Privacy Policy

1. Local-First Architecture

Bolus is designed around a local-first architecture. In its current form, clinical records and patient-related case data are stored primarily on your device rather than on servers operated by Pressor Systems.

This design is intended to reduce unnecessary transmission of protected health information and keep sensitive clinical records under the direct control of the clinician using the app.

In general:

• clinical case records are stored primarily on your device;
• Pressor Systems does not routinely receive or store full clinical case records on Bolus-operated systems;
• you control when records are exported, transmitted, uploaded, printed, or shared outside the app;
• records stored only on your device may not be recoverable by Pressor Systems if the device is lost, damaged, reset, wiped, or the app is deleted.

Certain features may involve remote infrastructure, including account authentication, profile management, subscription processing, analytics, diagnostics, snippets, templates, settings, and future hosted or cloud-enabled features.

2. Information We Collect

We collect limited categories of information to operate, secure, support, and improve the Service.

Account and Profile Information

When you create or use an account, we may collect and store information such as:

• name;
• email address;
• professional title;
• degree or credentials;
• name of practice, institution, or organization;
• account identifiers;
• authentication provider information;
• user ID;
• profile image uploaded by you or provided through Apple, Google, or another authentication provider.

We use this information to create and manage your account, authenticate you, personalize your experience, support user identity within the app, and communicate with you about the Service.

User-Created Preferences, Snippets, and Templates

Bolus may allow you to create, save, sync, or manage user-specific content and preferences, including:

• quick phrases or “snippets” used to streamline documentation;
• templates created by you;
• app settings and preferences;
• workflow configuration choices;
• saved user defaults.

These items may be stored remotely so they can sync across devices and remain associated with your account.

You should avoid including patient identifiers or protected health information in snippets, templates, profile fields, settings, or other reusable content unless a specific feature is designed and authorized for that purpose.

Subscription and Payment Information

If you purchase a subscription or paid feature, payment and subscription information may be processed by Apple, Google, or another authorized payment platform.

We may receive limited information about your subscription status, plan type, renewal status, trial eligibility, cancellation status, and related account entitlements. We do not receive your full payment card details from app marketplace providers.

Technical and Device Information

We may collect technical information such as:

• device type and model;
• operating system version;
• app version;
• crash reports;
• diagnostic logs;
• performance information;
• security and error events;
• authentication and session information.

We use this information to maintain reliability, troubleshoot problems, improve performance, investigate errors, and protect the security of the Service.

Usage and Analytics Data

We may collect usage analytics and operational metrics that help us understand how the Service is used and how to improve it. This may include information such as:

• features used;
• onboarding progress;
• subscription or trial status;
• number of cases created or exported;
• total anesthesia time recorded or summarized;
• frequency of exports;
• use of templates, snippets, or settings;
• general workflow events;
• app performance and reliability metrics.

Usage analytics are intended to help us improve the Service, monitor reliability, understand feature adoption, and support product development.

We design analytics to avoid collecting patient names, direct patient identifiers, or full clinical case records unless a specific feature expressly states otherwise and is subject to appropriate safeguards.

Legal Acceptance Records

We may collect and store records showing that you accepted or acknowledged legal documents, including:

• Terms of Use version;
• Privacy Policy version;
• HIPAA Security & Compliance Policy version;
• Medical Disclaimer version;
• timestamp of acceptance;
• app version;
• acceptance method;
• associated user ID or account identifier.

We use these records for compliance, auditing, account administration, and dispute resolution.

Support Communications and Information You Provide

If you contact us for support, feedback, bug reports, or other communications, we may collect the information you choose to provide, including your contact information, messages, screenshots, attachments, logs, or other materials.

Please do not send protected health information, patient identifiers, or clinical records to us through support channels unless specifically instructed through an authorized secure workflow.

3. Clinical Records and Patient-Related Information

Bolus is designed so that clinical case records and patient-related case data are generally stored locally on your device.

In the current local-first model, Pressor Systems does not routinely receive or store full clinical case records or patient identifiers on Bolus-operated systems unless you use a feature that transmits, exports, backs up, synchronizes, uploads, or otherwise sends that information off-device.

You are responsible for ensuring that any patient-related information you enter, export, transmit, store, or share using Bolus is handled in accordance with applicable law, professional obligations, institutional policies, and the Bolus HIPAA Security & Compliance Policy.

If future features involve hosted storage, synchronization, cloud backup, collaboration, or remote processing of clinical records or protected health information, those features may be subject to additional safeguards, disclosures, supplemental terms, and business associate requirements where applicable.

4. How We Use Information

We may use information collected through the Service to:

• create, authenticate, and manage accounts;
• provide and operate the Service;
• sync user-specific snippets, templates, settings, and preferences;
• manage subscriptions, trials, access, and entitlements;
• provide customer support;
• troubleshoot errors and improve reliability;
• monitor security and prevent misuse;
• understand feature usage and improve product design;
• communicate important updates, security notices, policy changes, or service-related messages;
• maintain legal acceptance records;
• comply with legal obligations and enforce our Terms of Use.

