NextUp Privacy Policy

Last Updated: December 3, 2025

Privacy Policy

Last Updated: December 3, 2025

This Privacy Policy explains how J. Moore Medical LLC, a Texas limited liability company doing business as “DVMiQ” (“J. Moore Medical,” “DVMiQ,” “Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our veterinary-focused scheduling and student assistant application, NextUp, the campus-utd.com website, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

---

1. Scope and Who This Policy Covers

This Privacy Policy applies to:

• Visitors to our websites

• Users of our mobile and web apps, including:

• Veterinary professionals and clinics (“Clinic Users”)

• Students, externs, interns, residents, and other trainees (“Student Users”)

• Administrators, instructors, or coordinators at clinics, universities, and training programs If you use the Service under an agreement between us and your employer, clinic, or educational institution (your “Organization”), some data practices may also be governed by that agreement. In case of conflict, the Organization’s contract with us may control our relationship with that Organization, and this Privacy Policy will control our relationship with you as an individual user.

---

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

We collect information you provide when you register, create or update an account, use features of the Service, or communicate with us, including:

• Account and Profile Information

• Name

• Email address

• Password or authentication credentials

• Role or position (e.g., veterinarian, student, technician, coordinator)

• Organization, institution, or clinic affiliation

• Profile photo or avatar (if you choose to upload one)

• Scheduling and Usage Information

• Shifts, rotations, and appointment schedules

• Task lists, reminders, and notes

• Preferences and settings

• Study Materials and Educational Content

• Notes, checklists, flashcards, rotation guides, case summaries, and similar materials you upload or create (“Study Materials”)

• Comments and interactions related to Study Materials shared with your class, cohort, or group

• Support and Communications

• Messages and inquiries you send to our support team

• Feedback, survey responses, or other communications you choose to provide We do not intend to collect sensitive personal information about your clients or patients (e.g., owners of animals) through the Service. If you choose to input such information, you are responsible for ensuring you have all necessary consents and comply with applicable laws and your Organization’s policies.

2.2 Information We Collect Automatically

When you use the Service, we automatically collect certain technical and usage information, including:

• Device and Log Information

• Device type, operating system, browser type, and version

• IP address and approximate location (derived from IP)

• Access times and dates

• Pages or screens viewed, features used, and actions taken within the Service

• Crash logs, error reports, and performance data

• Cookies and Similar Technologies We and our service providers use cookies, web beacons, SDKs, and similar technologies to:

• Remember your settings and preferences

• Maintain your session

• Understand how you use the Service

• Improve performance and security You can control cookies through your browser settings, but some features of the Service may not function properly if you disable cookies.

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

• Organizations and Institutions

• Your clinic, university, residency program, or other Organization may provide your name, institutional email, role, cohort, or group assignments to create or manage your account.

• Learning Management Systems (LMS) and Integrations

• If you connect the Service to an LMS such as Canvas or other third-party tools (collectively, “LMS Integrations”), we may receive:

• Course and section information

• Assignment and schedule data

• Enrollment or group membership information

• We may also receive and securely store access tokens or similar credentials necessary to maintain the integration, as described in Section 7 below.

• Other Third Parties

• Authentication providers (e.g., single sign-on systems)

• Analytics or error reporting services (in an aggregated or de-identified form) The information we receive from third parties will depend on their own privacy policies and your settings with those third parties.

---

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account

• Authenticate your identity and allow you to log in

• Provide scheduling, rotation, task management, and assistant features

• Enable sharing of Study Materials with your class, cohort, or designated groups

• Operate LMS Integrations and other connected services

• Provide customer support and respond to inquiries

3.2 To Personalize and Improve the Service

• Customize your experience, including schedules, reminders, and views

• Suggest or surface relevant Study Materials or features within your groups (where enabled)

• Analyze usage patterns to improve usability, performance, and content

• Develop new features and services

3.3 To Communicate with You

• Send administrative or service-related messages (e.g., account notices, updates to terms, security alerts)

• Respond to support requests and feedback

• Send optional educational or product-related communications, where permitted by law and your communication preferences

You can opt out of certain non-essential communications by following the unsubscribe instructions in the message or updating your preferences, but you may not opt out of important service or legal notices.

3.4 For Security, Compliance, and Protection

• Monitor, detect, and prevent fraud, abuse, and security incidents

• Protect the safety and integrity of the Service, our users, and third parties

• Enforce our Terms of Use and other policies

• Comply with legal obligations and respond to lawful requests from public authorities

3.5 For Research and Analytics

• Use aggregated and/or de-identified data to:

• Understand how the Service is used

• Benchmark performance and outcomes

• Publish or share high-level usage statistics that do not identify you or your Organization We do not use identifiable user data for external marketing purposes unrelated to the Service without your consent.

