Security & Trust

Ownership, integrity, accountability.

The Veterinary Surgical Documentation System is offline-first and clinic-owned. The system is designed under the assumption of adversarial review. These are architectural commitments, not marketing claims.

Data Ownership

Clinics own the data outright. There is no cloud, no silent uploads, and no third-party possession. Cryptographic keys remain under clinic custody at all times.

Offline-First Design

Vetucate runs without internet access. Updates are delivered via signed, reviewable media under clinic-controlled installation. Network isolation is a default, not a toggle.

Evidence Integrity

Every export includes a session manifest: a structured, hashed record linking all artifacts to their captured evidence. Records are immutable and tamper-evident once sealed. No actor, including Vetucate, can alter the sealed output.

Auditability

Outputs are deterministic. Third parties can independently verify exported records and manifests without accessing original capture data.

Non-negotiable operating terms

No cloud

No tracking

No remote access

Clinic-held keys only

Vetucate has no ongoing access to clinic data after deployment.

No cloud · No tracking · No remote access · Export requires surgeon approval · Clinic-held keys only

Compliance Workflow

Approval before export.

No case can be exported without explicit surgeon sign-off. The approval gate is enforced at the system level. It cannot be bypassed remotely, by Vetucate, or by the clinic. This is a compliance architecture decision, not a policy layer.

USB Export

Physical transfer. No network required.

Approved export packages are transferred to USB media. The system mounts the drive, copies the sealed package, and safely ejects it. No background sync. No network connection. Operators watch transfer progress directly.