Privacy Policy

Effective May 2, 2026

Overview

UNCRASH™ is a clinical documentation and quality improvement tool for authorized healthcare professionals. This policy describes what data we collect, how it is stored, and how it is used. We collect only what is necessary to provide the service and support quality improvement research.

UNCRASH™ is currently in limited TestFlight distribution. Use is restricted to authorized testers and invited healthcare professionals.

Data We Collect

Account information — email address and authentication credentials used to sign in.
Professional profile — full name, role (e.g. RN, attending physician), primary hospital or institution, and clinical unit (e.g. ICU, ED). This information is used to attribute quality improvement data to your institution.
Code session data — timestamped event logs generated during resuscitation documentation, including CPR cycles, rhythm identifications, medication administration times, shock delivery, airway management, and outcomes. This data does not include patient names, medical record numbers, dates of birth, or other direct patient identifiers.
Post-arrest assessment data — structured quality metrics including compression quality rating, team communication assessment, equipment notes, and debrief notes entered after a resuscitation event.
Desktop transfer codes — temporary session data used to transfer a report to a desktop computer. These codes expire automatically and are purged nightly.
Device and usage data — basic app diagnostics to maintain service reliability. No advertising identifiers are collected.

Free-Text Fields & PHI

UNCRASH™ does not require entry of patient-identifying information. The app is designed so that all structured data (rhythms, medications, outcomes) is captured through button taps with no free-text entry required.

Free-text fields (addend notes, debrief notes, equipment failure comments) display explicit warnings against entering patient names, MRNs, or room numbers. These fields are processed through an automated scrubber that detects and removes common identifying patterns before storage.

Users assume responsibility for compliance with their institution's privacy policies when using free-text features.

How Data Is Stored

All data is stored on Supabase infrastructure, hosted on AWS in the United States. Data is encrypted in transit (TLS) and at rest. Row-level security policies ensure each user can only access their own records.

Desktop transfer codes are temporary and purged nightly by an automated cleanup process.

You can request deletion of your account and all associated data at any time using the Delete Account option within the app, or by contacting us directly.

How Data Is Used

To provide real-time resuscitation documentation and code narrative generation.
To enable desktop transfer of code reports via temporary codes.
To generate debrief metrics for individual and institutional quality improvement.
To support aggregate, de-identified benchmarking of resuscitation performance across institutions where permitted.
To contribute to future quality improvement research and publications. Data used for research purposes is aggregated and de-identified — no individual physician or patient is identifiable in any publication.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as required to operate the service (Supabase infrastructure).

HIPAA & Compliance Status

Current status: Limited TestFlight deployment — no signed Business Associate Agreement (BAA) in place.

UNCRASH™ is designed to minimize collection of protected health information (PHI) through the following technical safeguards:

No patient names, MRNs, dates of birth, or direct identifiers are collected or stored.
Timestamps are de-identified — only hour of day and day of week are stored for shift-pattern analysis, not absolute dates.
Free-text fields are processed through an automated PHI scrubber before storage.
Row-level security prevents any user from accessing another user's data.
Temporary clinical transfer data is automatically deleted nightly.

A Business Associate Agreement with our infrastructure provider is planned prior to broad public distribution. During the current TestFlight phase, users should not use this app as a primary PHI storage system. Users are responsible for ensuring their use complies with their institution's policies and applicable regulations.

Data Retention & Deletion

Code session data is retained until you delete your account or request removal. You may delete your account at any time using the Delete Account option in the app settings. Account deletion requests are processed within 30 days.

You may also request export or deletion of your data by contacting us directly.

Children's Privacy

UNCRASH™ is intended for use by licensed healthcare professionals and is not directed at individuals under 17 years of age.

Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated via the app or by email. Continued use after changes constitutes acceptance.

Contact

Questions, data requests, or deletion requests:

uncrash.support@gmail.com

UNCRASH™ · For authorized clinical use only