Privacy Policy

MedAtlas (the "App", "we", "us", "our") is operated by the developer responsible for the App as listed on the App Store. You can contact us any time at support@usemedatlas.com. For the purposes of the EU General Data Protection Regulation (GDPR), we act as the data controller for any personal data described in this Policy.

We do not require you to create an account to use MedAtlas. We do not ask for your name, email address, phone number, postal address, date of birth, photo, or any other directly identifying information.

We never collect, store, transmit, or have access to patient health information (PHI). MedAtlas is a reference tool. It does not provide any field where you should enter patient identifiers, and we strongly advise you not to enter PHI anywhere in the App. We do not access your camera, your contacts, your microphone, your location, your photo library, or your other apps. We do not use the iOS advertising identifier (IDFA), and we do not engage in any cross-app or cross-site tracking.

To operate the App and process subscriptions, a small amount of non-identifying technical information is processed by us and by the third-party services listed in Section 4.

Device and session data. When you open the App, we assign an anonymous identifier so the App can save your bookmarks, recent items, and onboarding selections (your selected role and specialty, for example). This identifier is a random UUID. It is not derived from your name, email, IP, or device fingerprint and is not linkable to you by us or by third parties.

Subscription data. If you choose to start a free trial or subscribe to MedAtlas Pro, our subscription processor (RevenueCat) and Apple receive the information they need to manage that transaction. This includes the product you purchased, the transaction identifier, your subscription start and renewal dates, and an anonymous user identifier so your subscription can be restored on the same Apple ID. We do not receive your credit card number, billing address, or Apple ID; Apple handles all payment information directly.

Diagnostic data. If you opt in to share crash and diagnostic data with us (via the iOS prompt the first time the App crashes, or via our crash reporting integration once enabled), we receive anonymous reports describing what went wrong. These reports may include the type of device, the iOS version, the App version, the stack trace of the error, and the screen you were on. They do not include your bookmarks, your search queries, or any content you have viewed.

Product analytics. If product analytics are enabled in a future version of the App, we may collect anonymous, aggregated event data such as which sections of the App you open, how often you search, and whether you complete a free trial. These events are linked only to the anonymous device identifier described above. They do not include the text of your searches, the names of items you opened, or any personally identifying details. You can disable analytics at any time by uninstalling the App.

We use a small number of carefully selected processors to operate the App. Each is contractually obligated to protect any data they handle on our behalf.

Supabase, Inc. — application backend. Hosts the content library and stores your anonymous bookmarks and recent items. Privacy policy: https://supabase.com/privacy.

RevenueCat, Inc. — subscription management. Receives subscription receipts from Apple and exposes your entitlement status to the App. Privacy policy: https://www.revenuecat.com/privacy.

Apple, Inc. — App distribution and in-app payments. When you purchase or restore a subscription, you transact with Apple under their terms and privacy policy: https://www.apple.com/legal/privacy.

If we add or change processors, we will update this Policy and the "Last updated" date at the top of this screen. Where required by law, we will also notify you in the App.

We use the information described above only to operate and improve MedAtlas. Specifically, we use it to provide and protect the App, deliver the features you request (such as bookmarking content or restoring your subscription), debug crashes, and understand which parts of the App are useful so we can prioritize what to improve.

We do not sell your information. We do not share your information with advertising networks. We do not use your information to build a personal profile of you, predict your demographics, or target advertising at you anywhere.

For users in the European Economic Area, the United Kingdom, or Switzerland, the legal bases on which we rely to process the information described above are: (a) performance of a contract, where processing is necessary to provide the App or your subscription; (b) our legitimate interests in maintaining a secure and functional product, balanced against your privacy rights; and (c) your consent, where we have asked for it (for example, to enable push notifications or share diagnostic data).

Bookmarks and recent items associated with your anonymous identifier are retained for as long as you keep the App installed. If you uninstall the App, those records remain on our backend for up to 90 days (so the App can re-bind them if you reinstall on the same device) and are then permanently deleted.

Subscription transaction records are retained as required by Apple and by applicable tax and accounting law, typically up to 7 years.

Diagnostic and analytics events are retained for up to 12 months in aggregate form, then permanently deleted.

Depending on where you live, you may have certain rights regarding the limited information we hold:

Right to access. You can request a copy of the information we hold that is associated with your anonymous identifier. Because we do not know your name, you will need to provide the anonymous identifier itself (visible on the Account tab of the App) so we can locate any records.

Right to deletion. You can delete every record we hold by uninstalling the App. If you would like written confirmation of deletion, email us at support@usemedatlas.com from any email address and include the anonymous identifier.

Right to opt out of sale. We do not sell your information. For users covered by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), this means there is nothing to opt out of.

GDPR-specific rights. EU/UK/Swiss users additionally have the right to rectification, restriction of processing, data portability, and to lodge a complaint with their local data protection authority.

To exercise any of these rights, contact us at support@usemedatlas.com. We will respond within 30 days, or sooner where required by law.

MedAtlas is intended for use by licensed or supervised healthcare professionals and is rated 12+ on the App Store, which reflects medical content. The App is not directed to children under 13, and we do not knowingly collect any information from anyone under 13. If you believe a child has provided information through the App, contact us at support@usemedatlas.com and we will delete it.

The App and our service providers operate primarily from the United States. By using the App from outside the United States, you understand that the limited information described above may be processed in the United States. Where required, our service providers use Standard Contractual Clauses or equivalent mechanisms approved by the European Commission to safeguard cross-border data transfers.

We use industry-standard safeguards to protect the limited information we process. All network connections between the App and our backend are encrypted in transit using TLS 1.2 or higher. Our backend providers (Supabase and RevenueCat) maintain SOC 2 Type II controls and encrypt data at rest. We restrict internal access on a need-to-know basis. No system is perfectly secure, but we take our responsibility seriously and disclose security incidents to affected users where required by law.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this screen. Material changes will be highlighted within the App on first launch after the change takes effect. Your continued use of the App after a change indicates your acceptance of the revised Policy.

If you have any questions about this Privacy Policy or our handling of your information, please contact us at support@usemedatlas.com. We will do our best to respond within five business days.