Privacy Policy – Clinical Protocols

This Privacy Policy applies to the Clinical Protocols mobile application (available on Google Play at play.google.com), developed and operated by Tactuum in partnership with University of Michigan Health (Michigan Medicine). It describes how we collect, use, and protect information when you use our app and related digital services.

1. About This Policy

Michigan Medicine and Tactuum are committed to protecting the privacy of individuals who use the Clinical Protocols app. This policy explains what information we may collect, how we use it, and the choices available to you. By using Clinical Protocols, you agree to the practices described in this policy.

This policy applies solely to information collected through the Clinical Protocols application. It does not apply to information collected offline or through other applications or websites not linked to this policy.

2. About This Application

Clinical Protocols is a clinical reference application designed primarily for healthcare professionals. It provides access to clinical guidelines, care pathways, and institutional protocols published by University of Michigan Health (Michigan Medicine) and other participating health organisations.

The app is not a personal health-tracking or fitness application. It does not monitor, record, or analyse any individual's personal health metrics, medical history, or clinical outcomes. Its sole purpose is to distribute read-only clinical reference content to authorised users.

3. Health Data – Access, Collection, and Use

Important notice regarding health data: Because Clinical Protocols is a medical-category application, Google Play Store requires us to provide explicit disclosure about health data. This section fully addresses that requirement.

Clinical Protocols does not collect, store, or transmit any personal health data or patient health information, including but not limited to:

Biometric measurements (heart rate, blood pressure, blood glucose, oxygen saturation, body weight, BMI, etc.)
Physical activity or fitness data (steps, calories burned, sleep patterns, exercise records)
Medical history, diagnoses, prescriptions, or treatment records
Protected Health Information (PHI) as defined under HIPAA or equivalent regulations
Electronic Health Records (EHR) or patient chart data
Mental health or substance use information
Genomic or genetic data

The app does not connect to Apple Health, Google Fit, Google Health Connect, or any other personal health platform. No device sensors (accelerometer, heart-rate monitor, camera for health purposes, etc.) are accessed.

What clinical-context data the app does handle:

Professional role selection – When you first open the app you may indicate whether you are a healthcare professional or a member of the public. This choice controls which content is displayed to you. It is stored only on your device and is not transmitted to our servers.
Clinical content interaction analytics – We record which clinical protocols or care pathways you open, download, delete, or search for (identified by toolkit ID and name, not by any patient or case). This data is used solely to improve content quality and app performance and is never linked to patient records.
Feedback about clinical content – If you voluntarily submit feedback about a specific protocol, your name, email address, and comments are transmitted to our servers to allow us to respond and improve content accuracy. Submission is entirely optional.

Health data collected through this app is used exclusively for the purposes stated above. It is not sold, rented, shared with advertisers, used for profiling, or combined with any external health data sources.

4. Information We Collect

The information we collect depends on how you interact with the Clinical Protocols app. We collect only the minimum amount of information necessary to provide our services and fulfil our legitimate purposes.

4a. Account and authentication data

Email address and password – If you sign in using email/password authentication, your email address is collected and stored by Firebase Authentication. Passwords are hashed and never stored in plain text.
Email link sign-in – If you use passwordless email-link sign-in, your email address is temporarily stored on your device to complete the sign-in flow.
Microsoft / Azure AD sign-in – If you sign in via your organisation's Microsoft account, we receive your email address and Microsoft tenant ID from the Microsoft Graph API. The tenant ID is stored locally on your device to personalise content for your organisation. We do not receive your Active Directory password.
University of Michigan (Michigan Medicine) sign-in – If you authenticate via the University of Michigan web login, a session token (cookie) is stored on your device for up to 28 days to keep you signed in. We do not receive your university credentials directly.
Anonymous authentication – Users who access the app without signing in are assigned an anonymous Firebase user ID for analytics purposes. This ID is not linked to any personally identifiable information.

4b. Usage and analytics data

Content interaction events – Via Firebase Analytics, we collect events such as: which protocol toolkit was opened (toolkit ID and name), download requests, content deletions, broken-link clicks, and search queries entered.
App performance data – Device type, operating system version, app version, crash reports, and session duration, collected automatically by Firebase to help us diagnose issues.
Push notification token – When you grant notification permission, a Firebase Cloud Messaging (FCM) token is generated and stored by Firebase. This token is used to send you app update notifications and is not shared with third parties for advertising purposes.

4c. User-generated content stored locally on your device

Bookmarks – Protocol pages you bookmark are saved in an on-device database (Hive). Bookmark data includes the content reference, name, and toolkit ID. This data is not uploaded to our servers.
Notes – Any personal notes you write within the app are stored exclusively on your device. Note content is not transmitted to our servers.
Downloaded content – Toolkits and protocols you download for offline use are stored locally on your device.

