Privacy Policy - Nurse Resource App

Our Commitment to Your Privacy

This document outlines the types of user information the Nurse Resource application collects, the reasons for its collection, and the procedures for its permanent deletion.

What Information We Collect and Why

To provide secure and role-based access to our application, we collect and store the following essential user information:

Pre-authorized Account Information

To ensure that only approved personnel can use this application, your Personal Identification (First Name, Last Name, Email Address) and Professional Affiliation (Hospital) must first be added to a secure pre-authorization list (a "whitelist"). This is done by a designated authority from your institution (such as a manager, nurse clinician/educator, or senior administrator). This pre-authorization step is required to create an account and is essential for preventing unauthorized public access.

Authentication ID

Upon your first login, a unique, non-identifiable User ID (UID) provided by our authentication system (Firebase Authentication) is associated with your account to secure your login credentials.

Audit Timestamps

For institutional auditing and security purposes, we automatically record timestamps when your account is first created and when it is formally activated within our system.

Presence Status

To facilitate application features, we temporarily log when a user's account is actively online, offline, or ready for video calls. This presence data is used for:

• Session management and security
• Video call request/accept workflows
• Activity tracking for security auditing

Session Tokens

For security and authentication purposes, we generate and store encrypted session tokens on your device. These tokens:

• Are stored locally using Android's EncryptedSharedPreferences (AES-256 encryption)
• Are never transmitted in plaintext
• Are automatically cleared when you log out or the app goes to background
• Are validated against our servers to prevent unauthorized access

Activity Tracking

We record timestamps of your last activity within the application for:

• Security auditing and session validation
• Detecting inactive sessions
• Maintaining secure access controls

This information is stored in our secure database and is used exclusively for authentication, authorization, and security auditing purposes.

Biometric Authentication Data (Optional)

If you choose to enable biometric login (fingerprint or face recognition), we store the following data locally on your device using encrypted storage:

• Your email address (encrypted)
• Your password (encrypted, only used after successful biometric authentication)

Terms & Conditions Acceptance

We track your acceptance of our Terms & Conditions to ensure compliance:

• Acceptance timestamp is recorded
• Terms must be re-accepted every 24 hours
• This data is stored in your user profile for auditing purposes

Favorites

If you choose to save favorite resources, we store:

• Resource ID references
• Timestamp when each favorite was created

This data is stored in your user profile and is used solely to provide quick access to your saved resources.

Request for Service (RFS) Data

When you submit a request for service, we collect and store:

• Your user ID (UID)
• First Name, Last Name, Email Address, Hospital (from your profile)
• Availability information you provide
• Request details and description
• Request status (open, in-progress, closed, etc.)
• Creation and update timestamps

This data is used to process your service requests and is accessible to authorized administrators for triage and response.

Video Call Tokens

For video call functionality, we store temporary Agora video call tokens in our secure database:

• Token is associated with your user ID
• Token is used only for establishing video connections
• Token timestamps are recorded for security auditing

Attendance Records

When you scan a QR code for attendance tracking, we record:

• First Name, Last Name (from your profile)
• Date and Time of attendance
• Session topic/subject

This data is used for institutional reporting and statistics.

Information We Do Not Collect

Our commitment to your privacy extends to data we explicitly do not collect:

Financial Information

At no time will our application request payment or financial information from you, including credit card numbers or banking details, outside of the initial purchase price agreed upon in the official Apple App Store or Google Play Store. Any such request should be considered fraudulent activity and reported immediately.

Personal Health Information (PHI)

This application will never collect, store, or ask for any Personal Health Information (PHI) of any kind. The collection of PHI is outside the scope of this application's purpose. Any request for this type of sensitive information should be considered fraudulent activity and be reported.

