Privacy Policy

Effective date: May 8, 2026. Last updated: May 8, 2026.

The short version. RN PocketPal is built around a simple principle: the patient data you enter at the bedside should stay on your phone, not on our servers. We don't sell your data, we don't have advertising trackers, we don't build profiles, and we don't share what you type with third parties — with two narrow, opt-in exceptions explained in detail below (AI features and sign-in). The long version that follows is comprehensive because health-adjacent apps deserve scrutiny, and we want to deserve your trust.

1. Who we are

"RN PocketPal," "we," "us," and "our" refer to RNPocketPal LLC (or its successor entity), the publisher of the RN PocketPal iOS application available on the Apple App Store.

You can reach us at support@rnpocketpal.com. We respond within five business days.

2. Scope and what this policy covers

This Privacy Policy applies to:

The RN PocketPal iOS application (the "App") downloaded from the Apple App Store.
The marketing website at rnpocketpal.com (the "Site"), including any subdomains we operate.
Any optional cloud-backed features the App uses, including AI-assisted tools and authentication.

It does not apply to third-party services you reach through links on the Site or third-party SDKs that the App might integrate in future versions; those services have their own privacy policies and we will update this policy if and when integrations change.

3. About the audience and HIPAA framing

RN PocketPal is designed as educational decision-support reference for licensed nursing personnel: Registered Nurses, Licensed Practical and Vocational Nurses, Advanced Practice Registered Nurses, Certified Nursing Assistants and similar licensed personnel, plus students enrolled in accredited nursing programs. The App is not intended for patients, the general public, or children under 13.

RN PocketPal is not a Covered Entity, Business Associate, or Subcontractor under HIPAA. We are a consumer software publisher distributing a tool to individual licensed clinicians. The clinical content you may choose to enter on your device — patient initials, room numbers, vital signs, medications, assessment notes — is data you control on hardware you own. We do not receive, store, or process that data on our systems, and our products are not part of a Covered Entity's electronic health record system.

That non-coverage status is also why we hold ourselves to a stricter privacy posture than HIPAA would alone require. The substantive controls in the App are designed so that even if a clinician accidentally enters identifiable patient information, that information stays on their device and is purged on a fast retention schedule.

4. What information we receive — and what we don't

Information that stays only on your device

The vast majority of what you enter into the App never leaves your phone. The App's brain sheet, drip and dose calculations, lab values, IV compatibility lookups, code-card timers, shift-task list, medication schedules, care plans, nursing notes, assignment-board rosters, brain-sheet templates, and saved game scores all live in local on-device storage (Apple's SwiftData / UserDefaults / iOS Keychain, as appropriate). We do not receive copies of this data, we cannot access it, and we cannot recover it for you if you delete the App. There is no cloud backup of clinical content in the current version of the App.

Optional export to Apple Calendar

The Nurse Calendar tool can write your work shifts to your iPhone's Apple Calendar so they appear alongside your personal events. This is opt-in — nothing is exported until you explicitly tap "Add to Apple Calendar" on a shift, or run the bulk export from the toolbar menu.

When you grant the permission, RN PocketPal uses Apple's write-only calendar access (introduced in iOS 17). We can ADD events to the calendar you choose; we cannot read events that are already in your calendar. Only the shift fields (employer name, time, hourly rate, differentials, your own notes) are written to the event — no patient data of any kind is involved, because the Nurse Calendar tool itself is for your work schedule, not patient care.

Where do those calendar events go? Wherever your iPhone's Apple Calendar is configured to store them. If you have iCloud Calendar enabled, they sync to your iPad, Mac, and Apple Watch through Apple's iCloud service (covered by Apple's privacy policy). They never reach our servers.

Information you transmit when you opt in to AI features

When you enable AI Settings in the Profile tab and use one of the AI-assisted features, the App transmits a narrow, scrubbed query to our backend so the feature can return a useful response. Examples:

Feature	What is transmitted	What is NOT transmitted
AI handoff drafting (SBAR, WatchFor)	Patient-context fields you've entered (diagnoses, allergies, code status, medications, lab values, isolation status), with patient identifiers (names, initials, MRN, room numbers, dates of birth) removed by an on-device scrubber before transmission.	Patient name, MRN, DOB, room number, hospital name, exact age (replaced with age range bucket), exact weight (replaced with bucket).
Care Plan generator	The clinical scenario text you provide.	Anything you don't include in your prompt.
Note Writer	The note draft text you ask us to refine.	Anything you don't include in the draft.
Unfamiliar Diagnosis brief	The diagnosis name plus a non-identifying patient-context blob (age bucket, code status, allergies, comorbidities, weight bucket, isolation status).	Patient name, MRN, DOB, room, exact age, exact weight.
Rhythm Reader (camera capture)	A redacted strip image after the on-device PHI redactor has covered text, faces, and barcodes.	Any patient banner text or facility identifier the redactor caught.
Legal Reference (Ask)	Your nursing-law question, scrubbed for PHI.	Patient identifiers if your question accidentally contained them.

