The Service may obtain the following categories of information:
| Category | Source | Examples |
|---|---|---|
| Subscription data | Apple App Store / Google Play Store via RevenueCat | Subscription status, purchase history, free-trial state. We do not receive your card number or full payment details. |
| Device information | Automatic from the app | Operating system, OS version, device identifier (advertising ID), app version. |
| Usage logs | Within the app | Chapters / topics opened, calculator usage, launch counts, session duration. |
| Antibiogram images (v2.0 onwards) | Voluntarily uploaded by the user inside the app | Antibiogram tables (PDF or photo) from the user's institution. For OCR / structured extraction, the image is transmitted briefly through our backend (Cloudflare Workers) to Anthropic's Claude Vision API. The transmitted image is expected to contain only aggregate facility-level susceptibility data — facility name, organism, antibiotic susceptibility — and must not contain patient identifiers, names, IDs, clinical narratives, or other protected health information (PHI). After processing, raw image data is not retained on our servers or by the API provider; only the structured result (organism × antibiotic susceptibility data) is stored locally on the user's device (localStorage). |
| Support correspondence | Email or contact form | Name, email address, message content. |
We use the information for:
We do not disclose user personal information to third parties except in the following cases:
The Service uses the following external services. Each service is governed by its own privacy policy:
| Service | Purpose | Privacy policy |
|---|---|---|
| Apple App Store / Google Play Store | App distribution, payment processing | Apple / Google privacy policies |
| RevenueCat | Subscription management | https://www.revenuecat.com/privacy |
| YouTube (embedded playback) | Video content (Paper Reviews tab) | Google privacy policy |
| Cloudflare Pages (content delivery) | Surveillance & news content delivery | https://www.cloudflare.com/privacypolicy/ |
| Cloudflare Workers (antibiogram backend) | Relays antibiogram image data and verifies subscription state | https://www.cloudflare.com/privacypolicy/ |
| Anthropic (Claude Vision API) | OCR / structured extraction of antibiogram images (only when the v2.0 institutional-antibiogram feature is used) | https://www.anthropic.com/legal/privacy |
| GitHub Pages (legal-document hosting) | Static page delivery | https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement |
The Service does not track users across other apps or websites. We do not collect or use the IDFA advertising identifier.
The Service may use localStorage and similar device-side storage to remember user settings, bookmarks, and previously fetched content. These do not personally identify the user; they are used for service improvement and convenience.
We take reasonable and appropriate measures, including encryption in transit (HTTPS / TLS), to protect the information we hold against loss, leakage, or damage. For the institutional-antibiogram feature, image transmission is performed exclusively over HTTPS / TLS, and our contractual relationship with Anthropic confirms that data transmitted via the API is not used to train Anthropic's AI models. Our backend (Cloudflare Workers) does not retain the raw image after processing.
We retain personal information only for the period necessary to fulfil the purposes described in this Policy or as required by law, after which it is deleted. Subscription-related billing records are retained for the period required by applicable tax / accounting law (typically 7 years). Raw antibiogram image data is not retained on our servers or by the API provider once OCR processing has completed.
Users may request access to, correction of, addition to, deletion of, or suspension of use of their personal information held by us. To exercise these rights:
The Service is intended for healthcare professionals and is not designed for use by minors. We do not intentionally collect personal information from children under 13 years of age (or the equivalent minimum age in the user's jurisdiction).
Information may be processed in countries other than the user's country of residence (including the United States and the European Economic Area). Where applicable, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
We may update this Policy as needed. The updated Policy takes effect when posted in the Service or on a related website.
© 2026 Satoshi Kutsuna. All rights reserved.