5. How Information Is Shared

We do not sell your personal information. We may share information only as described in this Privacy Policy or as otherwise permitted by law.

Service Providers

We may share information with trusted service providers that help us operate the Service, such as providers of authentication, cloud infrastructure, database hosting, analytics, crash reporting, customer support, email delivery, subscription management, and payment processing.

These providers are permitted to process information only as needed to provide services to us and are expected to maintain appropriate security controls.

App Stores and Payment Platforms

If you subscribe or purchase through Apple, Google, or another app marketplace or payment platform, your transaction may be handled by that platform according to its own terms and privacy policies.

User-Directed Exports and Sharing

If you export, transmit, upload, print, email, save, share, or otherwise send information from Bolus to another destination, you direct that disclosure. Once information leaves Bolus or your device, we may have no ability to control, retrieve, delete, monitor, verify, or secure it.

Legal, Safety, and Security Purposes

We may disclose information if we believe disclosure is reasonably necessary to comply with law, legal process, regulatory obligations, enforce our terms, protect the security or integrity of the Service, investigate misuse, prevent fraud, or protect the rights, safety, or property of users, patients, Pressor Systems, or others.

Business Transfers

If Pressor Systems is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to appropriate confidentiality and legal protections.

6. Third-Party Services

Bolus may rely on third-party services, including Firebase, Apple, Google, app stores, cloud infrastructure providers, analytics providers, crash-reporting tools, email providers, support tools, and other vendors.

These services may process limited information necessary to perform their functions. Your use of third-party platforms or services may also be governed by their own terms and privacy policies.

If third-party services are used in connection with protected health information or other regulated information, additional safeguards, agreements, or limitations may apply where required by law.

7. Data Security

Bolus uses administrative, technical, and organizational safeguards intended to protect information associated with the Service.

Security measures may include:

• mandatory app access protection;
• biometric authentication and/or secure device passcode or password requirements;
• encryption supported by the device operating system;
• secure communication channels;
• access controls;
• infrastructure security controls;
• monitoring, diagnostics, and error detection.

Access to the app and case logs requires mandatory authentication, including biometric authentication and/or a secure device passcode, password, or comparable supported method.

Despite these safeguards, no app, device, network, server, or transmission method can be guaranteed to be completely secure.

Users are responsible for maintaining secure devices, restricting access to authorized persons, keeping devices updated, and using compliant workflows when exporting, storing, or transmitting records.

8. Retention and Deletion

Retention periods vary depending on the type of information and the purpose for which it is maintained.

Account and profile information may be retained as long as necessary to maintain your account, provide the Service, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and support business operations.

User-created snippets, templates, settings, and preferences may be retained while your account remains active or as needed to provide sync and account functionality.

Legal acceptance records may be retained for compliance, audit, and dispute-resolution purposes.

Clinical records stored locally on your device remain under your control and may be deleted if you delete the app, clear local data, reset the device, or lose access to the device.

Deleting your account or the app may not delete records that you previously exported, printed, emailed, uploaded, saved to external systems, or otherwise shared outside Bolus.

Pressor Systems may not be able to recover or delete data stored only on your device or data that has already been exported to third-party systems.

9. Your Rights and Choices

Depending on your location and applicable law, you may have rights to access, correct, delete, or receive a copy of certain personal information associated with your account.

You may review, update, or delete certain profile information through the app where those features are available.

You may export your own case records using the app’s available export functions.

You may stop using Bolus at any time and may request account-related changes where applicable.

Some information may be retained where necessary for legal, security, fraud-prevention, audit, subscription, dispute-resolution, or compliance purposes.

Because some clinical records may be stored only locally on your device, Pressor Systems may not be able to access, correct, export, recover, or delete those records remotely.

10. HIPAA and Professional Responsibility

Bolus is designed to support HIPAA-conscious documentation workflows, but compliance depends on how the app is configured and used in practice.

You are responsible for making sure your use of Bolus, including exports, disclosures, devices, destination systems, snippets, templates, settings, and retained records, complies with your legal, professional, employer, facility, and institutional obligations.

If Bolus provides features that create, receive, maintain, transmit, host, or process electronic protected health information on behalf of a covered entity or business associate, additional HIPAA safeguards and contractual terms, including a Business Associate Agreement where legally required, may apply.

11. Intended Users

Bolus is intended for use by healthcare professionals, trained clinical personnel, and authorized users in professional settings.

Bolus is not intended for use by children or by patients as a consumer health application.

12. Future Features

If Bolus later offers cloud backup, synchronization, analytics, collaboration, hosted record storage, multi-device access, or other features involving regulated data, those services may be subject to additional terms, disclosures, safeguards, user choices, and business associate requirements where applicable.

We may update this Privacy Policy before or when such features are made available.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Service, by email, or by other reasonable means.

Your continued use of Bolus after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

14. Contact

If you have questions about this Privacy Policy, contact us at:

Pressor Systems LLC

Email: contact@bolusanesthesia.com

Website: bolusanesthesia.com