health records, owner information, and payment data through industry-leading security practices, transparent policies, and continuous compliance monitoring.
At Paws Source, we recognize that pet healthcare data and owner information are deeply personal. We treat every record with the highest standard of care, security, and confidentiality.
We only collect what is strictly necessary for service delivery, veterinary coordination, and account management. Unnecessary data is never retained.
Every request, user, and device is verified. Internal network segmentation ensures that a breach in one area never compromises the whole ecosystem.
AI-driven anomaly detection, real-time SIEM logging, and automated threat response operate 24/7 across all infrastructure layers.
Multi-layered protections engineered to keep pet health records, billing information, and communications secure at rest, in transit, and during processing.
All data in transit is secured via TLS 1.3. Data at rest uses AES-256 encryption. Database fields containing sensitive PII and medical notes are additionally column-encrypted with rotating keys managed by a dedicated KMS.
Role-Based Access Control (RBAC) ensures staff only see data relevant to their function. Multi-Factor Authentication (MFA) is mandatory for all administrative and clinical systems. Session timeouts and automatic lockouts are enforced.
Cloud-hosted on isolated VPCs with private subnets. DDoS mitigation, WAF rules, and infrastructure-as-code scanning are standard. Regular penetration testing and dependency auditing are conducted by third-party security firms.
Immutable backups are replicated across geographically distributed regions. RTO of <4 hours and RPO of <15 minutes are maintained. Quarterly failover drills ensure business continuity.
We align with global data protection regulations and maintain rigorous internal governance to safeguard pet owner privacy.
| Framework / Regulation | Scope | Status | Last Audit |
|---|---|---|---|
| GDPR | EU/EEA Pet Owner Data | Compliant | Q3 2024 |
| CCPA / CPRA | California Residents | Compliant | Q4 2024 |
| PCI-DSS Level 1 | Payment Processing | Certified | Q2 2024 |
| SOC 2 Type II | Security, Availability, Confidentiality | Audited | Q1 2025 |
| ISO 27001 | Information Security Management | Certified | Q3 2024 |
Transparency and control are foundational to our privacy practices. You retain ownership of your information.
We maintain a formalized, tested incident response plan aligned with NIST and ISO standards.
Automated alerts trigger immediate isolation of affected systems. Our Security Operations Center (SOC) escalates and contains threats within minutes, not hours.
Affected users are notified via email and in-app alerts within 72 hours of confirmed impact. Clear, jargon-free communication outlines what happened, what data was involved, and protective steps.
Every security event undergoes a blameless post-mortem. Findings are implemented, controls are updated, and external auditors validate remediation.
We welcome responsible disclosure. Researchers can safely report vulnerabilities through our dedicated security portal. Bounties are awarded for valid, high-impact findings.
Have a security concern, privacy question, or want to report a vulnerability? Our dedicated team is here to help.
We respond to all privacy and security inquiries within 24 hours. For urgent incidents, we prioritize immediate escalation.