RVU Tracker – Privacy Policy

1) What We Collect

Account & Identifiers: name (if provided), email, password hash or identity tokens, app store identifiers, device IDs, subscription status.
In-App Content You Provide: entries you create (e.g., RVU logs, notes, CPT® lookups you initiate), preferences, settings.
Transactional & Commercial Info: plan, purchase receipts (via Apple/Google/RevenueCat), billing country, tax attributes.
Usage & Device Data: app/site events, pages/screens, buttons tapped, crash logs, performance metrics, IP address and coarse location (derived from IP), browser/app version, OS, device type.
Support & Communications: emails, in-app messages, feedback, surveys.
Cookies/SDK Data: auth/session, analytics, debugging, and fraud-prevention signals.

No PHI by default. The Service is not intended to store Protected Health Information (PHI). Do not upload PHI unless we have a separate Business Associate Agreement (BAA) in place.

2) Sources of Information

We collect information directly from you, automatically from your device/browser/app, from partners such as Apple App Store, Google Play, and RevenueCat (for subscriptions and receipts), and from analytics/performance tools.

3) How We Use Information

Provide the Service: authenticate you, maintain your account, sync entries, and show your data across devices.
Operate & improve: reliability, usability, performance, debugging, crash analytics, load balancing, and security.
Enforce terms & license compliance: including rate-limiting and logging CPT® queries to prevent scraping or redistribution.
Communicate: transactional messages, security alerts, product updates; with consent, send product/newsletter emails (opt-out anytime).
Billing & entitlements: via app stores and RevenueCat.
Detect, investigate, prevent: security incidents, fraud, abuse, and legal/terms violations.
Legal compliance & protection: meet legal obligations and protect our rights.

AI/ML training. We do not use your personal entries to train generalized machine-learning models without your consent. We may use de-identified and aggregated telemetry to improve features. We do not use AMA CPT® content to train models.

4) Legal Bases (EEA/UK)

Where applicable: Contract (provide the Service), Legitimate Interests (secure and improve the Service), Consent (optional marketing/cookies), and Legal Obligation (tax, accounting, compliance). You can withdraw consent at any time.

We do not sell your personal information. We share limited data with:

Service providers / processors (hosting, storage, authentication, subscription management, analytics, crash reporting, support), bound to protect data and use it only to provide services to us.
App stores & billing partners (Apple, Google, RevenueCat) to verify purchases, manage entitlements, and handle refunds where applicable.
Security & compliance partners for fraud prevention, abuse detection, or to enforce license restrictions (e.g., CPT® misuse prevention).
Legal / safety: to comply with law or protect rights, safety, and property.
Business transfers: as part of a merger, acquisition, financing, or sale of assets, with continued protection as required by law.

We do not “share” personal information for cross-context behavioral advertising as defined by California law. If that changes, we will update this Policy and provide required opt-outs.

6) Cookies, SDKs, and Similar Technologies

We use cookies (web) and SDKs (mobile) for authentication, preferences, analytics, diagnostics, and fraud prevention. You can control cookies via your browser and OS-level ad settings. Blocking certain cookies may impact functionality.

7) Data Retention

Account & subscription records: for the life of the account and up to 3 years after closure (tax, accounting, fraud prevention).
In-app content (your entries): until you delete it, your account is deleted, or as needed to provide the Service.
Server/usage logs: typically 12 months for security and diagnostics.
CPT® query logs: up to 24 months to enforce license controls and prevent misuse.
Backups: rolling, time-limited backups with secure deletion when aged out.

8) Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit, access controls, least-privilege practices, monitoring, and backups. No system is perfectly secure; please enable a device passcode/biometrics and screen-lock and keep your credentials confidential.

9) Children

The Service is not for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child provided us information, contact us and we will delete it.

10) Your Choices

Access, download, delete: request access/export/deletion (see “Your Privacy Rights”).
Email preferences: unsubscribe links in marketing emails; transactional messages will still be sent.
Cookies/SDKs: adjust browser/device settings; essential cookies may be required for core functionality.
Account deletion: email support@rvutrackerapp.com or use in-app controls (where available).

11) Your Privacy Rights

Depending on your location, you may have rights to know/access, correct, delete, portability, opt out of sale/sharing (we do not sell/share for cross-context behavioral advertising), limit use of sensitive personal information (we do not use SPI to infer characteristics), and appeal (certain U.S. states).

How to exercise your rights

Email support@rvutrackerapp.com with the subject “Privacy Request.” We may verify your identity (e.g., by email confirmation or account checks). You may designate an authorized agent where permitted; we may require proof and your verification. We will not discriminate against you for exercising rights permitted by law.

12) California Notice (CCPA/CPRA)

In the last 12 months, we collected the categories in Section 1 from the sources in Section 2 for the purposes in Section 3 and shared with the third parties in Section 5. We do not sell or share personal information for cross-context behavioral advertising and do not use or disclose sensitive personal information to infer characteristics. If we begin selling/sharing in the future, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals as required.

13) International Data Transfers (EEA/UK)

When transferring personal data outside your region, we use appropriate safeguards (e.g., Standard Contractual Clauses and equivalent measures). Contact us for more details.

14) Third Parties & Transfers

We use hosting & infrastructure, authentication & identity, subscription management (RevenueCat) and app stores (Apple/Google), analytics/diagnostics/crash reporting, email delivery, and support tools. We require processors to protect personal information and limit use to providing services to us.

15) CPT®-Specific Privacy Notes

We may log CPT® lookups (codes and related metadata) to enforce license terms and prevent scraping/redistribution.
We do not use AMA CPT® content to train models and do not expose CPT® content outside intended in-app contexts.
We may apply rate limits and automated controls to protect CPT® content.

16) Changes to this Policy

We may update this Policy from time to time. For material changes, we will provide advance notice (e.g., in-app, on-site, or email) at least 30 days before the new Policy takes effect. The “Last Revised” date above shows the latest version. Continued use after changes become effective means you accept the updated Policy.

17) Contact Us

Email: support@rvutrackerapp.com
Mail: Grow Your Co, LLC, 685 Roble Ave, Unit 5, Menlo Park, CA 94025, USA

Summary: We collect basic account info, your entries, and usage data to provide and improve RVU Tracker. We use processors (hosting, analytics, subscriptions) and app stores to run the app. We don’t sell your data or share it for cross-context behavioral advertising. The app isn’t intended for PHI without a BAA. You can access, export, or delete your data by contacting us.

Privacy Policy