Skip to content

Privacy Policy

Last updated: February 26, 2026

1. Introduction

Case Log Pro ("we," "us," or "our") is committed to protecting your privacy and the confidentiality of Protected Health Information (PHI) entrusted to our care. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use our application and related services.

This Privacy Policy applies to:

IMPORTANT: You must accept this Privacy Policy before you can access PHI within the Service. Annual re-acceptance is required to maintain continued access. Continued use constitutes your acceptance of this policy.

  • Our web application
  • Our mobile application (iOS and Android)
  • Our APIs
  • Any related services we provide

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

Account Information: name, email, password, occupation, institution

Profile Information: photo, specialty, credentials

Case/Logbook Data: patient MRN, name, age, sex, procedure details, consultant, role, category, specialty, comments

Consent Records: privacy policy acceptance, terms acceptance, timestamps

Subscription Information: plan type, subscription status, billing or store identifiers (e.g. from app store)

2.2 Information Collected Automatically

Usage Data: pages visited, features used, actions

Device Information: device type, OS, browser

Log Data: IP address, user agent, timestamps

2.3 PHI and Healthcare Data

We process PHI for healthcare documentation. PHI is encrypted at rest (AES-256-GCM), encrypted in transit (HTTPS/TLS), access-controlled, audit-logged, and retained according to HIPAA requirements (minimum 6 years for certain records).

3. How We Use Your Information

We use information to:

  • Provide the Service (create account, store case data, enable features)
  • Authenticate and authorize access
  • Manage your subscription and subscription-based features
  • Comply with legal obligations (HIPAA, state, federal)
  • Ensure security (fraud detection, unauthorized access prevention)
  • Maintain audit trails for compliance

We may use aggregated, de-identified data to improve the Service and develop features. We do NOT sell your personal information or PHI to third parties.

4. Legal Bases for Processing

Contract Performance: account and case data for providing the Service

Legal Obligation: PHI and audit logs for HIPAA compliance

Legitimate Interest: usage data and security logs for security and service improvement

Consent: privacy policy acceptance for PHI access

5. Information Sharing and Disclosure

We may share information with:

Service Providers: hosting, database, email, storage, authentication

OCR (Google): our document text recognition (OCR) feature uses Google's OCR service; document or image content you submit for OCR may be sent to Google for processing

Your Institution: usage and case data as authorized

Law Enforcement: as required by subpoena or court order

Regulatory Authorities: HIPAA, HHS, state requirements

We require all service providers to sign BAAs where PHI is processed, implement security measures, and use data only for specified purposes. We do NOT sell, rent, or trade your personal information or PHI.

When you use the OCR (optical character recognition) feature to extract text from documents or images, that content is processed by Google's OCR service. Google's handling of data is subject to Google's privacy policy and terms.

6. Data Retention

Upon account deletion, we delete or anonymize account and profile data subject to legal retention requirements. PHI is retained for the required period, then securely deleted. Audit logs retained for 6 years, then deleted.

Case/PHI Data: 7 years (configurable)

Audit Logs: 6 years

Account Data: duration of account plus retention period

Consent Records: 6 years

7. Data Security

We implement:

Administrative safeguards: risk analysis, workforce training, incident response

Physical safeguards: facility security, device security, session timeout

Technical safeguards: encryption at rest and in transit, bcrypt, JWT, access control, audit logging

8. Audit Logging

All PHI access is logged (user, action, resource, IP, user agent, timestamp). Logs are retained for 6 years, protected from modification, and reviewed for suspicious activity.

9. Breach Notification

In the event of a data breach we:

  • Monitor and investigate
  • Assess scope and impact
  • Notify affected individuals within 60 days as required by HIPAA
  • Report breaches affecting 500+ individuals to HHS
  • Take remediation steps

Contact: contact@caselogpro.com

10. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Receive a copy in portable format
  • Correct account/profile information
  • Request deletion (subject to legal retention)
  • Request restriction or object to processing
  • Withdraw consent (may affect Service use)

To exercise these rights, contact us at the address below. We will respond within 30 days. You may lodge complaints with HHS OCR or your local data protection authority.

Contact: contact@caselogpro.com

11. Cookies and Similar Technologies

We use cookies for:

You can control cookies through browser settings.

Essential: authentication, session, security

Preferences: settings

Analytics: aggregated, non-PHI

12. International Data Transfers

Data may be transferred to and processed in our jurisdiction or service provider locations. We ensure appropriate safeguards (e.g., Standard Contractual Clauses) as required by law.

13. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect information from children. Contact us if you believe we have collected information from a child.

14. California Privacy Rights (CCPA)

California residents may have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information (we do not sell data)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

Contact: contact@caselogpro.com

15. Changes to This Privacy Policy

We may update this policy. We will notify you by posting on our website/app, sending email, or displaying an in-app notice. Annual re-acceptance is required. Continued use after changes constitutes acceptance.

16. Subscriptions and Pricing

Case Log Pro offers subscription-based access to premium features. Subscriptions may include a free trial period. After the trial ends, your subscription will automatically convert to a paid plan unless you cancel before the trial expires. Billing is handled by Google Play. Pricing may vary by region.

All payments are processed securely through Google Play. We do not collect or store your payment card information. Payment information is handled in accordance with Google Play's Terms of Service and Privacy Policy.

Subscriptions automatically renew at the end of each billing period unless canceled at least 24 hours before the renewal date. You may manage or cancel your subscription through your Google Play account settings. Refunds are subject to Google Play's refund policies.

Pricing details are displayed within the app before purchase. Prices may vary by region and are subject to change. We will notify you via email of any price changes. Continued use after a price change may constitute acceptance where permitted by applicable terms or law.

Subscription fees cover access to secure case documentation, encrypted storage, and premium features. We do not sell user data. Subscription payments are not related to medical diagnosis or healthcare services.

17. Contact Us

Email: contact@caselogpro.com

Address: 700 Smith St, Suite 61070, Houston, TX 77002