Privacy Policy
Last updated: May 19, 2026
ScrubIn (“we,” “us,” or “our”) builds an educational app for surgical trainees. This policy explains what data we collect, how we use it, and the choices you have. It applies to the ScrubIn iOS app and the getscrubin.com website.
Summary
- We collect the minimum data needed to run your account and learning experience.
- We do not sell your data.
- We do not share your data with your residency program, training institution, or employer.
- We do not collect any patient health information (PHI). ScrubIn is not a HIPAA-covered entity.
- We do not use your data for cross-app advertising or tracking. We do not use Apple’s IDFA.
- You can export or delete your data at any time from inside the app.
Information We Collect
Account information you provide directly:
- Email address (or Apple/Google sign-in identifier)
- Name (display name shown on leaderboards and in-app)
- Training role (e.g., medical student year, residency PGY level, attending, pre-health)
- Specialty focus (e.g., plastic surgery, orthopedic surgery, general surgery)
- Institutional affiliation. optional; you can skip this field
Learning activity generated as you use the app:
- Questions answered, time on task, correctness, confidence ratings
- Streak, XP, mastery progression, achievements earned
- Bookmarked or flagged questions
- Settings and preferences
Diagnostic data for app stability:
- Crash reports, performance metrics, device model and iOS version
- Aggregated app usage analytics (which screens are visited, feature usage)
How We Use Your Information
- Run your account and personalize your learning sessions
- Track mastery progression, streaks, and achievements
- Display your handle on optional leaderboards (you can opt out in Settings)
- Diagnose crashes and improve app performance
- Understand which features are working and which to improve
- Send you account, security, and product-update communications you can unsubscribe from
Third-Party Services We Use
We rely on the following services to operate ScrubIn. Each of these is contractually obligated to handle your data only as needed to provide their service.
- Firebase (Google). Authentication, Firestore database, App Check (anti-abuse), Cloud Functions, and Firebase Analytics. Stores your account and learning data on Google’s secure infrastructure.
- Google Analytics (GA4). Aggregated, anonymized product usage metrics. We use IP anonymization and do not enable advertising signals.
- Stripe. Payment processing if you subscribe to a paid tier. We never see or store your full card details; Stripe handles them under PCI-DSS compliance.
- Apple App Store. In-app purchases and subscriptions (when applicable) are processed by Apple per its standard terms.
What We Do Not Do
- We do not sell your personal information to anyone, ever.
- We do not share your data with your residency program, training institution, or employer. even if you provide your institutional affiliation.
- We do not collect patient health information (PHI). ScrubIn contains educational content only; no clinical data flows through the app.
- We do not run cross-app advertising or behavioral tracking. We do not request or use Apple’s IDFA (Advertising Identifier).
- We do not use your learning data to train third-party AI models without your explicit consent.
Data Security
Your account data is encrypted in transit (TLS 1.2+) and at rest on Google Cloud infrastructure. We use Firebase App Check to block abusive traffic, restrict database access through security rules, and follow least-privilege principles for internal access. No system is perfectly secure. if we ever experience a breach affecting your account, we will notify you as required by law.
Data Retention
We keep your account data for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., tax records for paid subscriptions). Aggregated, non-identifying analytics may be retained indefinitely.
Your Rights and Choices
From inside the app under Settings → Account, you can:
- View and update your profile information
- Export a copy of your data
- Delete your account and associated data
- Opt out of leaderboards and optional communications
Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA) or the EU General Data Protection Regulation (GDPR), including the right to access, correct, port, or erase your data, and the right to object to certain processing. To exercise these rights, email privacy@getscrubin.com.
HIPAA
ScrubIn is an educational tool and is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). We do not collect, store, or process protected health information (PHI). Do not enter any patient information into the app.
Children’s Privacy
ScrubIn is intended for users 18 years and older, or users 13 years and older with verifiable parental or guardian consent. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact privacy@getscrubin.com and we will delete the information.
International Users
ScrubIn is operated from the United States. If you use ScrubIn from outside the United States, your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.
Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you via email or in-app notice. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of ScrubIn after a change constitutes acceptance of the revised policy.
Contact Us
For privacy-related questions or to exercise any of your rights, email us at privacy@getscrubin.com. For general support, email hello@getscrubin.com.