Privacy Policy

PhacoTrack stores the cataract surgery case data you enter: pre-op measurements, intra-op details, IOL data, and post-op follow-up.

Patient identity fields — name, hospital number, date of birth, gender, and notes — remain on your device. When synced to our server, these fields are encrypted on-device with AES-256-GCM using a key derived from your Apple account.

Sign in with Apple is required. When you sign in, we receive your Apple-issued user identifier and (if you choose to share it) your name and email. We store an authentication token on the server so you can stay signed in without re-entering credentials.

Cloud sync requires a Pro subscription. Free-tier data stays on your device only and is never uploaded to our server. With Pro, your surgeon setup and case data sync across your signed-in devices through our server.

Patient identity fields are stored on our server only in encrypted form, and all data transfers use HTTPS. Because the encryption key is tied to your Apple account, we technically have the ability to decrypt these fields. As a matter of policy, we do not.

You can delete your account from Settings at any time. Doing so permanently removes your data from our server.

Subscriptions are processed by Apple through the App Store. Apple shares a transaction record with us so we can confirm your Pro status across your devices — this includes a unique transaction identifier and an opaque account token tied to your Apple ID. We do not receive your payment card details.

Subscription management (upgrade, downgrade, cancellation, refund) is handled by Apple in your Apple ID settings.

When you scan a clinical document, the image is uploaded to our server and processed by Google (Gemini) for measurement extraction, with Anthropic (Claude) as a backup if the primary service is unavailable. An internet connection is required.

The app does not attach patient details to the request. Clinical printouts may, however, contain identifiers that are visible in the image itself. Neither AI provider retains inputs beyond the request, and neither uses them for training.

A copy of each scan is retained on our server for quality monitoring. Samples are deleted automatically 90 days after capture, and immediately when you delete your account. To request earlier removal of specific samples, contact support@phacotrack.com.

PhacoTrack collects anonymous usage analytics, such as which screens are opened or whether a feature was used, to help us improve the app. Analytics are processed by TelemetryDeck, which never receives patient data, case content, free text, or personally identifying information. No advertising identifiers or persistent user IDs are used. You can opt out in Settings.

We rely on a small number of services to operate PhacoTrack. Each only receives the data it needs for its specific purpose:

• Apple — Sign in with Apple (authentication), the App Store (subscriptions), and iCloud Calendar (if you enable calendar integration).
• Railway (United States) — hosts our server and database.
• Google — processes scan images for measurement extraction (Gemini).
• Anthropic — processes scan images as a backup when Google is unavailable (Claude).
• TelemetryDeck — receives anonymous in-app usage analytics from the iOS app.
• Vercel Web Analytics — receives anonymous page-view metrics from this website (phacotrack.com). No cookies, no identifiers, no cross-site tracking.

Authentication tokens are stored in the iOS Keychain with “when unlocked, this device only” protection. Local data files use iOS file protection. Encrypted backup files use AES-256 with a password you choose.

If you start a surgery timer, the active patient’s name, hospital number, eye, and planned IOL appear on your device’s lock screen and Dynamic Island as part of the Live Activity, so you can glance at the timer mid-procedure without unlocking the device.

This information is rendered on your device only and is never transmitted. It remains visible until the timer is stopped or you dismiss the Live Activity. You are responsible for the physical security of your device while a timer is active.

If you enable calendar integration in Settings, PhacoTrack creates surgery and follow-up events in your iOS Calendar. Each event title contains the patient’s name so the entry is recognisable at a glance. Hospital numbers, dates of birth and clinical content are not written into calendar entries.

Calendar data is managed by iOS. If you have iCloud Calendar enabled, Apple syncs your calendars across your Apple devices on your behalf — PhacoTrack does not transmit calendar events to our server. You can disable calendar integration at any time in Settings, which stops new events from being created.

When you use cloud sync or AI scanning, your data is transmitted to and processed on servers in the United States. By using these features, you consent to this transfer.

You may request access to, correction of, or deletion of your personal data at any time. Account deletion is available in-app. If you live in the European Union, you have additional rights under GDPR, including the right to receive your data in a portable format and to object to certain uses of it.

For questions about this policy or your data, contact support@phacotrack.com.