Privacy Policy
Last Updated: February 28, 2026
PhysioPocket ("we", "our", or "the App") is a clinical reference and documentation tool for licensed physical therapists. This Privacy Policy explains how we collect, use, and protect your information.
1. Information We Collect
1.1 Data Stored Locally on Your Device
The following data is stored only on your device using Apple's encrypted SwiftData framework and is never transmitted to our servers:
- Patient Records (names, diagnoses, clinical notes)
- Calculator Sessions (inputs and results from clinical assessment tools)
- Exercise Plans (custom prescriptions and home exercise programs)
- Billing Records (CPT codes, ICD-10 codes, session amounts)
- Scheduling Data (appointments, telehealth session logs)
- Outcome Records (assessment scores and tracking data)
- Custom Exercises (user-created exercise entries)
- Clinic Branding (practice name and branding preferences)
1.2 Data Processed by Third-Party AI Services
When you use AI-powered features, the following data is sent to Google's Gemini AI through Firebase for processing:
- Text messages and clinical notes (Clinical Chat, SOAP Generator, Goal Writer, etc.)
- Voice transcripts (Voice-to-SOAP — transcribed on-device, then text sent to Gemini)
- Photos (Photo ROM Analysis — images sent to Gemini for joint angle estimation)
1.3 Anonymous Authentication
We use Firebase Anonymous Authentication to create a lightweight, anonymous user identifier. This identifier contains no personal information and is used solely for subscription management and AI service access. It can be permanently deleted at any time via the app.
1.4 Subscription Data
Subscription purchases are processed by Apple through the App Store and managed via RevenueCat. We receive only an anonymous identifier for entitlement verification and subscription status. We do not receive your Apple ID, payment details, or billing address.
1.5 Analytics and Crash Reporting
- Firebase Analytics: Anonymous usage events — no personal data
- Firebase Crashlytics: Crash reports with device type and OS version — no personal data
2. How We Use Your Information
| Data Type | Purpose | Stored Where |
|---|---|---|
| Patient records | Clinical documentation | On-device only |
| Calculator results | Clinical reference | On-device only |
| AI chat messages | Generate AI-assisted clinical content | Sent to Google Gemini, not stored on our servers |
| Photos (ROM) | AI-based joint angle estimation | Sent to Google Gemini, not stored on our servers |
| Voice transcripts | Convert dictation to SOAP notes | Transcribed on-device, text sent to Gemini |
| Anonymous user ID | Subscription management | Firebase |
| Usage analytics | App improvement | Firebase Analytics (anonymous) |
| Crash data | Bug fixes | Firebase Crashlytics (anonymous) |
3. Third-Party Services
Google (Firebase & Gemini AI)
Firebase Authentication, Firebase AI (Gemini), Analytics, Crashlytics, and Remote Config. Data shared includes anonymous user ID, AI chat messages, images, and voice transcripts (text only). All data transmitted via encrypted connections (HTTPS/TLS). Google Privacy Policy
RevenueCat
Subscription management. Data shared: anonymous app user ID and subscription status. RevenueCat Privacy Policy
Apple
App Store distribution, subscription billing, and on-device Speech Recognition. Apple Speech Recognition runs entirely on-device; audio is not sent to Apple's servers.
4. User Consent for AI Features
Before using any AI-powered feature for the first time, you will be presented with a mandatory consent dialog explaining what data is sent, who receives it, and how it is protected. You must explicitly accept before any data is sent to AI services. All offline features remain fully functional without consent. You can review or revoke your AI consent at any time via the app settings.
5. Data Security
- All local data encrypted using Apple's SwiftData framework with iOS Data Protection
- Optional Face ID / Touch ID app lock with biometric authentication
- All network communications use HTTPS/TLS
- Patient records never leave your device
- Optional audit trail for data access events
6. Data Retention
- Local data stored on your device until you delete it or delete your account
- AI conversations processed in real-time; we do not retain AI conversation data on our servers
- Anonymous user ID retained in Firebase until account deletion
- Analytics retained per Google Analytics default retention periods (anonymous data)
7. Account Deletion
You can permanently delete your account and all associated data at any time from the app settings. This deletes your Firebase anonymous account, removes all local data (patient records, chat history, calculator sessions, billing records, exercises, appointments, outcomes), revokes AI consent, and clears all app preferences. This action is irreversible.
8. Children's Privacy
PhysioPocket is designed for licensed healthcare professionals and is not intended for use by children under 17. We do not knowingly collect personal information from children.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email: support@physiopocket.app
Website: https://physiopocket.app
This privacy policy is effective as of February 28, 2026.