Privacy Policy

• Not a medical device: Lusitropy is not regulated as a medical device and is not designed or validated for clinical use, emergency care, or time‑critical decisions.
• No replacement for formal training: It is an adjunctive study aid only. It does not replace formal medical education, institutional policies, supervision by attending physicians, or evidence‑based clinical guidelines.
• Content limitations: Educational content may be simplified, incomplete, or out of date. Always consult authoritative primary sources and current institutional protocols.
• No PHI: Do not enter protected health information or real patient identifiers. Lusitropy is not designed to receive or store clinical records.
• Professional responsibility: You remain solely responsible for verifying information and for all decisions made in clinical or real‑world settings. When in doubt, do not rely on the app—consult qualified clinical leadership and current guidelines.

By using Lusitropy, you acknowledge and agree that it is an educational tool only and not for clinical use from any perspective—diagnostic, therapeutic, procedural, or operational.

• Privacy-first and non-commercial: Lusitropy has no ads, no tracking for advertising, and does not sell user data. It is a philanthropic, learner-centered tool created to improve education.
• Anonymous-by-choice: You may use the app without creating an account. The app will continue to collect anonymous usage data to improve your experience (for example, saving progress on-device or with an app-generated identifier). Creating an account is optional and allows your data to sync across devices.
• No third‑party advertising or marketing: We do not share data with third parties for advertising or marketing purposes.
• Limited service providers: We use essential service providers (for example, secure hosting and AI processing to enable assistant features). These providers act under our instructions and are not permitted to use your data for their own marketing.

This policy governs the Lusitropy iOS application and associated web services and APIs (the "Services"). By using the Services, you agree that your information will be handled as described herein. The Services are designed solely for educational purposes and are not a substitute for professional medical judgment, diagnosis, or treatment. You must not submit protected health information (PHI), real patient identifiers, or any data that would reasonably identify an individual.

For clarity, the Services include: (i) reading and interactive learning modules; (ii) practice questions and progress tracking; (iii) case preparation tools; (iv) the AI assistant ("Ari") which processes your prompts to generate educational responses; and (v) account creation and synchronization features. This policy applies to personal information handled when these features are used, whether you use the app anonymously or with an account.

Prohibited data categories (non‑exhaustive): PHI or patient identifiers (e.g., names, dates of birth, MRNs), confidential institutional records, export‑controlled or classified information, payment card details, government ID numbers, or any data you are not legally authorized to disclose.

Misuse restrictions: You agree not to (a) attempt to re‑identify individuals from de‑identified or anonymous data; (b) upload unlawful, defamatory, harassing, or discriminatory content; (c) probe, scan, or test the vulnerability of the Services; (d) interfere with or disrupt the Services; (e) use automated scraping or data harvesting tools; (f) attempt to circumvent technical or policy restrictions (including content filters or rate limits); or (g) use Ari to generate, request, or store content contrary to these terms. We may take reasonable steps, including logging and access controls, to prevent, detect, and respond to such misuse.

Where permitted by law, we may restrict, disable, or remove content or access that violates this policy, and we may preserve and disclose information to comply with legal obligations or to protect the safety and integrity of the Services, users, or the public.

Out of scope: This policy does not cover (i) third‑party websites or resources that may be linked from the Services; or (ii) data collected independently by Apple (e.g., App Store or TestFlight diagnostics) under Apple’s policies.

We collect the minimum data necessary to operate features and improve learning. Depending on your choices, data may be linked to an app‑generated identifier (anonymous mode) or to your account (if you create one).

• Account Information (optional)
  • Examples: Username, hashed password, optional email.
  • Purpose: Authentication, cross‑device sync, account recovery, and service communications.
  • Optional/Required: Optional unless you choose to register.
• Learning Activity
  • Examples: Topic views, question attempts and results, time‑on‑task, study plan progress.
  • Purpose: Show your progress, personalize content, and improve product quality.
  • Linkage: Anonymous identifier (no account) or account (if created) for sync.
• User Content You Provide
  • Examples: Messages to the assistant (Ari), notes you write, educational content you submit, and any media you intentionally upload in content‑creation workflows.
  • Boundaries: Do not include PHI, patient identifiers, or confidential institutional content.
• Device and App Diagnostics
  • Examples: App version, OS version, basic event and error logs; servers may record IP address for security.
  • Purpose: Reliability, security, fraud prevention, and abuse detection.
  • Minimization: Retained on a limited, rotating basis consistent with security needs.