4d. Feedback and contact data

If you use the in-app feedback form, the following data is sent to our servers: your name, email address, free-text comments, and a reference to the content you are providing feedback about. This information is used solely to respond to your feedback and improve clinical content accuracy.

4e. Device identifiers (iOS only)

On iOS, the app may request permission to access your device's Advertising Identifier (IDFA) via Apple's App Tracking Transparency (ATT) framework. This is used solely for analytics purposes. You can deny this permission and the app will continue to function normally.

5. How We Use Your Information

Information collected through Clinical Protocols is used to:

Authenticate your identity and provide access to appropriate content for your role.
Personalise content feeds for your organisation or institution.
Deliver push notifications about content updates.
Provide, maintain, and improve the app's features and content.
Respond to your questions, feedback, or support requests.
Monitor app performance, diagnose technical problems, and fix bugs.
Understand usage patterns to guide future development.
Comply with applicable legal and regulatory obligations.
Protect the security and integrity of the application and its users.

We do not sell, rent, or otherwise disclose your personal information to third parties for their own marketing purposes.

6. Cookies and Tracking Technologies

The Clinical Protocols app and associated web services may use cookies and similar tracking technologies (such as SDKs and device identifiers) to enhance functionality and collect analytics data. These technologies help us:

Remember your preferences and settings.
Maintain your authenticated session.
Count app sessions and understand traffic patterns.
Measure and improve app performance using Google Analytics for Firebase.

You may be able to limit the use of certain tracking technologies through your device settings (for example, by resetting your advertising ID or opting out of interest-based advertising in your device's privacy settings).

7. Third-Party Services

The app integrates with the following third-party services that may collect or process data as described in their own privacy policies:

Google Firebase (Firebase Authentication, Firebase Analytics, Firebase Cloud Messaging, Firebase Realtime Database) – provides authentication, analytics, push notifications, and content configuration. Governed by Google's Privacy Policy.
Microsoft Azure Active Directory – provides enterprise single sign-on for users with organisational Microsoft accounts. Governed by Microsoft's Privacy Statement.
Branch (deep linking) – used to handle deep links into the app. May collect device identifiers for link attribution. Governed by Branch's Privacy Policy.
SendGrid (Twilio) – used to process email submissions from the feedback form. Email addresses and feedback content are transmitted to SendGrid for delivery. Governed by Twilio's Privacy Policy.

8. Sharing of Information

We may share information in the following limited circumstances:

Service providers – We engage trusted third-party vendors (see Section 7) who process data on our behalf under confidentiality obligations and only as instructed by us.
University of Michigan Health / Michigan Medicine – As the clinical content partner for Clinical Protocols, Michigan Medicine may receive aggregated, de-identified usage data to evaluate the effectiveness of clinical content.
Legal requirements – We may disclose information when required by law, court order, or government authority, or to protect the rights, safety, or property of Tactuum, Michigan Medicine, our users, or the public.
Business transfers – In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction, subject to the same privacy protections described in this policy.

9. Data Security

Michigan Medicine and Tactuum recognise the importance of maintaining the security of information collected through Clinical Protocols. We employ reasonable physical, administrative, and technical safeguards designed to protect your information from unauthorised access, disclosure, alteration, and destruction.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and we encourage you to take precautions to protect your own devices and credentials.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law:

Authentication session tokens are valid for up to 28 days.
Firebase Analytics data is retained in accordance with Google's standard retention policies.
Feedback submissions are retained for as long as needed to process your request, after which they are deleted or anonymised.
User-generated content (notes, bookmarks) stored on your device persists until you delete it or uninstall the app.

11. Children's Privacy

Clinical Protocols is intended for use by healthcare professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

12. Links to Other Websites

The Clinical Protocols app may contain links to external websites or resources operated by third parties, including the University of Michigan Health website (uofmhealth.org). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Your Choices and Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or request deletion of data we hold about you. To exercise these rights or to ask questions about your data, please contact us using the details in Section 15.

You may also:

Revoke push notification permission at any time in your device settings.
On iOS, deny or revoke the App Tracking Transparency (IDFA) permission in Settings > Privacy & Security > Tracking.
Delete locally stored notes and bookmarks from within the app.
Sign out of your account at any time from the app's settings.
Uninstall Clinical Protocols at any time using your device's standard uninstall process. Uninstalling the app will stop future data collection, though previously collected data may be retained as permitted by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date below and, where appropriate, notify you through the app or by other means. Your continued use of Clinical Protocols after any update constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the data practices of the Clinical Protocols app, please contact:

Developer: Tactuum
App: Clinical Protocols (Google Play listing)
Clinical Content Partner: University of Michigan Health (Michigan Medicine)
uofmhealth.org – Internet Privacy Statement

Last Updated: March 2026