Location Data

While the application may request location permission for hospital geolocation matching, your precise location is:

• Used only once per session when you request it
• Never stored or saved to your profile
• Only used to identify the nearest partner hospital for resource filtering
• Not tracked or monitored over time

Data Storage and Security

Encryption

All sensitive data is encrypted using industry-standard encryption:

• Session Tokens: Stored using Android's EncryptedSharedPreferences (AES-256-GCM encryption)
• Biometric Credentials: Stored using Android's EncryptedSharedPreferences (AES-256-GCM encryption)
• Network Traffic: All data transmission uses HTTPS/TLS encryption
• No Plaintext Storage: We never store sensitive data in unencrypted form

Secure Storage Locations

• Local Device Storage: Session tokens and biometric credentials are stored locally on your device using encrypted storage
• Cloud Database: User profiles, service requests, and attendance records are stored in our secure cloud database (Firebase)
• No Third-Party Sharing: We do not sell, rent, or share your personal information with third parties

Data Deletion & Self-Service Erasure

We are committed to the complete and permanent removal of your personal data whenever you choose to stop using the application.

Your Options to Delete Data

1. Self-Service (preferred):

You can delete your own account and associated data at any time using the in-app deletion feature (Account → Privacy & Deletion → Delete My Data). You'll be asked to confirm by entering your account email and current password. Deletion begins immediately after you confirm.

2. Request at Any Time:

You may also request deletion at any time by contacting us at nurseresourceapp@gmail.com. We will verify your identity and complete the deletion using the same automated process described above.

3. Administrator-Initiated (when appropriate):

If your access is no longer required (e.g., role changes or program completion), an authorized administrator may initiate the same automated deletion process.

What Gets Deleted (Scope)

When deletion is initiated (by you or by an administrator), our system performs an automated, multi-step, irreversible erasure of your data:

Authentication Account Deletion

• Your account is permanently removed from our authentication system, immediately revoking access.

Application Data Deletion

We locate and permanently erase associated records in our application databases that reference your account, including:

• Whitelist/profile entries linked to your account ID or email
• Favorites collection (all saved resource references)
• Service requests (all RFS tickets you submitted)
• Attendance records attributed to your account
• Terms acceptance records (all acceptance history)
• Temporary presence and signaling entries used for login/call workflows (e.g., online/offline status, call request/hangup entries)
• Activity tracking records (lastActivity timestamps)
• Session tokens (both local device storage and cloud database)
• Video call tokens (Agora token records)

Local Device Data Deletion

• Session tokens stored in encrypted local storage are cleared
• Biometric credentials (if enabled) are removed from encrypted local storage
• App cache and temporary files are cleared

Timing, Backups, and Residual Copies

Effective Immediately

Primary deletion steps occur immediately after you confirm deletion (self-service) or when an administrator triggers it.

Operational Backups

If we maintain operational backups we control, they are overwritten on a rolling basis. Cloud provider–managed replicas and routine system backups are governed by the provider's retention policies; they are not accessible for normal operations.

Local Device Data

Data stored locally on your device (session tokens, biometric credentials) is deleted immediately when you delete your account or log out. However, you may need to manually clear app data from your device settings to ensure complete removal.

Records & Audit

We do not maintain a separate deletion-receipt record in our databases.

Identity Verification & Safety

• For user-initiated support requests, we may ask for limited verification to protect your account from unauthorized deletion.
• If there is an outstanding security, fraud, or legal hold obligation, we may delay deletion only as required to comply with applicable law or to resolve the issue—then complete deletion immediately after.

Third-Party Processors

If any third-party service processes your personal data strictly on our behalf, we will propagate the deletion request to those processors as applicable. This includes:

• Firebase Authentication (account deletion)
• Firebase Firestore (database records)
• Firebase Realtime Database (presence and activity data)
• Agora (video call token records)

Contact

For any questions or to request deletion, email nurseresourceapp@gmail.com.

Disclaimer on Application Content

All educational material created for the application is vetted for accuracy and referenced in accordance with best practices. However, this application and its content should only be used as an informational tool to enhance a previously established educational and knowledge base. It should never be used as a sole reference for diagnosing, treating or caring for patients. When in doubt, users must concede to the expertise provided by the patient's attending physician and ensure they are adhering to the specific policies and procedures of their facility.

Nurses in Ontario are obligated to practice within the practice and ethical guidelines established by the College of Nurses of Ontario (CNO). For further information, please visit www.cno.org.

Summary of Use:

Resource App Calendar (Read-Only Events)

A secure, read-only view of upcoming educational sessions and institutional events.

• Purpose – Displays a vetted list of events (title, date, time, description, optional link) sourced from our central database to help staff find training and resources quickly.
• Access Control – Requires a signed-in, email-verified account. A session token is validated against our security log to prevent unauthorized access.
• What's Collected – This feature does not collect new personal information, payment details, or any PHI. It only reads event entries from our database and shows them to you.
• Temporary Presence Log – Your online/offline status may be logged temporarily to support security/auditing (consistent with the Presence Status note in this policy).
• No Device Sensors – The calendar does not use your camera, microphone, or location.
• External Links – Some events include links to third-party resources; opening these is optional and subject to the third party's policies.
• Curation & Accuracy – Events are added/updated by authorized administrators. While content is vetted, schedules may change; always confirm details with your institution as needed.
• Retention & Deletion – Event entries are maintained by administrators and can be corrected or removed. Any related security logs and presence data follow the Data Deletion Process outlined in this policy.

Educational Resources Hub

This feature serves as a secure gateway to our educational content. It authenticates your user session and allows you to select a topic of interest. Upon selection, it directs you to a page displaying a curated list of relevant resources, such as documents and videos. This process operates without collecting any new personal information, payment details, or Personal Health Information (PHI). All resources displayed through this hub are sourced from our central database, where they have been vetted for accuracy and referenced in accordance with best practices.

Equipment Identifier (AI Scanner)

This tool uses your device's camera and on-device Artificial Intelligence (AI) to help identify medical equipment.

• Camera Use and Privacy: The camera is used only as a live scanning tool for the AI to see the object in real-time. No photos or videos are ever saved, stored, or transmitted. Any image data captured for analysis is immediately and permanently purged once the analysis is complete.
• Patient Privacy Warning: Users are responsible for ensuring patient privacy at all times when using the scanner. You must adhere to your facility's policies and procedures regarding the use of cameras in clinical environments.
• AI and User Verification: The AI's purpose is to suggest potential matches for the object being scanned. The user is always in control; any suggestion made by the AI must be verified or declined by you.
• Resources: If you confirm an AI suggestion, the app will display a list of relevant educational resources. All resources have been vetted for accuracy and referenced in accordance with best practices.
• Geolocation Data: This application uses your device's location one time upon request to identify the nearest partner hospital. This is done solely to save you time and automatically display relevant, institution-specific resources alongside the general resources. Your location data is not stored, tracked, or saved to your user profile; it is only used for this single session to enhance your experience. The management of these hospital-specific resources, including their addition and updating, is handled by a designated representative from that institution and is subject to auditing by the administrators of this application.

Object Scanner (Admin Upload Tool)

This tool is restricted to authorized administrators (Admin/Admin_ed) and is used to build and maintain the equipment look-up index used by the Educational Resources Hub and related features.

• Purpose & AI Disclaimer – Like our other AI-assisted tools, this feature uses on-device AI to assist with labeling. AI suggestions are for convenience only; a human administrator must verify or correct them before saving.
• Camera Use – The camera is used to capture a short series of photos of equipment only for indexing purposes.
• What Gets Uploaded – The captured equipment photos are uploaded to our secure cloud storage, and the system stores:
  • the images themselves (equipment only; no patients or PHI),
  • minimal AI metadata (e.g., an AI suggestion and a numeric embedding/vector) used solely to power the look-up algorithm.
• No Manufacturer/Product Endorsement – Photos are used only to enable faster recognition of equipment. No company or product affiliation or endorsement is implied or established by their inclusion in the index.
• PHI Safeguard – Administrators must ensure no patients, identifiers, or clinical records are visible in any image. Images containing PHI must not be captured or uploaded.
• Access Control – Only authorized administrators can capture and upload images. End-users cannot upload images through this feature.
• Retention & Deletion – Images and associated metadata are retained only to support the equipment look-up feature. Upon authorized request (e.g., device deprecation or institutional policy), the corresponding images and records can be permanently deleted from storage and databases following the same multi-step deletion process described in Data Deletion Process.

RCCE Video Calls (Non-Urgent, Admin-Initiated)

A secure, video-to-video help line designed for non-emergent requests. This feature respects hospital privacy rules and prevents unsolicited contact.

