Privacy Policy - PreOp Pro

1. Data We Collect

We collect data necessary to provide the Service. This includes:

Account Information

Email address, name, and password hash (passwords are never stored in plaintext)
Institutional affiliation and professional role (when provided)
Subscription status and payment information (processed by Stripe - we do not store full card numbers)

Simulation & Clinical Data

Simulation configurations, parameters, and outcomes
Clinical notes and annotations created during simulation sessions
Patient scenario data (always de-identified - we do not store identifiable patient health information)
Training session records and performance metrics

Team & Collaboration Data

Team membership and role assignments
Shared simulation sessions and collaborative annotations
Training completion records and certification tracking

Usage Data

Feature usage patterns and page views for product improvement
API usage (endpoint calls, rate limit events) for developer accounts
Compliance and audit logs (security-relevant actions: login, permission changes, data access)

2. How We Use Your Data

Operate the Service: run simulations, display clinical data, manage team collaboration, generate AI-assisted recommendations
Account security: authenticate users, manage access controls, and enforce role-based permissions
Compliance: maintain HIPAA compliance records, log security-relevant events for audit purposes
Abuse prevention: detect and prevent impersonation, unauthorized access, and rate limit violations
Product improvement: analyze aggregate usage patterns to improve features (we do not use individual simulation content for this purpose)
Communications: send account-related notifications (password resets, subscription changes, training alerts)

We do not sell your personal data to third parties. We do not use your data for advertising targeting.

3. Data Sharing

We share data only as necessary to provide the Service:

AI service providers: simulation prompts and de-identified clinical parameters may be sent to AI model providers (e.g. Anthropic) for processing. No identifiable patient data is transmitted.
Payment processor (Stripe): payment information is processed by Stripe under their privacy policy
Email provider (SendGrid): your email address is shared with our email provider for account notifications
Team members: within a team, your name, role, and simulation data are visible to other authorized members per the team's access settings
Law enforcement: we may disclose data if required by law, court order, or government request

4. Session Data

PreOp Pro stores session data to maintain your workspace across visits. This includes:

Authentication tokens stored in secure httpOnly cookies
Simulation workspace state stored in your browser's localStorage
Theme and display preferences
Not shared with any third party
Automatically cleared when you sign out or clear site data

5. Data Retention

Account data: retained while your account is active, deleted upon account deletion request
Simulation data: retained while your account is active, exportable upon request
Clinical notes and annotations: retained until you delete them from the dashboard
Compliance and audit logs: retained for up to 7 years as required by applicable regulations
Training records: retained while your account is active and for 3 years after account closure for certification purposes
Encrypted files: retained while your account is active, encrypted at rest with AES-256-GCM

6. Data Export & Deletion

You may request an export of your data or account deletion from the dashboard (Account → Settings) or by contacting support. Upon account deletion:

Your account, simulation data, clinical notes, and all associated data are permanently deleted
Active subscriptions are cancelled
Team memberships are removed (team data is retained for other members)
Training records may be retained in anonymized form for certification compliance
Deletion is processed within 30 days in compliance with GDPR, CCPA, HIPAA, and applicable law

7. Security

We use industry-standard measures to protect your data:

Passwords are hashed with bcrypt (never stored in plaintext)
All connections use TLS encryption in transit
Simulation data and clinical notes are encrypted at rest with AES-256-GCM
JWT authentication with httpOnly, secure, sameSite cookies
API endpoints enforce CSRF origin checking
Compliance logging tracks all security-relevant actions (login, permission changes, data access)
Role-based access controls enforce least-privilege principles for team and organizational data

8. Cookies & Local Storage

We use the following browser storage:

Authentication cookie: httpOnly JWT session token (required for the Service to function)
localStorage: theme preference, simulation workspace state, sidebar state
sessionStorage: active simulation session ID, transient UI state

We do not use third-party tracking cookies or analytics cookies. We do not use advertising cookies.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will delete it.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EU/EEA users, we process data under the legitimate interest legal basis for operating the Service. You have the right to access, rectify, erase, restrict processing, and port your data under GDPR. Contact us to exercise these rights.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email, in-app notice, or dashboard notification. Continued use after changes constitutes acceptance.

12. Contact

For privacy requests, data export, account deletion, or questions about this policy, contact us at the support email listed on the site or use the support page.