Rescue Ally Privacy Policy

Effective Date: 8/18/2025
Last Updated: 3/5/2026

1. Introduction

Rescue Ally ("we," "our," "us") is a field medicine documentation app that enables wilderness medicine practitioners to document patient care in remote settings. This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Rescue Ally mobile application and related services.

Important: This app is designed for medical practitioners to document patient information during wilderness medicine situations. We comply with:

  • HIPAA (U.S. Health Insurance Portability and Accountability Act)
  • CCPA/CPRA (California Consumer Privacy Act & California Privacy Rights Act)

If you do not agree with this Privacy Policy, please do not use our services.

2. Information We Collect

User Information You Provide

  • Account details: Name, email, phone number
  • Professional credentials: Wilderness medicine training status and certifications
  • Communications: Support requests and feedback

Patient Information You Document

  • Patient conditions
  • Vital signs
  • Treatments
  • Clinical notes as entered by you during field medicine situations

Information Collected Automatically

  • Location data: GPS coordinates when you enable location services during rescue operations
  • Device data: Device type, operating system version, app version
  • Usage data: App feature usage and crash logs for service improvement

SMS Communications

We optionally collect your phone number as a method of authentication (login) and to contact you about your account. We do not send promotional messages. You can opt out by switching to email-based authentication. Read the full SMS Terms and Conditions and Privacy Policy for more information.

3. How We Use Your Information

We use your information to:

  • Provide and operate the field medicine documentation services
  • Enable secure documentation and transfer of patient information during medical handoffs
  • Respond to your support requests
  • Improve app features and security
  • Comply with legal and regulatory requirements

We will NEVER:

  • Sell any medical data
  • Share patient information except when you explicitly transfer it to other medical professionals
  • Use patient data for advertising or marketing purposes

4. Information Sharing

We may share your information with:

  • Medical professionals when you explicitly transfer patient data during handoffs
  • AWS (our cloud provider) under a signed HIPAA Business Associate Agreement for secure data storage
  • Legal authorities when required by law

5. Data Security

We protect your information through:

  • Encryption: AES-256 encryption for data at rest and TLS encryption for data in transit
  • Access controls: Multi-factor authentication. All data within a user account is kept private to that account.
  • Secure infrastructure: HIPAA-compliant cloud services with our AWS Business Associate Agreement

6. Data Retention

Data Type Retention Period Reason
Account data Until you delete your account or 24 months of inactivity Service provision
Patient health information 7 years HIPAA requirements
Location data 30 days after operation closes Operational necessity
Support communications 3 years Customer service

7. Your Privacy Rights

HIPAA Rights (Healthcare Information)

  • Access and receive copies of your patient health information
  • Request corrections to patient health information
  • Request restrictions on use or disclosure
  • File complaints with the Department of Health and Human Services

California Rights (CCPA/CPRA)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: We do not sell personal information (opt-out not applicable)
  • Non-discrimination: We will not discriminate against you for exercising these rights

To exercise your rights: Visit our FAQ or email privacy@rescueally.org

8. Data Exports and File Sharing

When you export patient data (such as PDFs for medical handoffs):

  • You will receive clear warnings about maintaining HIPAA compliance
  • Exported files are stored in app-controlled space to prevent automatic cloud backups
  • You acknowledge responsibility for continued HIPAA compliance after export
  • All export activities are logged for audit purposes

9. Breach Notification

If a data breach occurs that affects your information, we will:

  • Notify you as soon as reasonably possible
  • Report to appropriate authorities as required by law (HHS for HIPAA breaches, California Attorney General for CCPA breaches)
  • Provide information about what happened and steps we're taking to address it

10. Children's Privacy

This app is designed for professional medical use and is not intended for children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification before they take effect.

12. Contact Us

Rescue Ally Privacy Team
Email: privacy@rescueally.org
Phone: +1 (303)-578-8161

For HIPAA-related questions or to file a complaint, you may also contact the Department of Health and Human Services Office for Civil Rights.

This privacy policy is designed to be clear and straightforward while meeting our compliance obligations. If you have questions about how we handle your information, please contact us.

Rescue Ally Privacy Policy