SurgiSnap LLC
Privacy Policy
Our Core Principle
SurgiSnap is built on a zero-retention philosophy. You are the sole custodian of your case log data. No protected health information (PHI) is ever stored on SurgiSnap's servers. All case data resides exclusively on your device in an encrypted vault.
Data We Do Not Collect
SurgiSnap does not collect your name, email address, phone number, or any other contact information. SurgiSnap does not create user accounts. No case log data, operative note content, patient identifiers, or clinical information is transmitted to or retained by SurgiSnap's servers or any third party for storage purposes.
Data Collected by Third-Party Services
SurgiSnap integrates with the following third-party services, each of which may collect limited technical data as described:
Firebase (Google LLC)
HIPAA BAA in placeSurgiSnap uses Firebase Authentication to generate an anonymous, randomly assigned user identifier. This identifier contains no personal information and cannot be traced to your identity. It is used solely to authorize access to SurgiSnap's server-side features.
SurgiSnap also uses Firebase Crashlytics to collect crash reports and performance diagnostics to identify and fix technical issues. This data is used exclusively for app stability and improvement.
Google processes this data under a HIPAA Business Associate Agreement with SurgiSnap.
RevenueCat
SurgiSnap uses RevenueCat to manage subscription entitlements. RevenueCat receives your anonymous user identifier and subscription status to determine whether premium features are accessible. RevenueCat does not receive your name, payment information, or any case data. Payment processing is handled entirely by Apple or Google. SurgiSnap never accesses your payment information.
OpenAI
HIPAA BAA in placeWhen you use the AI-powered case extraction feature, the text extracted from your operative note is transmitted to OpenAI for structured processing. If patient identifiers such as MRNs or initials appear on the scanned document, they may be included in the extracted text. The extracted text is encrypted in transit. OpenAI does not retain this data after processing under its Zero Data Retention provisioning.
This transmission occurs under a HIPAA Business Associate Agreement that prohibits OpenAI from retaining, logging, or using this data for any purpose beyond fulfilling the immediate request. No operative note content is stored by OpenAI or SurgiSnap after processing is complete.
Local Data Storage
All case log data is stored exclusively on your device using AES-256 encryption. Access to the app and its data requires biometric authentication (Face ID or Touch ID) or your device passcode.
Cloud Backup (Optional)
If you enable the optional cloud backup feature, an encrypted backup of your case log is stored in your personal iCloud or Google Drive account. This backup is secured with a password that only you know. SurgiSnap does not have access to your backup password and cannot access or recover your backup data.
Children's Privacy
SurgiSnap is intended for use by medical professionals and is not directed at individuals under the age of 18.
Changes to This Policy
SurgiSnap may update this policy from time to time. Material changes will be communicated within the app. Continued use of the app after notification constitutes acceptance of the revised policy.
Contact
For privacy-related questions: