Where your files end up

Encrypted storage, automatic deletion after 24 hours, anonymous paths without your email. What happens to your pet's report after upload.

Updated on June 2, 2026 · 2 min read

On this page

The path of your file
1. Upload to Supabase Storage
2. Analysis with OpenAI
3. Result saved
4. Automatic deletion after 24 hours
What we DON'T do
Encryption
For maximum privacy
FAQ

The path of your file

When you upload a report, here's what happens in sequence.

1. Upload to Supabase Storage

The file is uploaded directly from your browser to our cloud storage (Supabase, EU datacenters). The transfer is encrypted (HTTPS).

The path is anonymous:

If logged in: users/<uuid>/<timestamp>-<filename>
If anonymous: anon/<uuid>/<timestamp>-<filename>

The UUID is an opaque unique identifier. Your email never appears in the file path.

2. Analysis with OpenAI

The file is passed to OpenAI's AI engine (gpt-4.1) via their Files API for reading. OpenAI is our AI engine provider for report analysis.

What happens at OpenAI:

File stays on their servers max 30 days per their Terms
Not used for training: we have opt-out active (Enterprise/Business policy)
Not accessible to other OpenAI users

3. Result saved

The structured output (analysis JSON) is saved in our Postgres database (Supabase). Linked to your account if logged in, or to the email you provided if anonymous.

4. Automatic deletion after 24 hours

The original file (the report PDF/photo you uploaded) is automatically deleted from our storage after 24 hours, via daily cron.

What remains after 24 hours:

The analysis result (structured text, no attachments)
Minimum metadata (date, exam type, email)

What disappears:

The original file
Uploaded photos/PDFs

This means after 24 hours we can't re-analyze the same file: you'd have to re-upload it.

What we DON'T do

Never share your file with third parties other than the AI engine needed for analysis (OpenAI)
Never publish your pet's reports, even anonymized
Never sell them for marketing, profiling, advertising
Never use them for AI training (ours or third parties')

Encryption

In transit: HTTPS (TLS 1.2+) between your browser and our servers, and between us and OpenAI
At rest: Supabase encrypts files automatically (AES-256) and the Postgres database
Backups: encrypted same way, 30-day retention

For maximum privacy

If you have a report you'd rather keep as private as possible, consider:

Use the anonymous analysis (1 free trial without account, email only at the end)
Manually redact personal data not strictly necessary before upload (you can cover your name, address or other personal details with a marker; leave the exam values and the pet's name readable, the analysis needs them)
Delete the analysis from your history right after reading the result

FAQ

Can I request immediate file deletion?

Yes, email hello@decifra-vet.it with your email and analysis ID. We delete file + analysis within 24 hours. Note: after 24 hours the file is already auto-deleted.

Can OpenAI read my pet's reports?

The AI model processes the file to generate the analysis. OpenAI employees don't read contents unless for abuse investigations (per their Terms). File stays on their servers max 30 days.

Where are the datacenters physically?

Supabase: EU datacenter (Frankfurt, Germany). OpenAI: USA mainly, EU-USA transfers compliant with Standard Contractual Clauses + DPF.

Delete account and data
GDPR-compliant: immediate self-service deletion, irreversible. What gets deleted, what stays, how to confirm.
Read

Was this article helpful?