← Back to home

Privacy Policy

1. Who we are

If you are a clinician using this App, you are the App's user. If you are a patient whose data is captured by a clinician using this App, your information is treated as third-party Patient Information governed by the Business Associate Agreement (BAA) between us and the clinic.

2. Information we collect

The App collects the following categories of information when a clinician scans a patient and submits an orthotic order. All collection is for the sole purpose of fabricating the prescribed orthotic device and shipping it back to the clinic.

2.1 Clinic information

2.2 Patient information

2.3 Clinical scan and prescription data

2.4 Information we do NOT collect

The App does not collect location data (no GPS, no Wi-Fi positioning), microphone audio, contacts, browsing or search history, device advertising identifiers, financial information, photos from your photo library, or any analytics about how you interact with the App. The App does not integrate with HealthKit and does not read or write data to any other Apple system framework that would surface user data.

The App does not collect any data about minors under the age of 13. Patient data submitted by a clinician may relate to a patient of any age; we treat all patient data with the same protections regardless of the patient's age.

3. How we use information

We use the information collected solely to:

  1. Receive, fabricate, and ship orthotic devices ordered through the App.
  2. Communicate with the clinic about the status of submitted orders.
  3. Verify that orders originate from an authorized clinic device.
  4. Comply with our legal and regulatory obligations.

We do not use the information for advertising, marketing, analytics, profiling, training machine-learning models, or any other purpose not described above. We do not sell, rent, or trade any information collected through the App.

4. Legal basis for processing (GDPR)

For users in the European Economic Area, the United Kingdom, and Switzerland, our legal basis for processing this information is:

Patient information categorized as "special category data" under GDPR Article 9 is processed in reliance on the explicit consent the clinic obtains from the patient under its own privacy practices, and on Article 9(2)(h) (provision of medical care).

5. How information is shared

We share information only as follows:

We do not share information with advertising networks, data brokers, or social-media platforms.

6. Storage, security, and retention

6.1 Storage

6.2 Retention

We retain submitted order data for the period required to fabricate the orthotic, support the clinic's records-retention obligations under applicable healthcare laws, and comply with our own legal obligations. The retention period for completed orders is governed by the BAA between us and the clinic.

Clinics may request deletion of their data at any time by contacting privacy@3dscanorthotics.com. We will honor verified deletion requests within 30 days, subject to retention exceptions required by law.

6.3 Security

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit (TLS 1.2+), encryption at rest, access controls, and audit logging. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

7. HIPAA and Business Associate Agreement

Where this App is used by a clinic that is a HIPAA Covered Entity in the United States, we operate as a Business Associate. Use of the App in that context is governed by a Business Associate Agreement (BAA) between 3DScanOrthotics, Inc. and the clinic. The BAA controls in the event of any conflict with this Privacy Policy with respect to patient PHI.

8. Your rights

Depending on where you are located, you may have rights with respect to information about you, including:

To exercise any of these rights, contact us at privacy@3dscanorthotics.com. We will respond within the period required by applicable law (typically 30 days).

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.

9. International transfers

We are based in the United States. If you access the App from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses adopted by the European Commission or other appropriate safeguards for international transfers.

10. Third-party software in the App

The App is built using the following third-party libraries, none of which transmit data off the device on our behalf:

The full PrivacyInfo manifest declaring required-reason APIs is included in the App bundle and available to Apple at App Review.

11. Children's privacy

The App is not directed at children under 13 and is intended for use only by licensed adult clinicians. We do not knowingly collect any information from clinicians under 18. If you believe a minor has used the App, contact us at privacy@3dscanorthotics.com and we will take appropriate steps.

12. Medical disclaimer

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active clinics by email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact us

For any questions about this Privacy Policy or our privacy practices, contact:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. EU/UK residents may contact the supervisory authority in their country of residence.