Privacy Policy

Information We Collect

Personal Information You Provide

Account Information:

• Full name, email address, and password (encrypted)
• Role (Faculty, Trainee, Admin, Leadership, or System Admin)
• Organization/Institution affiliation and program enrollment
• Department, specialty, and cohort information
• Start date (for trainees)

Assessment and Performance Data:

• Entrustable Professional Activity (EPA) assessments and ratings
• Shift dates and locations
• Performance evaluations and comments
• Feedback (both private and shared)
• Progress tracking and competency milestone achievements

Support and Communication Data:

• Support requests, bug reports, and feedback
• Communications with our support team

Automatically Collected Information

• Device type and operating system
• Mobile network information
• App usage statistics and analytics
• Authentication tokens (stored locally on device)
• Crash logs and error reports

How We Use Information

Educational and Training Purposes

• Facilitate competency-based medical education assessments
• Track trainee progress and performance
• Provide feedback and coaching to medical trainees
• Generate performance analytics and reports
• Support milestone-based training programs

Account Management

• Create and manage user accounts
• Authenticate users and maintain security
• Provide role-based access to features
• Communicate important account updates

Service Improvement

• Monitor and analyze usage patterns
• Improve app functionality and user experience
• Identify and fix technical issues
• Develop new features and capabilities

Compliance and Safety

• Maintain audit trails for educational compliance
• Ensure data integrity and security
• Comply with institutional policies
• Respond to legal requirements

Data Sharing and Disclosure

Within Your Institution

We share your information within your medical training program based on roles:

• Faculty can view assessments they create and performance data for trainees they evaluate
• Trainees can view their own assessments and feedback
• Program Leadership can view aggregate data and program-wide analytics
• Administrators have access necessary for program management

Third-Party Service Providers

We may share information with trusted third-party providers who assist in operating the app:

• Cloud hosting providers (for secure data storage)
• Analytics services (for usage statistics)
• Customer support tools

All third-party providers are bound by confidentiality agreements and prohibited from using your information for any purpose other than providing services to us.

Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (court orders, subpoenas)
• Requests from government authorities
• Protection of our rights and safety
• Investigation of fraud or security issues

Security Measures

Protecting sensitive data is central to our mission. EPAnotes employs multiple layers of protection, including:

• Encryption: Data is encrypted both in transit and at rest using industry-standard protocols.
• Access Controls: Role-based permissions ensure information is only accessible to authorized individuals.
• Monitoring: Regular system monitoring and updates help prevent unauthorized access or vulnerabilities.

While no system can guarantee absolute security, we are committed to maintaining the highest reasonable safeguards to ensure data confidentiality, integrity, and availability.

Regulatory Compliance

EPAnotes is designed to meet the requirements of applicable privacy and data protection laws. As part of our commitment to safeguarding sensitive information, EPAnotes is fully HIPAA compliant, ensuring the confidentiality and security of protected health information (PHI).

We continuously review our policies and technical safeguards to maintain compliance with:

• FERPA (Family Educational Rights and Privacy Act)
• HIPAA (Health Insurance Portability and Accountability Act)
• Institutional data protection policies
• Medical education accreditation standards
• General data protection best practices

Individual institutions are responsible for ensuring their use of EPAnotes complies with applicable laws and regulations in their jurisdiction.

Your Rights and Choices

Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request a copy of your data
• Contact: support@epanotes.com

Account Deletion

You may request account deletion by contacting your program administrator or support@epanotes.com. Note that some information may be retained as required by educational compliance requirements.

Data Portability

You can export your assessment data and performance reports directly within the app.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

Data Retention

We retain personal information only as long as necessary to deliver services or comply with legal and institutional requirements. Retention periods for institutional data are determined by the sponsoring program.

Changes to This Policy

We may update this Privacy Policy periodically to reflect improvements in our practices or regulatory requirements. Updates will be posted on this page with a revised effective date.

Contact Us

If you have questions or concerns about this Privacy Policy or how your information is handled, please contact us: