Legal Changelog
Most legal documents change invisibly. Ours will not.
Every change to our Privacy Policy and Terms of Service is published here, with the full prior version archived, so you can verify for yourself exactly what changed and when. We will never quietly reduce your protections, because you would see it.
v1.1 — July 11, 2026
Previous version: v1.0, effective April 3, 2026
Corrects our infrastructure processor disclosure after the AWS migration, clarifies Cloudflare's role on public sites only, and aligns provider-contributed language with coordination notes.
Read the full current terms of service
- MaterialData processor (Section 13.3)
Section 13.3 updated to name AWS as our production database host under an executed BAA, and to clarify Cloudflare provides web hosting and CDN for public sites only and does not process health records. The prior version named different processors and was accurate when published.
A note on timing
Our terms commit to 30 days notice before a material change takes effect. That commitment is about changes we are going to make. The infrastructure migration described above already happened, so there was no way to give advance notice of it. We are disclosing it immediately rather than waiting, and we are labeling it material because it concerns who processes your data. Going forward, any material change we intend to make will be announced here, and by email, before it takes effect.
- Correction / ClarificationCoordination notes (Section 4.2)
Section 4.2 changed "provider-contributed notes" / clinical notes language to coordination notes, and added that providers' clinical charting remains in their own EHR.
v1.1 — July 11, 2026
Previous version: v1.0, effective April 3, 2026
Corrects our infrastructure processor disclosure after the AWS migration, clarifies Cloudflare's role, aligns provider-contributed data language with coordination notes, and strengthens our security disclosure.
Read the full current privacy policy
- MaterialData processor (infrastructure migration)
We migrated our production infrastructure from Railway to Amazon Web Services (AWS), under an executed Business Associate Agreement. Our previous policy named Railway as our hosting and database provider. That was accurate when published and became inaccurate when we migrated. AWS is now the processor. We are disclosing this rather than quietly updating it.
- MaterialVendor scope (Cloudflare)
Clarified that Cloudflare provides web hosting and content delivery for our public websites only. Cloudflare does not process or access health records, and health data traffic does not pass through Cloudflare.
A note on timing
Our policy commits to 30 days notice before a material change takes effect. That commitment is about changes we are going to make. The infrastructure migration described above already happened, so there was no way to give advance notice of it. We are disclosing it immediately rather than waiting, and we are labeling it material because it concerns who processes your data. Going forward, any material change we intend to make will be announced here, and by email, before it takes effect.
- Correction / ClarificationProvider-contributed data terminology
Changed "clinical notes" to "coordination notes" for provider-contributed data, to match how the platform actually works. A provider's clinical charting stays in their own EHR. LastVet does not hold it.
- Correction / ClarificationVA-sourced data list
Removed clinical notes from the VA Lighthouse data list. LastVet pulls structured FHIR resources (conditions, medications, allergies, procedures, immunizations, and lab results). We do not currently pull VA progress or clinical note documents.
- StrengtheningSecurity disclosure
Updated our security disclosure to reflect what is now in place: encryption at rest and in transit, and row-level security enforced at the database connection level, so the application itself cannot bypass the access controls protecting your record.