Privacy Policy

Critical Care Vault is an educational training and reference application for healthcare professionals and students. This policy explains what information is collected, how it is used, and your rights regarding your data.

If you create an account, we collect your email address and an encrypted password hash. This is used solely to authenticate your identity and enable cloud sync of your progress data.

The App records your quiz responses, scores, streaks, flagged items, completed questions, and daily activity logs. This data is stored locally on your device and, if you are signed in, synced to a cloud database (Supabase) to make your progress available across devices.

If you submit a report through Settings → Report an Issue, we collect the message you wrote, the screen you were on, the app version, and your device/browser user-agent string. This diagnostic information helps us reproduce and fix the problem. Reports are only submitted when you explicitly tap SEND REPORT.

• Patient data or protected health information (PHI)
• Location data
• Device contacts
• Camera or microphone access
• Biometric data
• Third-party analytics or advertising identifiers

This App is not designed or intended for the storage, processing, or handling of protected health information (PHI). Users should not enter patient-identifying or protected health information into notes or any free-text areas of the App. All data associated with your account is intended to reflect your personal educational progress only, not patient records.

If you believe PHI has been inadvertently entered, contact us at privacy@criticalcarevault.com to request a review and deletion.

The App relies on the following third-party services, each governed by their own privacy policies:

• Supabase — user authentication and cloud data storage
• Vercel — application hosting and content delivery
• Sentry — crash reporting and performance monitoring. Stack traces, error type, and the route at time of error are transmitted. User identity is limited to a Supabase user ID. No advertising use. Session replay is disabled on clean sessions and masks all text, inputs, and media.
• Vercel Analytics & Speed Insights — anonymous aggregate page views and Core Web Vitals (LCP, INP, CLS, FCP, TTFB). Active only on the web deployment; no beacons are transmitted from the installed iOS app.

Account data is retained while your account is active. To request deletion of your account and all associated data, contact us at privacy@criticalcarevault.com. We will process deletion requests within 30 days of receipt.

Users who have not created an account (guest mode) store data exclusively on their local device. Clearing the app's storage or reinstalling removes this data entirely.

We use encrypted connections (HTTPS) and industry-standard authentication practices to protect your data. No security system is completely infallible; please use a strong, unique password.

This policy may be updated periodically. Continued use of the App following changes constitutes acceptance of the updated policy. We will not materially reduce protections for data collected under a prior version without notice.

privacy@criticalcarevault.com