Privacy Policy

Effective July 3, 2026

Overview

UNCRASH™ is a clinical documentation and quality improvement tool for authorized healthcare professionals. This policy describes what data we collect, how it is stored, and how it is used. We collect only what is necessary to provide the service and support quality improvement research.

UNCRASH™ is currently distributed as a structured pilot program via TestFlight. Use is restricted to authorized clinicians, resuscitation teams, ACLS instructors, simulation programs, and institutional QI partners.

Data We Collect

  • Account information — email address and authentication credentials for users who sign in with an account. UNCRASH™ also supports guest (device-only) access — no email or account required. Guest sessions are tied to the device and role selected at onboarding.
  • Professional profile — role (e.g. RN, attending physician, ACLS instructor), primary hospital or institution, and clinical unit (e.g. ICU, ED). This information is used to attribute quality improvement data to your institution.
  • Code session data — timestamped event logs generated during resuscitation documentation, including CPR cycles, rhythm identifications, medication administration times, shock delivery, airway management, and outcomes. Also includes suspected arrest etiology (e.g. Cardiac, Respiratory, Metabolic), patient age bracket, and code location type (e.g. ICU, ED). This data does not include patient names, medical record numbers, dates of birth, or other direct patient identifiers. Sessions flagged as simulation or training runs (mock code mode) are stored separately and are never mixed with clinical records.
  • Post-arrest management data — structured checklist of post-ROSC interventions (e.g. fever prevention, vasopressors, EKG ordered) and EKG interpretation (STEMI / No STEMI), timestamped at the time of action.
  • Post-arrest assessment data — structured quality metrics including compression quality rating, team communication assessment, equipment notes, and debrief notes entered after a resuscitation event.
  • Desktop transfer codes — temporary session data used to transfer a report to a desktop computer. These codes expire automatically and are purged nightly.
  • Device and usage data — basic app diagnostics to maintain service reliability. No advertising identifiers are collected.

Free-Text Fields & PHI

UNCRASH™ does not require entry of patient-identifying information. The app is designed so that all structured data (rhythms, medications, outcomes) is captured through button taps with no free-text entry required.

Free-text fields (addend notes, debrief notes, equipment failure comments) display explicit warnings against entering patient names, MRNs, or room numbers. These fields are processed through an automated scrubber that detects and removes common identifying patterns before storage.

Users assume responsibility for compliance with their institution's privacy policies when using free-text features.

How Data Is Stored

All data is stored on Supabase infrastructure, hosted on AWS in the United States. Data is encrypted in transit (TLS) and at rest. Row-level security policies ensure each user can only access their own records.

Desktop transfer codes are temporary and purged nightly by an automated cleanup process.

You can request deletion of your account and all associated data at any time using the Delete Account option within the app, or by contacting us directly.

How Data Is Used

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as required to operate the service (Supabase infrastructure).

HIPAA & Compliance Status

Current status: Structured pilot program (TestFlight distribution) — no signed Business Associate Agreement (BAA) in place.

UNCRASH™ is designed to minimize collection of protected health information (PHI) through the following technical safeguards:

A Business Associate Agreement with our infrastructure provider is planned prior to broad institutional distribution. During the current pilot phase, users should not use this app as a primary PHI storage system. Users are responsible for ensuring their use complies with their institution's policies and applicable regulations.

Data Retention & Deletion

Code session data is retained until you delete your account or request removal. You may delete your account at any time using the Delete Account option in the app settings. Account deletion requests are processed within 30 days.

You may also request export or deletion of your data by contacting us directly.

Children's Privacy

UNCRASH™ is intended for use by licensed healthcare professionals and is not directed at individuals under 17 years of age.

Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated via the app or by email. Continued use after changes constitutes acceptance.

Contact

Questions, data requests, or deletion requests:

uncrash.support@gmail.com

UNCRASH™  ·  For authorized clinical use only