AI Assistant (Ari): To generate responses, the text you submit to Ari is transmitted to our AI processing service provider under strict contractual terms. We do not allow providers to use your data for advertising or their own marketing. Content is retained only as needed to operate the feature, maintain quality, and enable your thread history, after which it is minimized or deleted consistent with our retention practices.

• We do not access your device contacts, calendars, or precise location.
• We do not record audio or video, and we do not run background tracking.
• We do not collect payment information (there are no ads, subscriptions, or purchases).
• We do not scan your photo library; if you choose to upload a file, only the selected file is transmitted for that purpose.

• Use without an account: Progress and settings may be tied to an app‑generated identifier and stored locally and/or on our servers in anonymous form. This supports continuity of learning and general improvements without collecting your name or email.
• Create an account (optional): If you opt in, we link progress to your account so that your data can sync across devices. You can request deletion at any time; deletion may impact synced progress and assistant threads.
• Resetting identifiers: Reinstalling the app or clearing local data may reset local identifiers and settings; server‑side anonymous data may persist in aggregate or security logs for a limited period.

• Provide and maintain the Services: Operate core features (progress tracking, content viewing, case preparation tools, Ari assistant), ensure compatibility, and deliver updates.
• Sync and personalization: Save and sync your progress, recommend study areas, and remember session context to improve your learning experience.
• Research and quality (aggregated): Analyze de‑identified or aggregated usage patterns to improve content quality and usability. Aggregation is performed to minimize privacy risk.
• Safety and reliability: Debug issues, detect and prevent abuse or attacks, and protect the Service and users.
• Legal compliance: Meet legal obligations and respond to lawful requests as required.

• No ads, no selling: We do not sell your data and do not share it for advertising or marketing.
• Service providers only: We share information with vendors strictly to operate the Services (e.g., secure hosting, databases, content delivery, AI processing for Ari). Providers must safeguard information, act only on our instructions, and are prohibited from using the data for their own marketing.
• Transfers: If information is processed outside your jurisdiction, we implement protections consistent with applicable law.
• Legal compliance: We may disclose information when required by law, regulation, or legal process, or to protect safety, rights, or the integrity of the Services.

We retain information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Examples: account and progress data are retained while your account remains active (or until deletion is requested); security and error logs are kept for a limited, rotating period; aggregated analytics may be retained without personal identifiers.

• Use anonymously: You can use the app without an account; limited anonymous data supports functionality and improvements.
• Access, correction, deletion: You may request a copy of your data, correction of inaccuracies, or deletion. Account deletion removes linked progress and assistant threads from active systems (subject to lawful retention obligations).
• Export: You may request a machine‑readable export of key learning data linked to your account.
• Communications: If you provided an email, you can opt out of non‑essential communications.
• Anonymous users: If you are anonymous, we may ask for reasonable verification (e.g., app‑generated identifier and recent activity details) to locate data.

To make a request, contact us at privacy@lusitropy.com. We will verify your request and respond consistent with applicable law.

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit (TLS), role‑based access controls, audit logging, least‑privilege practices, and secure software development processes. Backups and infrastructure are protected by access controls. No system is perfectly secure; please avoid submitting sensitive personal data or patient identifiers.

Lusitropy is intended for professional and trainee use and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us to request deletion.

Your information may be processed and stored on servers located in the United States or other jurisdictions with data protection laws that may differ from your own. Where we transfer data across borders, we implement appropriate safeguards consistent with applicable law.

If you have questions about this policy or our privacy practices, contact: privacy@lusitropy.com.

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date.