CliniSim Privacy Policy

Andromeda Commerce (trading as “Andromeda Agents”) acts as the data controller for personal data processed in connection with CliniSim. We process personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Users are worldwide; local rights may vary, but our primary compliance framework is UK law. Governing law and jurisdiction for this policy are England & Wales.

This policy applies to the CliniSim iOS app, account systems, and in‑app features. It covers data that identifies you or could reasonably identify you. It does not cover independent third‑party services you use (e.g., Apple ID or Google account management), which have their own terms and privacy notices.

2. Data We Collect

2.1 Account and Authentication

Data: email address; hashed password (if you use email sign‑in); sign‑in method; unique user IDs; security logs; timestamps. If you sign in with Apple or Google, we receive identifiers and basic profile attributes permitted by those providers.

2.2 Profile and Preferences

Data: display name; avatar (if you upload from your photo library); language/region; app settings (including the App Insights toggle); notification preferences.

2.3 Training Activity and Progress

Data: scenario attempts/completions; scores and achievements; timestamps; scenario selections; non‑audio interaction metadata; learning streaks; derived insights about progress over time.

2.4 App Insights (Analytics and Session Replay)

Data: product interaction events; device/OS information; performance and crash diagnostics; capacity metrics (e.g., queue times, concurrency); session replay that may capture on‑screen imagery within the app and typed text fields to help reliably reproduce issues. App Insights is used to understand performance, debug and troubleshoot issues, improve app quality, manage capacity, and refine training journeys. App Insights does not record your microphone and does not capture anything outside the CliniSim app. You can turn App Insights off at any time in Settings ▸ Account ▸ Data Controls ▸ App Insights.

2.5 Real‑Time Audio (Voice Scenarios)

Data: transient audio packets necessary to deliver real‑time voice features; relayed solely to provide voice scenarios and not recorded or stored for unrelated purposes.

2.6 Subscriptions and Purchases

Data: product identifiers (e.g., Plus/Pro/Max/Lifetime), entitlement status, region/currency, and receipt information required to verify access. Apple (StoreKit) is your payment processor. We do not receive card numbers or full payment instrument details.

2.7 Support and Communications

Data: emails, in‑app support messages, bug reports, attachments (e.g., optional screenshots), account deletion requests, and related correspondence.

2.8 Device Permissions

Photos: used only if you choose to upload a profile avatar. You can revoke permission in iOS Settings at any time. Notifications: if enabled, we use push notifications for in‑app events or updates; you can disable them in iOS Settings.

2.9 App Storage and Similar Technologies

We use secure storage/local preferences to keep you signed in and remember settings. We do not use third‑party advertising SDKs or cross‑app tracking.

3. Why We Use Your Data and Legal Bases

Provide and secure the service (account creation, authentication, access control, fraud prevention, security) — Legal basis: performance of a contract; legitimate interests (security).

Personalise and operate features (preferences, avatars, language/region, App Insights toggle) — Legal basis: performance of a contract; consent for device permissions.

Training activity and progress (features, tracking achievements/unlocks) — Legal basis: performance of a contract; legitimate interests (service improvement).

Analytics, diagnostics, session replay, and capacity (understand performance, debug and troubleshoot issues, manage demand, refine training journeys) — Legal basis: legitimate interests (diagnostics and quality). You may object by turning off App Insights.

Subscriptions and purchases (verify entitlements, manage access, apply trials/renewals, comply with tax/records) — Legal basis: performance of a contract; legal obligation.

Support (respond to enquiries, investigate bugs, manage rights requests including deletion) — Legal basis: legitimate interests (support); legal obligation.

4. Retention

Account and training data: retained while your account is active and up to 24 months after inactivity; aggregated/anonymised metrics may be kept longer.

Security logs: up to 12 months unless required longer for investigations.

Session replay: up to 30 days. Analytics events (including capacity metrics): up to 24 months; aggregated data may be retained longer.

Purchase/receipt verification records: retained as required by UK law (up to 6 years).

Support threads: up to 24 months after closure; records of data rights requests up to 12 months.

5. Sharing and Disclosure

Service providers (processors): we use providers for authentication, hosting/database/storage, analytics (including session replay), and content delivery. They act on our instructions under data protection agreements.

Payments: Apple (StoreKit) acts as your payment processor and an independent controller for billing data. We receive only what’s needed to manage entitlements.

Legal, safety, and compliance: we may disclose information where required by law or necessary to protect users, our rights, or the service.

Business transfers: in a merger, acquisition, or restructure, data may transfer under substantially equivalent protections.

We do not sell personal data and do not share data for third‑party advertising or cross‑app tracking.

6. International Transfers

Data is hosted in the UK/EU where possible. Where data is accessed from or transferred outside the UK/EU, we use UK‑approved safeguards (e.g., the UK Addendum to the EU Standard Contractual Clauses or the UK IDTA) and technical measures such as encryption in transit.

7. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls, least‑privilege access, and periodic reviews of our service providers. No system is perfectly secure; use a strong, unique password and keep your device updated.

8. Your Choices and Controls

App Insights: toggle on/off in Settings ▸ Account ▸ Data Controls ▸ App Insights.

Delete Account: Settings ▸ Account ▸ Data Controls ▸ Delete Account. Deletion triggers backend processing and is irreversible once complete. We may retain minimal records required by law (e.g., transaction records).

Avatars and permissions: remove or change your avatar and manage device permissions in iOS Settings.

Notifications: manage in iOS Settings.

9. Your Rights (UK GDPR)

You have the rights of access, rectification, erasure, restriction, objection (including to analytics based on legitimate interests), and portability. You can withdraw consent for device permissions (e.g., Photos) in iOS Settings.

To exercise your rights, use the in‑app Data Controls where available or email support@andromedaagents.com. We will respond within one month and may request information to verify your identity.

You may lodge a complaint with the UK Information Commissioner’s Office (ICO).

10. Children

CliniSim is intended for adult learners and is not directed to children under 16. We do not knowingly collect data from children under 16.

11. Educational and Training Content

CliniSim provides educational and training content only. It must not be used to make clinical decisions, diagnose, or treat real patients. Always follow local clinical guidance and appropriate supervision. See our Terms of Service for more detail.

12. Changes to This Policy

We may update this policy to reflect changes to the app or law. If changes are material, we will provide reasonable notice in‑app or by other appropriate means. Continued use after the effective date means you accept the updated policy.

13. Contact