The short version. ML4HF™ does not collect patient names, MRNs, room numbers, hospitals, or any other patient identifier. We are not designed to handle Protected Health Information, and the app is built so you cannot enter any.
1. What this policy covers
This Privacy Policy describes how PACDynamic ("we", "us") handles information in connection with the ML4HF™ iOS application, the websites at ml4hf.app and ml4hf.ai, and any related services (together, the "Services").
2. What we collect from you
Profile information you provide
When you create an account in the app or sign up for early access on the website, we collect: your name, email address, professional role and specialty, optional institution, and an optional NPI number if you choose to verify your clinician status via the public NPPES registry.
Case data you enter
When you log a clinical case, we collect the hemodynamic values you enter, the indices ML4HF™ computes from them, and the resulting classifications (Stevenson, SCAI, ACC/AHA). We do not collect, and the app does not ask for: patient names, dates of birth, MRNs, room numbers, hospitals, free-text notes, or any other patient identifier.
Device + usage information
We collect an anonymous per-device identifier (Apple's identifierForVendor), the client app version and platform, a truncated IP prefix (the last octet of IPv4 / last 80 bits of IPv6 are removed), and basic event telemetry (session starts, case logs, exports, shares). This is used to operate, secure, and improve the Services.
3. What we do not collect
- Patient identifiers of any kind — names, MRNs, dates of birth, addresses, room numbers, hospitals, insurance, biometrics, photographs, free-text clinical notes.
- Protected Health Information (PHI) as defined under HIPAA. The app is not designed to receive PHI; do not enter it.
- Financial information. We do not process payments today; if and when we do, payments will be handled by a third-party processor (e.g., Apple App Store or Stripe) and we will update this policy.
- Health data from Apple HealthKit (the capability is reserved for future features and is opt-in only).
4. How we use information
- To operate the Services — render your account, sync your cases across your devices, send local follow-up reminders, deliver in-app announcements.
- To improve the model — anonymous case inputs and computed indices feed the continuous learning loop that refines the ML predictor. This sharing is on by default and can be turned off in Settings → Data Sharing at any time.
- To verify clinician identity — if you choose to verify your NPI, we query the public NPPES registry and store the returned NPI number alongside your profile. NPPES data is federally-published public information.
- For security + abuse prevention — truncated IP, login attempts, rate limiting.
- To communicate with you — early-access invites, release notes, study citations relevant to your specialty. You can opt out at any time.
5. Legal basis (for users in the EU/UK)
Where the GDPR or UK GDPR applies, our legal basis for processing is: (a) your consent, freely given when you create an account, opt in to data sharing, or sign up for communications; (b) our legitimate interest in operating, securing, and improving a clinical decision-support tool; and (c) compliance with legal obligations where applicable.
6. Where data is stored
Profile and case data are stored on your device and, when you have data sharing enabled, on servers operated by PACDynamic in the United States. We use industry-standard encryption in transit (TLS 1.2+) and at rest. The hosting environment is hardened with standard web-application security controls (prepared statements, CSRF protection, session-cookie hardening, rate limiting on authentication endpoints).
7. Sharing with third parties
We do not sell your information. We share information only with:
- Service providers who help us operate the Services (e.g., hosting, email delivery, analytics) under contractual obligations consistent with this policy.
- Apple, for App Store distribution and (in future) in-app purchase and APNS push delivery. Apple's privacy practices govern data they receive directly.
- Legal authorities, if required by valid legal process. We will challenge overbroad requests where appropriate.
8. Your rights
- Access + export — request a copy of the information associated with your account.
- Correction — update profile information at any time in Settings → Edit Profile.
- Deletion — clear local cases at Settings → Case Log → Clear All Stored Cases. Request account deletion (including server-side data) by emailing rohan@pacdynamic.com; we will action requests within 30 days.
- Opt-out of data sharing — toggle off Settings → Data Sharing at any time. Going forward, no anonymous case data leaves your device.
- Opt-out of communications — every email we send includes an unsubscribe link.
- EU/UK users additionally have the rights to restrict processing, object to processing, and lodge a complaint with a supervisory authority.
9. Children's privacy
ML4HF™ is designed for use by licensed adult healthcare professionals. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
10. Retention
Profile data is retained for as long as your account is active. Anonymous case data contributed via the opt-in is retained indefinitely for model training; because no identifiers are collected, this data cannot be linked back to an individual patient. You may withdraw your opt-in at any time, which stops future contributions; previously contributed anonymous case data cannot be retroactively removed because we have no way to identify which cases came from you.
11. International users
If you access the Services from outside the United States, you understand that information will be transferred to and processed in the United States. By using the Services, you consent to that transfer.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the in-app announcement bell and a notice on this page. The "Effective" date at the top reflects the current version.
13. Contact
Questions about this policy, requests to exercise your rights, or any other privacy concern: rohan@pacdynamic.com.
This privacy policy is provided as a good-faith description of our current practices. It is not legal advice. If you are evaluating ML4HF™ for institutional deployment, your institution's privacy officer should review this policy alongside the underlying technical implementation.