• Who can call – Only authenticated Admins (Admin/Admin_ed) can initiate a call. End-users cannot place outbound calls.
• Readiness & consent – A call can only be connected when the receiving user has explicitly set their status to Ready and accepts the incoming request. This prevents contacting users without consent and reduces privacy risk.
• Non-emergent scope – This service supports routine, non-urgent guidance.
  • If the situation is emergent, users must call the Virtual Critical Care (VCC) or Nurse-to-Nurse VCC service at Health Sciences North, 41 Ramsey Lake Rd, Sudbury, Ontario — 705-523-7100 ext. 3431 (or CRITICALL 1-800-668-4357, as locally directed).
• Privacy & PHI – Users must follow their hospital's privacy policy at all times. Do not disclose any patient identifiers or PHI unless permitted by your organization's rules and applicable law.
• No recording – The application does not record or store audio/video content. Media streams are used only for the real-time call and are not retained by the app.
• Access control & auditing – Calls require signed-in accounts with role verification. Presence (online/offline/ready) is logged temporarily to enable request/accept workflows and may be used for security auditing consistent with this policy.
• Video Call Tokens – Temporary Agora video call tokens are stored in our secure database for establishing connections. These tokens are associated with your user ID and include timestamps for security auditing. Tokens are automatically cleared when calls end.
• Purpose – This feature provides timely, role-appropriate connection between staff while minimizing privacy risks associated with unsolicited calls or uncontrolled sharing.

Request for Service (RFS)

A secure communication portal for submitting service requests to administrators.

• Purpose – Allows users to submit non-urgent service requests, questions, or support needs to authorized administrators.
• What is collected – When you submit a request, we collect:
  • Your user ID (UID)
  • First Name, Last Name, Email Address, Hospital (from your profile)
  • Availability information you provide
  • Request details and description
  • Request status and timestamps
• Access control – Only authenticated, email-verified users can submit requests. Only authorized administrators (Admin/Admin_ed) can view and respond to requests.
• Data storage – Requests are stored in our secure database and are accessible to administrators for triage and response.
• Retention & deletion – Service requests are retained for administrative purposes. They are permanently deleted when you delete your account, following the Data Deletion Process outlined in this policy.

QR Attendance Scanner (No Photos Saved)

A simple QR-based check-in tool for training/session attendance.

• Purpose – Scan a session QR code to log attendance for statistics and institutional reporting.
• What the scanner does – Uses the device camera only for live scanning. No photos or videos are captured, saved, or transmitted.
• What is saved – First Name, Last Name, Date, and Time of attendance (plus the session topic) for stats used by both our program and the user's hospital.
• What is not saved – No pictures/images, no audio/video recordings, no payment details, and no PHI.
• Access & identity – The app reads your profile (first/last name, email, hospital) from the whitelist to attribute the scan correctly. Users must follow their hospital's privacy and attendance policies.
• Retention & deletion – Attendance records are subject to destruction by the user or Administrators upon authorized request, following the Data Deletion Process in this policy.
• Security – Sign-in and session validation are enforced; temporary presence status may be logged to support security/auditing and is handled per this policy.
• Device permissions – Camera access is required to read the QR code; no other device sensors are used.

No Tolerance Policy and Termination of Use

This application is provided strictly as an educational tool and must be treated with professionalism and respect at all times.

• Zero Tolerance – South of 7 Productions enforces a strict no-tolerance policy against any form of discrimination (including but not limited to race, gender, sexual identity, or religion), bullying, harassment, or other abusive behavior within or related to the use of this application.
• Immediate Termination – If abuse, misuse, or discriminatory conduct is reported or detected, the offending user's access to this application will be permanently revoked without prior notice.
• Reporting Abuse – Any suspected abuse or misuse may be reported directly to the developer at nurseresourceapp@gmail.com for review and immediate action.

By using this application, all users agree to abide by this policy and acknowledge that violation of these terms will result in the termination of access.

Changes to This Privacy Policy

South of 7 Productions reserves the right to update this Privacy Policy from time to time. We will notify users of any material changes by:

• Displaying a notice in the application
• Requiring re-acceptance of updated Terms & Conditions
• Updating the "Last Updated" date at the top of this policy

Your continued use of the Nurse Resource application after such changes constitutes your acceptance of the updated Privacy Policy.