---

4. Study Materials and Class Sharing

4.1 Study Materials

Student Users and other users may upload or create Study Materials in the Service. Study Materials may include personal notes, learning tools, and case-related summaries that you choose to store or share.

4.2 Class, Cohort, and Group Visibility

If you choose to share Study Materials or other content in a shared space (for example, a class, rotation group, or institution-managed workspace):

• Your Study Materials and your name or profile information may be visible to other authorized users in that group (e.g., classmates, supervising clinicians, instructors).

• Those users may view and use your Study Materials for their own educational purposes, consistent with your Organization’s rules and our Terms of Use.

You can usually control whether your Study Materials are shared or kept private, depending on the specific features and configuration chosen by your Organization.

4.3 Responsibility for Shared Content

You are responsible for:

• Ensuring you have the right to upload and share Study Materials with others

• Not uploading exams, answer keys, or proprietary course materials you are not allowed to redistribute

• Not including confidential or client-identifying information (about animal owners, staff, or specific animals) unless such inclusion is authorized and compliant with applicable laws and policies

We may remove or restrict access to Study Materials that appear to violate our Terms of Use, law, or institutional rules, but we generally do not monitor Study Materials proactively.

---

5. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or a similar jurisdiction that requires a legal basis for processing, we process your personal data under one or more of the following bases:

• Performance of a Contract – To provide and operate the Service you requested

• Legitimate Interests – To maintain, improve, and secure the Service; provide support; and communicate with you about related services (where these interests are not overridden by your rights)

• Consent – Where required by law for certain types of processing (e.g., particular optional communications or integrations); you can withdraw your consent at any time

• Legal Obligations – To comply with applicable laws, regulations, and legal processes

---

6. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

6.1 Service Providers

We engage third-party service providers to assist with:

• Hosting and infrastructure

• Data storage and backup

• Analytics and error monitoring

• Customer support tools

• Email and communication delivery

• Payment processing (for paid features, if any)

These providers may access personal information only to perform services on our behalf and must protect it in accordance with applicable data protection laws and contractual obligations.

6.2 Organizations and Institutional Administrators

If you use the Service through an Organization (e.g., your university, residency, or clinic), we may share with that Organization and its authorized administrators:

• Your account and profile information

• Your usage and activity data in the Service (such as schedule participation, completion of assigned tasks, or engagement metrics), where such sharing is necessary to operate the program or as directed by the Organization

• Study Materials or content you share in Organization-managed spaces (subject to institutional rules and settings)

Your Organization may have its own policies governing how it uses and shares your information.

6.3 LMS Integrations and Other Third-Party Tools

If you enable an integration with an LMS (such as Canvas) or another third-party tool:

• We may share and receive information with/from that third party as needed to operate the integration, as described in Section 7 below.

• Information shared with a third party will be subject to that third party’s privacy policy and terms.

6.4 Legal and Safety Reasons

We may disclose information if we believe in good faith that such disclosure is reasonably necessary to:

• Comply with any applicable law, regulation, legal process, or governmental request

• Protect the rights, property, or safety of the Company, our users, or others

• Enforce our Terms of Use or other agreements

• Detect, prevent, or address fraud, security, or technical issues

6.5 Business Transfers

In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, your information may be disclosed or transferred as part of the due diligence or the completed transaction, subject to appropriate confidentiality obligations and in accordance with applicable law.

6.6 Aggregated or De-Identified Data

We may share or publish aggregated or de-identified information that does not reasonably identify you or any individual user (for example, overall usage statistics, average rotation hours, or anonymized performance metrics).

---

7. Canvas Access Tokens and LMS Integrations

7.1 LMS Integrations

The Service may allow you to connect your account to learning management systems such as Canvas and similar platforms (“LMS Integrations”) to import or synchronize course, schedule, and assignment information.

7.2 Canvas Access Tokens

To enable an LMS Integration, you may be asked to grant or authorize access for us to obtain access tokens, API keys, or similar credentials associated with your Canvas or other LMS account (“Canvas Access Tokens”).

By enabling an integration:

• You authorize us to use Canvas Access Tokens solely to access and process data from the connected LMS as needed to provide the features you choose to use (e.g., syncing assignments, schedules, or course information).

• We do not use Canvas Access Tokens for advertising or unrelated purposes.

7.3 Security of Canvas Access Tokens

We use technical and organizational measures designed to protect Canvas Access Tokens, including:

• Encrypting Canvas Access Tokens at rest using symmetric encryption at rest using the Fernet protocol (AES-128 in CBC mode with HMAC-SHA256 for integrity).