AI requests are forwarded through an HTTPS Cloudflare Worker we operate to a third-party language-model provider. As of the effective date above, that provider is DeepSeek, hosted in the People's Republic of China. We selected DeepSeek for cost reasons during pre-launch development. We disclose this prominently inside the App's AI Settings panel because reasonable users have differing comfort levels about cross-border data routing for clinical content. If you are not comfortable with cross-border AI processing, you can disable AI features in Profile → AI Settings; the App's core tools (brain sheet, calculators, references, code cards, calendar, and so on) all work without AI.

We do not retain AI request logs containing your query content on our servers. The Cloudflare Worker does not write request bodies to durable storage. We cannot guarantee that our upstream AI provider does not log queries on their side; consult their published privacy practices for details.

Information you provide when you sign in

If you choose to sign in, the App uses Sign in with Apple or Sign in with Google. We receive the minimum identity information those providers expose:

Sign in with Apple: a stable opaque user identifier; your name, only on the first sign-in (Apple does not re-share it on subsequent sign-ins); the email address you authorized (which may be Apple's "Hide My Email" relay address, in which case Apple proxies replies and we never see your real email).
Sign in with Google: the OpenID Connect "sub" claim (a stable opaque user identifier), your name, your email address, and your profile picture URL.

Sign-in is optional. The App's local-only features (brain sheet, calculators, references, code cards) work without a signed-in account. Sign-in is required only for features that involve identity across devices, which are not present in the current version of the App but may be added in future versions.

We do not share your sign-in identity with any third party other than the App Store provider (Apple) for receipt verification and the authentication provider (Apple or Google) for the original sign-in.

Information collected automatically

When you visit our Site (rnpocketpal.com), the web server logs your IP address, user-agent string, referring URL, and the path you requested. This is standard web-server behavior and the logs are used for security monitoring and aggregate traffic counts. Logs are retained for 30 days and then rotated. We do not run third-party analytics scripts (no Google Analytics, no Mixpanel, no Segment, no Amplitude) on the Site or the App.

The App may send anonymous, non-content telemetry about feature usage (e.g., "the user opened the rhythm reader") via TelemetryDeck or a comparable privacy-first analytics service. This telemetry never includes the content you typed and never includes patient identifiers. You can opt out of telemetry in Profile → Privacy.

Crash reports

If the App crashes, the App may send an anonymous crash report containing the device model, iOS version, and stack trace. Free-text user content (notes, search queries, brain-sheet entries, patient information) is scrubbed before transmission via an allowlist-based redactor. Crash reports go to Sentry or a comparable service. Crash report retention is 90 days.

Subscription and payment information

Subscriptions are sold and billed by Apple via the App Store using StoreKit. We never see your credit-card number, billing address, or financial details. What we receive from Apple is an anonymous receipt that confirms whether you have an active subscription. We use that receipt only to unlock paid features in the App.

5. What we do not collect or do

We do not sell your personal information to anyone.
We do not share your information with advertising networks; the App contains no advertising.
We do not build profiles of your behavior across the web or across other apps.
We do not request your location.
We do not request access to your contacts.
We do not request access to your calendar (the in-app Nurse Calendar is internal to the App and stores its data on your device).
We do not access your photo library except for images you explicitly select for tools that need them (e.g., picking a rhythm strip from your library, or photographing a contract for the Pay & Contracts analyzer).
We do not access the camera except for tools that need it (Rhythm Reader, MAR-import OCR, contract-photo OCR), and only while you have the relevant capture screen open.
We do not access the microphone except for voice-dictation tools that need it (brain-sheet voice fill, listen-to-report, dictated notes), and only while you are actively recording.
We do not record audio in the background.
We do not transmit data over Bluetooth; the App uses Bluetooth Low Energy only to passively scan for the manufacturer-broadcast field of nearby cardiac implants for the optional CIED Identifier tool, and we never read data from any device.
We do not perform federated learning or train any machine-learning model on your individual usage patterns.

