Privacy Policy

Our Privacy Approach

MedicLog is built on a simple principle: your data belongs to you. We designed the app so that we never receive, store, or have access to your patient care data or personal information.

What Data MedicLog Stores

MedicLog stores the following data locally on your device only:

• Patient care records you create (vitals, medications, procedures, timestamps)
• Patient identifying information if configured (name, date of birth)
• Your custom settings and preferences
• Voice recognition training data for custom aliases
• Archived call history

This data is stored in your device's secure app container and is included in your standard iOS backup (iCloud or iTunes).

What We Do NOT Collect

MedicLog does not collect, transmit, or have access to:

• Your name, email, phone number, or any personal identifiers
• Voice recordings (speech is processed on-device and discarded)
• Usage analytics or behavioral data
• Device identifiers or advertising IDs

We have no servers that receive your data. We cannot access your information because we never receive it.

Location Data

MedicLog uses your device's GPS for the following features:

• Closest Hospital: When you tap "Find Hospital," MedicLog uses your current location to show nearby hospitals sorted by distance
• Navigation: When you select a hospital, MedicLog passes the address to your chosen mapping app (Apple Maps or Google Maps) for turn-by-turn directions

Location data is used transiently for these features and is not stored or transmitted to our servers. The mapping application you choose handles navigation according to their own privacy policy.

Data Sharing Features

When you use MedicLog's sharing features:

QR Code Sharing

Sharing a call via QR code transfers data directly between devices using end-to-end encryption. The receiving device decrypts the data locally. If devices cannot connect directly (via local network or Bluetooth), data may pass through an encrypted relay, but the relay cannot read the contents—only the recipient's device can decrypt it.

PDF/JSON Export

When you export a call as PDF or JSON, the file is created locally on your device. What you do with that file (email, AirDrop, save to files) is under your control and subject to the privacy practices of those services.

Patient Data & HIPAA Compliance

MedicLog is designed to handle patient data responsibly while maintaining HIPAA compliance:

How MedicLog Protects PHI

• Encryption at Rest: All patient data is stored in iOS's secure app container, encrypted by the operating system
• Encryption in Transit: When sharing data via QR code, end-to-end encryption ensures only the intended recipient can decrypt the information
• No Cloud Storage: Patient data never leaves your device unless you explicitly share or export it
• On-Device Processing: Voice recognition and all data processing happens locally on your device

Your Responsibilities

As an EMS professional, you are responsible for:

• Securing your device with a passcode, Face ID, or Touch ID
• Following your agency's policies for mobile device use
• Ensuring shared data reaches only intended recipients
• Properly disposing of exported files containing PHI

Data Architecture

MedicLog's architecture ensures we never receive or have access to your patient data. Your PHI exists only on:

• Your device (encrypted in the app's secure container)
• Devices you explicitly share data with (via encrypted transfer)
• Files you export (under your control)

We have no servers that store patient data. The only data we receive is optional support logs (which never contain patient information) that you explicitly submit.

Third-Party Services

MedicLog uses the following device capabilities:

• Apple Speech Recognition: Processed entirely on-device. Voice data is not sent to Apple or any server.
• Apple Watch Connectivity: Data syncs between your devices via Apple's encrypted protocols.
• iCloud Backup: If enabled, your MedicLog data is included in your iOS backup, subject to Apple's privacy policy.

We do not use any analytics services, advertising networks, or crash reporting tools that would transmit your data.

Support Logging (Opt-In)

MedicLog includes an optional support logging feature that you can enable to help us diagnose issues:

What Support Logging Does

• When Enabled: Technical diagnostic data (button taps, screen navigation, timer states, error messages) is logged locally on your device
• What Is NOT Logged: Patient data, medications, vitals, or any clinical information is never included in support logs
• Submission: Logs are only sent to us when you explicitly tap "Submit" in Settings → Support

Where Logs Go

When you submit support logs, they are sent to our GitHub repository's issue tracker as a private diagnostic file. This includes:

• App version and device model
• Technical interaction logs (no patient data)
• Error messages and crash context

Data Retention and Deletion

You control your data retention:

• Delete individual calls at any time from within the app
• All data is removed when you delete the app
• iCloud backups retain data according to your iCloud settings

Since we never receive your data, there is nothing for us to delete on our end.

Children's Privacy

MedicLog is designed for EMS professionals and is not intended for use by children under 17. We do not knowingly collect any information from children.

Changes to This Policy

We may update this privacy policy to reflect changes in the app or legal requirements. Significant changes will be noted in app update release notes. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact

For privacy-related questions or concerns:

• Open an issue on our GitHub support page
• Email: privacy@mediclog.org