• Protecting Canvas Access Tokens and LMS-related data in transit using HTTPS or other industry-standard transport-layer security

While we implement these safeguards, no system can be guaranteed 100% secure, and you provide Canvas Access Tokens at your own risk, subject to this Privacy Policy and our Terms of Use.

7.4 Revoking Access

You may revoke or disconnect an LMS Integration at any time:

• Through the Service (where such settings are available), and/or

• Through your LMS account settings (e.g., Canvas’ authorized applications or tokens page)

When you revoke access, we will stop using Canvas Access Tokens for ongoing data retrieval and will delete or render them unusable within a commercially reasonable period, subject to our backup, security, and legal retention obligations.

---

8. Data Security

We use administrative, technical, and physical safeguards designed to protect your information against unauthorized access, loss, misuse, or alteration, including:

• Use of HTTPS/TLS to encrypt data in transit between your device and our servers

• Encryption of certain sensitive data (such as access tokens) at rest using methods such as Fernet encryption

• Access controls and authentication measures to limit access to authorized personnel

• Regular monitoring for potential vulnerabilities

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. Please protect your account credentials and notify us immediately at support@dvm-iq.com if you suspect unauthorized access to your account.

---

9. Data Retention

We retain your information for as long as necessary to:

• Provide and maintain the Service

• Fulfill the purposes described in this Privacy Policy

• Comply with our legal obligations

• Resolve disputes and enforce our agreements

Retention periods may vary based on the type of data, the nature of our relationship with you, and legal or contractual requirements. We may retain aggregated or de-identified information indefinitely.

If your account is deactivated or closed (by you or your Organization), we may retain certain information for backup, archival, audit, and legal compliance purposes, and as otherwise described in our Terms of Use.

---

10. Your Choices and Rights

10.1 Account Information

You can access and update certain account information directly through the Service (such as your name, email, and profile details). If you are unable to update certain information, you may contact us at support@dvm-iq.com.

10.2 Communication Preferences

You may opt out of receiving non-essential marketing or promotional emails by following the unsubscribe instructions in those emails or by adjusting your preferences in your account (where available). We may still send you important service, security, or legal notices.

10.3 Data Subject Rights (EEA/UK and Similar Jurisdictions)

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as:

• Access to your personal data

• Correction or update of inaccurate information

• Deletion of your personal data

• Restriction or objection to certain processing

• Data portability

• Withdrawal of consent (where processing is based on consent)

To exercise these rights, contact us at support@dvm-iq.com. We may ask you to verify your identity before responding. Some rights may be limited, for example, where fulfilling your request would conflict with legal obligations, our rights, or the rights of third parties.

If your data is processed under a contract between us and your Organization, we may direct your request to your Organization or process it in coordination with them.

10.4 California Residents (If Applicable)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) or similar laws, including the right to:

• Know the categories and specific pieces of personal information we collect, use, and disclose

• Request deletion of certain personal information

• Opt out of certain “sales” or “sharing” of personal information (as those terms are defined by law)

We do not sell your personal information as that term is typically understood, and we do not use your personal information for cross-context behavioral advertising unrelated to the Service. You may contact us at support@dvm-iq.com to exercise your California rights or for more information.

---

11. Children’s Privacy

The Service is not intended for use by children under the age of 16, and we do not knowingly collect personal information directly from children under 16 without appropriate consent. If we learn that we have collected personal information from a child under 16 without consent, we will take reasonable steps to delete that information as soon as practicable. If you believe a child under 16 has provided us with personal information, please contact us at support@dvm-iq.com.

---

12. International Data Transfers

We are based in The United States of America and may process and store your information in that country and other countries that may have data protection laws different from those in your jurisdiction.

Where required by law, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect personal data transferred from the EEA, UK, or other regions with data transfer restrictions. By using the Service or providing information to us, you acknowledge that your information may be transferred to and processed in countries outside your country of residence.

---

13. Third-Party Websites and Services

The Service may contain links to or integrations with third-party websites, applications, or services that are not operated by us, including LMS providers (such as Canvas), communication tools, and other platforms.

This Privacy Policy does not apply to those third-party services. Their privacy practices are governed by their own policies. We are not responsible for the content, privacy, or security practices of third parties. We encourage you to review their privacy policies before providing any information to them or using their services.

---

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website or within the Service, and/or

• Sending you an email or in-app notification, where appropriate

The “Last Updated” date at the top of this Policy indicates when the latest changes were made. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service.

---

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

DVMiQ
Attn: Privacy/Legal
Email: Support@dvm-iq.com

If you are in the EEA/UK and are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.