6. How long we keep what we receive

Type of data	Where it lives	How long
Brain sheets, patient notes, calculations	Your device only	Until you delete the App or use End Shift. Privacy mode: 24-hour archive, 48-hour delete.
AI query content	Cloudflare Worker (transient)	Not retained beyond request lifetime. Upstream provider's policy applies.
Sign-in identity	Our backend (when backend ships)	For as long as your account exists. Deleted on account deletion.
Web-server logs	Cloud-hosted log storage	30 days, rotated.
Crash reports	Sentry or comparable	90 days.
Email correspondence with us	Our email provider	Up to 3 years for support continuity, then deleted.

7. Your rights

Because the bulk of your App data lives on your device, the most reliable way to exercise your rights is to use the App's built-in controls:

Delete a brain sheet, calculation, note, or roster: swipe-delete in the relevant list, or use Shift → End Shift to wipe unpinned items.
Privacy posture: Profile → Privacy. Choose Standard, Privacy, or Maximum mode. Privacy and Maximum modes use anonymous patient labels (Patient A / B / C) instead of room + initials, with shorter retention windows.
Disable AI features: Profile → AI Settings → toggle off.
Opt out of anonymous telemetry: Profile → Privacy → toggle off.
Sign out / delete account: Profile → Account → Sign out (clears local credentials). Deletion of any backend-side identity record can be requested by emailing support@rnpocketpal.com.
Delete all App data: uninstall the App from your iPhone. iOS removes the local data sandbox on uninstall.

For data we hold server-side (sign-in identity records, support correspondence, web-server logs that have not yet rotated), you can also email support@rnpocketpal.com with one of the following requests:

Confirm whether we hold any personal information about you.
Provide a copy of any personal information we hold about you.
Correct inaccurate personal information.
Delete any personal information we hold about you (subject to legal retention obligations, if any apply).
Object to or restrict processing of your personal information.

We respond within 30 days, and within 45 days if your request is complex.

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act. The categories of personal information we may receive about you correspond to "Identifiers" (email, name, opaque user IDs) and "Internet activity" (server logs). We do not sell or share personal information for cross-context behavioral advertising. We do not collect "Sensitive Personal Information" as defined in the CPRA. You can exercise California-specific rights by emailing support@rnpocketpal.com with the subject line "California Privacy Request."

European residents (GDPR), where applicable

The App is currently distributed in the United States and is not actively marketed in the European Union or the United Kingdom. If you are an EU or UK resident who has installed the App: the lawful bases for processing the limited personal information we receive are (a) your consent (sign-in, AI features, telemetry), (b) performance of a contract (subscription handling), and (c) legitimate interests (security monitoring of server logs). You have the right to access, rectify, erase, restrict, or port your data, and to lodge a complaint with your supervisory authority. Email support@rnpocketpal.com with the subject line "GDPR Request." We do not have an EU representative at this time.

8. Children

RN PocketPal is intended exclusively for licensed nursing personnel and nursing students. The App is not intended for, marketed to, or designed for use by children under 13, and we do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided personal information to us, please contact support@rnpocketpal.com and we will delete it promptly. Nursing students who are minors should obtain parental consent before using the App and should not enter any patient information from clinical rotations until they have reviewed their nursing-school's policy on mobile-app use during clinical practice.

9. Security

We use industry-standard security practices to protect personal information, including:

HTTPS / TLS for all network communication between the App and our backend.
iOS Keychain for credentials and sensitive tokens.
Apple SwiftData with file-level encryption when the device is locked.
App Lock with Face ID / Touch ID / device passcode (optional in Standard mode, required in Maximum privacy mode).
Background-screen overlay so the iOS app-switcher preview shows the App's brand cover, not the in-progress brain sheet.
Screenshot detection that warns when a screenshot of patient-facing content is taken.
Allowlist-based scrubbing of free-text fields before any crash report is transmitted.

No system is perfectly secure. If we learn of a security incident affecting personal information we hold, we will notify affected users in accordance with applicable law.

10. Educational reference framing

RN PocketPal is an educational decision-support reference for licensed clinicians. It is not a medical device, is not FDA-cleared, and does not diagnose or treat any condition. AI-assisted features produce educational interpretations that the user is expected to verify with calipers, prior records, hemodynamics, a 12-lead ECG, prescribing-information references, and clinical judgment as appropriate. Hospital protocols and prescriber orders take precedence over any value or interpretation shown in the App.

11. Changes to this policy

We will update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes — such as adding a new third-party data recipient, adding a category of data we collect, or expanding the purposes for which we use existing data — will be announced inside the App via a one-time disclosure dialog and on this page at least 14 days before they take effect.

12. Contact

RNPocketPal LLC
Email: support@rnpocketpal.com
Privacy requests: subject line "Privacy Request"
California requests: subject line "California Privacy Request"
GDPR requests: subject line "GDPR Request"

— end of Privacy Policy —