Privacy Policy
Last updated: January 3, 2026
Available on: Android, iOS, Web, Windows
Scope Notice: Healthcare Supply Manager is designed for medical supply chain management and inventory tracking only. It tracks supplies, lots, expiration dates, scan history, and team members. It is NOT designed to store Protected Health Information (PHI), patient records, or patient-identifiable data of any kind. Do not enter patient-identifiable information into this application. We follow general data privacy best practices and applicable privacy laws (such as GDPR and CCPA) for the user account and inventory data we do collect.
1. Introduction
Healthcare Supply Manager ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cross-platform application on Android, iOS, Web, or Windows.
2. Platform-Specific Information
Our application is available across multiple platforms with varying data handling:
| Platform | Local Storage | Cloud Sync | Offline Support |
|---|---|---|---|
| Android | SQLite (encrypted) | Optional Firebase | Full |
| iOS | SQLite (encrypted) | Optional Firebase | Full |
| Windows | SQLite | Optional Firebase | Full |
| Web | Firebase only | Required | Limited |
3. Information We Collect
3.1 Information You Provide
- Account Information: When you sign in with Google, we collect your name, email address, and profile picture.
- Inventory Data: Supply items, quantities, locations, expiration dates, barcodes, and related supply chain information you enter into the application.
- Scan History: Records of barcode scans including timestamps and scan results.
- Usage Data: Information about how you use supplies, including usage history and patterns.
3.2 Automatically Collected Information
- Device Information: Device type, operating system, browser type (web), and unique device identifiers.
- Location Data: If you enable location tagging, we collect GPS coordinates when you scan or add items. This is optional and can be disabled in settings. (Not available on web platform)
- Camera Access: The app requires camera access for barcode scanning on mobile platforms. Images are processed locally and not transmitted or stored.
- Usage Analytics: App usage patterns, feature interactions, and performance data to improve the application.
3.3 Third-Party Services
We use the following third-party services that may collect information:
- Firebase: For authentication, cloud storage, and real-time database synchronization.
- Google Sign-In: For user authentication across all platforms.
- Google AdMob: For displaying advertisements to free tier users (mobile platforms only).
- FDA GUDID API: For looking up medical device information by UDI (no personal data transmitted).
4. How We Use Your Information
We use the collected information for the following purposes:
- Provide and maintain the inventory management functionality across all platforms
- Synchronize your data across devices when cloud sync is enabled
- Enable team collaboration features
- Send notifications about low stock levels and expiring items
- Display relevant advertisements to free tier users
- Improve application performance and user experience
- Detect and prevent technical issues and security threats
- Respond to your support requests and communications
5. Data Storage and Security
5.1 Local Storage (Mobile/Desktop)
On Android, iOS, and Windows, all your inventory data is stored locally on your device using SQLite databases. This data remains on your device and is not transmitted to our servers unless you explicitly enable cloud synchronization.
5.2 Cloud Storage
On the web platform, data is stored in Firebase Cloud Firestore. On mobile/desktop platforms with cloud sync enabled:
- Data is encrypted in transit using TLS/SSL
- Data is stored in Firebase Cloud Firestore with access controls
- Personal sync data is accessible only to your authenticated account
- Team sync data is accessible to team members with proper permissions
5.3 Security Measures
- Industry-standard encryption for data transmission and storage
- Secure authentication using Google Sign-In with OAuth 2.0
- Firebase App Check to prevent unauthorized API access
- Regular security updates and vulnerability assessments
- Access controls and permission-based data sharing
6. Advertising
Free tier users on Android and iOS may see advertisements through Google AdMob. Paid subscription tiers (Pro, Team, Enterprise) do not display advertisements. You can upgrade your subscription at any time to remove ads.
Google may collect and use data as described in their privacy policy at https://policies.google.com/privacy.
7. Data Sharing and Disclosure
7.1 We Do Not Sell Your Data
We do not sell, trade, or rent your personal information to third parties.
7.2 Team Collaboration
If you enable team synchronization, your inventory data will be shared with other members of your team. You have full control over this feature and can disable it at any time.
7.3 Service Providers
We may share information with service providers who assist us in operating the application:
- Google Cloud Platform (Firebase) - hosting and database services
- Google AdMob - advertising services (free tier only)
7.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities.
8. Your Rights and Choices
8.1 Access and Control
- Access: You can access all your data through the application interface.
- Export: You can export your inventory data in CSV format at any time.
- Delete: You can delete individual items or clear all data from the settings menu.
- Account Deletion: You can disconnect the app from your Google account at any time.
8.2 Platform-Specific Controls
- Mobile: Control camera, location, and notification permissions through device settings.
- Desktop: Manage local data storage and sync preferences in app settings.
- Web: Use browser privacy controls to manage cookies and local storage.
9. Data Retention
- Local Data: Retained on your device until you choose to delete it or uninstall the app.
- Cloud Data: Retained while your account is active and for 30 days after account disconnection.
- Analytics Data: Aggregated usage data may be retained for up to 14 months.
10. Children's Privacy
Our service is intended for professional use in healthcare settings and is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States where our cloud infrastructure is located. We ensure appropriate safeguards are in place to protect your information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
13. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information (we do not sell data)
- Right to access your personal information
- Right to equal service and price
14. GDPR Rights (European Users)
If you are in the European Economic Area (EEA), you have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: support@ledesign.dev
Subject Line: Privacy Policy Inquiry
We will respond to your inquiry within 30 days.