Cookie & Tracker Policy.

Version: 1.0 · Effective date: 9 May 2026 · Next scheduled review: 9 May 2027 · Operator: Creator Alliance Group Pty Ltd ACN 689 817 070, trading as Vett · Governing law: New South Wales, Australia

In plain English Vett's authenticated app (the part you log in to) stores only technically necessary data (your session token, PIN state) in browser localStorage — nothing is shared with third-party ad networks. However, Vett's public-facing pages (landing page, terms, privacy policy, cookies policy, and other marketing pages) currently use Google Analytics 4, Microsoft Clarity, and Meta Pixel for web analytics and marketing attribution. These trackers are active on public pages only and are not loaded inside the authenticated application. Full details are in Section 3 below.
Contents
  1. What cookies and trackers are
  2. What Vett currently uses
  3. What Vett does not use
  4. If we add analytics in the future
  5. Your controls
  6. Third-party links
  7. Changes to this policy
  8. Contact

1. What cookies and trackers are

In plain English Cookies are small files stored on your device. Pixels and beacons are tiny invisible images or scripts that phone home when you load a page. Both are used across the web to remember preferences and to track advertising.
  1. 1.1 A cookie is a small text file placed on your device by a website or app to remember information between sessions.
  2. 1.2 A tracking pixel (or web beacon) is a 1×1 invisible image or inline script that requests a remote resource, allowing the remote server to log that a page was viewed.
  3. 1.3 Local storage and session storage are browser-side key-value stores that function similarly to cookies but are not sent to servers on every request.
  4. 1.4 Analytics scripts (e.g. Google Analytics, PostHog, Mixpanel) are JavaScript libraries that collect behavioural data such as page views, click paths, session duration, and device type.
  5. 1.5 Advertising pixels (e.g. Meta Pixel, TikTok Pixel, Google Ads tag) are scripts placed by ad networks to attribute conversions and build retargeting audiences.

2. What Vett currently uses — authenticated app Current

In plain English Inside the authenticated Vett app (after you log in), we store only your session token and UI preferences locally. No data leaves your device to a third-party tracker while you are logged in.
Storage key Purpose Stored where Shared with third parties Expires
vett_token Authenticated session JWT issued by Vett's own server Browser localStorage No 7 days (or on logout)
vett_tab Last active UI tab (cosmetic preference) Browser localStorage No Until cleared by user
Service Worker cache PWA offline assets (app shell, icons) Browser Cache API No Until SW update or browser clear
Push notification token Device-specific token used to deliver push notifications you have enabled Stored server-side, linked to your account Push transport provider only (Apple/Google), solely to deliver the notification Stored only while push is enabled; removed when you disable push or delete your account
  1. 2.1 All items above are strictly necessary for the Service to function. They cannot be disabled without breaking core functionality.
  2. 2.2 None of the above items are accessible to, or shared with, any third-party ad network, analytics provider, or social platform.

