Effective Date: March 26, 2026
This Privacy Policy describes how OpReady ("we," "us," or "our") collects, uses, stores, and protects information when you use our AI pre-operative screening platform at opready.polsia.app ("Service"). Because our Service processes sensitive patient health information, we take data privacy and security very seriously.
Our commitment: We will never sell, rent, or trade your data or patient health information to third parties. Period.
1. Information We Collect
1.1 Patient Health Information
When you use OpReady to screen patients, you may enter the following types of data:
| Data Category |
Examples |
| Demographics |
Name, date of birth, age, sex, height, weight |
| Medical History |
Chronic conditions, prior surgeries, comorbidities (e.g., hypertension, diabetes, cardiac disease, COPD) |
| Medications |
Current medications, dosages, frequencies |
| Allergies |
Drug allergies, reaction types, severity levels |
| Procedure Information |
Planned surgical procedures, urgency level, clinical notes |
| AI-Generated Assessments |
ASA classification, risk scores, medication alerts, airway/cardiac/pulmonary evaluations, lab recommendations, anesthesia considerations |
1.2 Usage Information
We automatically collect limited technical data to maintain and improve the Service:
- Browser type and version
- Pages visited and features used
- Date and time of access
- Anonymous analytics identifiers (no personal information)
2. How We Use Your Data
We use the information we collect solely for the following purposes:
- Providing the Service: Processing patient data through our AI screening engine to generate pre-operative assessments, risk scores, and clinical recommendations.
- Improving AI Accuracy: Anonymized and aggregated data may be used to improve our AI models. Individual patient records are never used for AI training without explicit consent.
- Service Maintenance: Monitoring for errors, performance issues, and security threats.
- Communication: Sending service-related notifications, updates, or responding to your inquiries.
We do NOT: Sell data to third parties, use patient data for advertising, share identifiable patient information with anyone outside of providing the Service to you, or use individual patient records for AI model training without explicit consent.
3. How We Store & Protect Your Data
3.1 Data Storage
- Patient data is stored in encrypted PostgreSQL databases hosted on secure, SOC 2-compliant cloud infrastructure.
- All data is transmitted over HTTPS/TLS encryption.
- Database access is restricted and requires authentication.
3.2 Security Measures
- Encryption at rest and in transit for all sensitive data.
- Role-based access controls limiting who can access patient data.
- Regular security monitoring and vulnerability assessments.
- Automatic session timeouts for inactive users.
- Secure API endpoints with input validation and parameterized queries to prevent injection attacks.
3.3 AI Data Processing
When patient data is sent to our AI engine for screening:
- Data is processed in real-time and not stored by the AI provider beyond the duration of the request.
- We use enterprise-grade AI APIs with data processing agreements that prohibit the AI provider from using your data for their own model training.
- Patient data is sent over encrypted connections to the AI processing endpoint.
4. Data Retention & Deletion
4.1 Retention Periods
- Patient records and assessments: Retained for the duration of your active use of the Service, plus a reasonable wind-down period following account termination.
- Usage analytics: Aggregated and anonymized data may be retained indefinitely for service improvement.
- Audit logs: Retained for a minimum of 6 years to comply with healthcare record-keeping requirements.
4.2 Data Deletion
You have the right to request deletion of your data at any time:
- Individual patient records can be deleted directly within the application using the delete function.
- Full account data deletion can be requested by emailing opready@polsia.app.
- Upon receiving a valid deletion request, we will remove all associated data within 30 days, except where retention is required by law.
5. HIPAA Considerations
OpReady is designed with healthcare data protection in mind. While our current implementation incorporates security best practices:
- We implement administrative, technical, and physical safeguards to protect electronic protected health information (ePHI).
- We limit access to patient data to authorized users only.
- We maintain audit trails of data access and modifications.
- We use encryption for data at rest and in transit.
- Healthcare organizations requiring a formal Business Associate Agreement (BAA) should contact us at opready@polsia.app to discuss compliance requirements.
Important: As the healthcare provider, you are responsible for ensuring your use of OpReady complies with applicable HIPAA and other healthcare privacy regulations within your jurisdiction. OpReady provides the technical safeguards, but covered entities must implement their own administrative and organizational controls.
6. Consent
By using OpReady and submitting patient data through the intake form, you consent to the collection and processing of data as described in this Privacy Policy. You confirm that:
- You have the authority to enter patient data into the system.
- You have obtained any necessary patient consents for electronic data processing, as required by your jurisdiction's privacy laws.
- You understand that AI-generated assessments are advisory and do not replace clinical judgment.
7. Third-Party Services
OpReady may use the following categories of third-party services:
- Cloud hosting providers: For secure database and application hosting.
- AI processing: For generating clinical assessments (data is not retained by the AI provider).
- Analytics: Anonymized usage tracking to improve the Service (no patient data is shared with analytics providers).
We carefully vet all third-party providers to ensure they meet our data protection standards.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (subject to legal retention requirements).
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we limit processing of your data in certain circumstances.
To exercise any of these rights, contact us at opready@polsia.app.
9. Children's Privacy
OpReady is a professional healthcare tool intended for use by licensed healthcare providers. While patient data may include information about minors (as part of legitimate pre-operative screening), the Service itself is not directed at children under 18. Only authorized healthcare professionals should access and use the platform.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be communicated via the Service or email. The "Effective Date" at the top of this page indicates when the policy was last updated.
11. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:
Email: opready@polsia.app