Privacy Policy
Last Updated: December 28, 2024
1. Introduction
Welcome to Anestesio ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web service (collectively, the "Service").
Anestesio is a professional tool designed exclusively for anesthesiologists to track and manage their medical procedures. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD).
Our Privacy Commitment
Anestesio does not collect, store, or process any personally identifiable information (PII) about patients. Our application is specifically designed to track anonymous, aggregate medical procedure data without any means of identifying individual patients.
2. Data Controller Information
The data controller responsible for your personal data is:
- Company: Anestesio
- Email: privacy@anestesio.app
- Website: https://anestesio.app
3. Information We Collect
3.1 User Account Information (Healthcare Professional Data)
When you register for an account, we collect:
- Full name
- Email address
- Professional medical license number (CRM or equivalent)
- License jurisdiction/state
- Password (stored in encrypted/hashed format)
This information is necessary to provide you with our Service, verify your identity as a licensed healthcare professional, and maintain the security of your account.
3.2 Procedure Data (Anonymous Patient Information)
For each medical procedure you record, we collect only non-identifiable, anonymous data:
| Data Collected | Purpose | Patient Identifiable? |
|---|---|---|
| Patient age (years only) | Clinical statistics | No |
| Patient weight (kg) | Dosage calculations | No |
| Patient height (cm) | Clinical reference | No |
| Patient sex | Clinical statistics | No |
| ASA classification | Risk assessment records | No |
| Type of anesthesia | Procedure tracking | No |
| Procedure type and specialty | Professional records | No |
| Medications administered | Clinical documentation | No |
| Date and duration | Scheduling and statistics | No |
| Facility/hospital name | Location tracking | No |
What We Do NOT Collect
We explicitly DO NOT collect any of the following patient information:
- Patient names or initials
- Patient identification numbers (ID, SSN, CPF, etc.)
- Medical record numbers
- Contact information (address, phone, email)
- Photographs or biometric data
- Exact birth dates
- Any other information that could directly or indirectly identify a patient
3.3 Technical and Usage Data
We automatically collect certain technical information when you use our Service:
- Device type and operating system
- App version
- IP address (for security and fraud prevention)
- Usage patterns and feature interactions
- Crash reports and error logs
- Language and regional preferences
3.4 Payment Information
For subscription services, payment processing is handled by third-party providers (Stripe, Apple App Store, Google Play Store). We do not store complete credit card numbers or banking details on our servers. We only retain transaction identifiers necessary for subscription management.
4. Legal Basis for Processing (GDPR & LGPD)
We process your personal data based on the following legal grounds:
| Data Type | Legal Basis | GDPR / LGPD Article |
|---|---|---|
| Account information | Contract performance | Art. 6(1)(b) / Art. 7, V |
| Procedure data | Contract performance | Art. 6(1)(b) / Art. 7, V |
| Technical data | Legitimate interest | Art. 6(1)(f) / Art. 7, IX |
| Anonymous analytics | Legitimate interest / Consent | Art. 6(1)(f) / Art. 7, I |
| Marketing communications | Consent | Art. 6(1)(a) / Art. 7, I |
5. How We Use Your Information
5.1 Service Provision
- Creating and managing your account
- Enabling you to record and track medical procedures
- Generating statistics and reports about your professional activity
- Providing customer support
- Processing subscription payments
5.2 Service Improvement
- Analyzing usage patterns to improve features
- Identifying and fixing bugs and technical issues
- Developing new features based on user needs
5.3 Anonymous Data Usage
Use of Anonymized and Aggregated Data
We reserve the right to use fully anonymized and aggregated data derived from procedure records for:
- Scientific Research: Contributing to medical and anesthesiology research, clinical studies, and academic publications
- Statistical Analysis: Generating industry insights, benchmarks, and trend reports
- Service Improvement: Enhancing our algorithms, features, and user experience
- Marketing: Creating general statistics for promotional materials
Important: This anonymized data cannot be traced back to any individual patient or healthcare professional.
5.4 Communications
- Sending service-related notifications (security alerts, updates, maintenance)
- Responding to your inquiries and support requests
- Sending marketing communications (with your consent)
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information only in the following circumstances:
6.1 Service Providers
We work with trusted third-party service providers:
- Cloud Hosting: Vercel, Supabase
- Payment Processing: Stripe, Apple, Google
- Error Monitoring: Sentry
- Email Services: Resend
6.2 Legal Requirements
We may disclose your information if required by law or in response to valid legal requests from public authorities.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and adequacy decisions.
8. Data Security
We implement robust security measures:
- Encryption: All data encrypted in transit (TLS/HTTPS) and at rest
- Access Controls: Strict authentication and authorization
- Data Isolation: Each user's data is logically separated
- Password Security: Passwords hashed using industry-standard algorithms
- Regular Audits: Periodic security assessments
- Row-Level Security: Database-level access controls
9. Data Retention
- Account data: Retained while active + 5 years after deletion
- Procedure records: Retained while active; deleted upon account deletion
- Technical logs: Up to 12 months
- Payment records: 5-7 years (per tax regulations)
10. Your Rights
Under GDPR and LGPD, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion ("right to be forgotten") |
| Portability | Request data in machine-readable format |
| Restriction | Request limitation of processing |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time |
| Lodge Complaint | File a complaint with supervisory authority |
Contact us at privacy@anestesio.app to exercise your rights. Response time: 30 days (15 days for LGPD).
11. Children's Privacy
Anestesio is designed exclusively for licensed healthcare professionals. We do not knowingly collect personal information from individuals under 18.
12. Cookies and Tracking
- Essential Cookies: Required for authentication and security
- Preference Cookies: Language and display preferences
- Analytics Cookies: Usage understanding (with consent)
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email and in-app notifications.
14. Supervisory Authorities
If you believe your rights have been violated, contact:
- Brazil (LGPD): ANPD - www.gov.br/anpd
- European Union (GDPR): Your local Data Protection Authority
15. Contact Us
Questions about this Privacy Policy?
- Email: privacy@anestesio.app
- Support: support@anestesio.app
- Website: https://anestesio.app
© 2025 Anestesio. All rights reserved.