3. Third-party trackers on public-facing pages Current

In plain English Vett's public marketing and legal pages (landing page, terms, privacy policy, this cookies page, and similar pages) currently use Google Analytics, Microsoft Clarity, and Meta Pixel. These are active on public pages only — they are not loaded inside the authenticated application. The data they collect does not include your Scan content, Subject Data, or account credentials.
Tracker Operator Purpose Data transferred Opt-out
Google Analytics 4 Google LLC (United States) Page-view analytics, session metrics, traffic-source attribution Page URL, referrer, browser type, device type, anonymised IP, session identifiers. No Scan content or account data. GA opt-out browser add-on · Google privacy policy
Microsoft Clarity Microsoft Corporation (United States) Session-replay heatmaps, click and scroll analytics on public pages Mouse movements, clicks, scrolls, page URL, browser type. No Scan content or account data. Enable "Do Not Track" in your browser settings or use a content blocker · Microsoft privacy statement
Meta Pixel Meta Platforms, Inc. (United States) Conversion tracking for Meta advertising campaigns (Facebook, Instagram) Page-view event, standard conversion events, hashed email address where provided, browser type. No Scan content or account data. Meta ad preferences · Meta data policy
  1. 3.1 These trackers are loaded on public-facing pages only (URLs that do not require authentication). They are not loaded on any screen of the authenticated Vett application.
  2. 3.2 The data transferred to each tracker is limited to standard web-analytics signals. None of your Scan content, Report data, Subject Data, or account credentials are shared with these trackers.
  3. 3.3 To opt out of any of these trackers, use the opt-out link in the table above, enable your browser's "Do Not Track" setting, or install a content-blocking extension (e.g. uBlock Origin). Blocking these trackers will not affect your access to, or use of, the authenticated Vett application.
  4. 3.4 Vett does not set or read any:
    1. affiliate-tracking cookies;
    2. social-media share or "Like" button scripts that set cross-site cookies;
    3. fingerprinting scripts or canvas-fingerprinting techniques; or
    4. TikTok Pixel, Snapchat Pixel, or other advertising pixels beyond those listed above.
  5. 3.5 Vett does not sell, rent, or exchange your browsing data with any data broker or advertising partner.

4. If we add further analytics or marketing pixels in the future

In plain English We will tell you before any new tracker is added, explain exactly what will be collected, and give you a clear way to opt out.
  1. 4.1 If Vett intends to introduce any additional non-essential tracking technology beyond those listed in Section 3, we will:
    1. update this Cookie & Tracker Policy at least 14 days before the change takes effect;
    2. send an email notification to all registered Users; and
    3. document each new tracker in a table equivalent to Section 3, listing its name, vendor, purpose, data transferred, retention period, jurisdiction, and opt-out mechanism.
  2. 4.2 Marketing notifications and emails operate under separate consent, governed by the Spam Act 2003 (Cth) — you may withdraw at any time in account settings.

5. Your controls

  1. 5.1 Browser settings. Most browsers allow you to block or delete cookies and localStorage data. Doing so may break authentication and you will need to log in again. See your browser's help pages for instructions.
  2. 5.2 In-app clear. Logging out of Vett removes the vett_token localStorage key. Uninstalling the app (PWA) removes all locally stored data.
  3. 5.3 Do Not Track. Some browsers send a Do Not Track (DNT) signal. Vett honours the intent of DNT by not running any non-essential third-party scripts, regardless of whether a DNT header is present.
  4. 5.4 Data deletion. You may request deletion of your Account and all associated personal data at any time by emailing hello@getvett.com.au or using the in-app "Delete my account" function. See the Privacy Policy for timelines.

6. Third-party links

  1. 6.1 The Service may contain links to external websites (e.g. crisis-line resources, legal aid). Those sites are not operated by Vett and have their own cookie and privacy policies. Vett is not responsible for third-party tracking practices.
  2. 6.2 Vett does not embed third-party widgets (social share buttons, YouTube embeds, map iframes) that would set cross-site cookies without your knowledge.

7. Changes to this policy

  1. 7.1 We may update this Policy at any time. The version number and effective date at the top of this page identify the current version.
  2. 7.2 For material changes (i.e. introduction of any non-essential tracking), clause 4.1 applies.
  3. 7.3 For minor corrections (e.g. updated table of strictly-necessary keys, formatting), we will update the page without advance notice but will update the effective date.
  4. 7.4 Continued use of the Service after a non-material update constitutes acceptance of the revised Policy. For material changes, explicit re-consent is required as described in clause 4.2.

8. Contact

  1. 8.1 Questions about this Policy may be directed to hello@getvett.com.au.
  2. 8.2 For DSAR requests (access, correction, deletion), email hello@getvett.com.au with the subject line "DSAR".
  3. 8.3 If you believe we have handled your data unlawfully, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

Operator: Creator Alliance Group Pty Ltd ACN 689 817 070, trading as Vett · Privacy contact: hello@getvett.com.au · OAIC: oaic.gov.au · Related policies: Privacy Policy · Terms of Use · Acceptable Use Policy