Coming Soon OstomyRN is launching on the App Store soon. Stay tuned!

Privacy Policy

How we protect your data

Effective: March 16, 2026

1. Introduction

OstomyRN, LLC ("OstomyRN," "we," "us," or "our") operates the OstomyRN mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect information when you use our App.

OstomyRN was built with a privacy-first architecture. We intentionally designed our systems so that your identity and your health-related questions are kept completely separate. Our servers do not store your name, email address, or any personally identifying information.

2. Information We Collect

We collect only the minimum information necessary to operate the App:

2.1 Product Interaction Data

We collect anonymous usage data such as which screens you visit, features you interact with, and general app performance metrics. This data is linked only to opaque, randomly generated identifiers and cannot be traced back to your identity.

2.2 Purchase History

When you make an in-app purchase (such as a message pack), we store a record of the transaction linked to an opaque identifier. This record is not linked to your identity and is used solely to credit your account with purchased items. All payment processing is handled by Apple through StoreKit; we never see or store your payment method details.

2.3 Device-Stored Authentication Tokens

When you sign in, an authentication token is stored securely on your device using the platform's secure storage (Keychain on iOS). This token remains on your device and is used to verify your session. It is never transmitted to OstomyRN servers for storage.

3. Information We Do NOT Collect

We want to be explicit about what we do not collect or store on our servers:

  • Email address — Your email is handled entirely by Auth0 (our authentication provider). It is never transmitted to or stored on OstomyRN servers.
  • Name or personal identifiers — We do not ask for or store your name, phone number, mailing address, or any other personally identifying information.
  • Protected Health Information (PHI) — We do not store any health-related data. The App is designed to avoid collecting PHI entirely.
  • Location data — The App does not access or store your precise location.
  • Contacts, photos, or other device data — We do not access your device's contacts, camera roll, or other personal data.

4. Third-Party Services

The App relies on the following third-party services, each with their own privacy practices:

4.1 Auth0 (Authentication)

We use Auth0 to handle user authentication via passwordless email/OTP and Sign in with Apple. Auth0 stores your login credentials (email address) on their infrastructure. OstomyRN servers never receive or store your email. Auth0's privacy practices are governed by their own privacy policy, available at auth0.com/privacy.

4.2 Apple (In-App Purchases)

In-app purchases are processed entirely through Apple's StoreKit framework. Your payment information is managed by Apple and is never shared with OstomyRN. Apple's privacy practices are governed by their privacy policy at apple.com/privacy.

4.3 OpenAI (AI Chat Assistant)

The App includes an AI chat assistant called Roxy, powered by OpenAI's language models. When you send a message to Roxy, your message is transmitted to OpenAI for processing. See Section 5 below for details on how chat data is handled.

4.4 Convex (Backend Infrastructure)

Our backend infrastructure is hosted on Convex, a serverless platform. Convex processes and stores the limited, de-identified data described in Section 2. No personally identifying information is stored on Convex servers.

5. AI Chat Data

Conversations with Roxy, our AI chat assistant, are handled with the following privacy safeguards:

  • Chat conversations are not linked to your user account. There is no way to associate a conversation with a specific person.
  • Messages are transmitted securely via HTTPS/TLS to OpenAI for processing.
  • Roxy is designed to provide educational information about ostomy care. She does not provide medical diagnoses and encourages users to consult healthcare professionals.
  • We recommend that you do not share personally identifying information (such as your full name, address, or Social Security number) in chat messages.

OpenAI's data usage practices for API customers are governed by their API data usage policy, available at openai.com/policies/api-data-usage-policies.

6. Nurse Finder and Provider Deep-Linking

The App helps you find qualified Wound, Ostomy, and Continence (WOC) nurses. When you choose to connect with a nurse or healthcare provider:

  • You are deep-linked to the provider's external system (such as their scheduling platform or telehealth service).
  • No health information passes through OstomyRN during this process.
  • Any information you share with a provider is governed by that provider's own privacy policy and practices.
  • This separation is intentional: your identity (held by Auth0) and any health-related questions (asked in anonymous chat or on provider platforms) are never combined on our systems.

7. Data Security

We take the security of your data seriously and employ the following measures:

  • Encryption in transit — All connections between the App and our services (Auth0, Convex, and OpenAI) use HTTPS with TLS encryption.
  • Secure token storage — Authentication tokens are stored on your device using the platform's secure storage mechanisms (iOS Keychain via expo-secure-store), which provide hardware-backed encryption.
  • Minimal data retention — Because we collect so little data, our attack surface is inherently small. We cannot lose what we do not have.
  • No PHI — By design, our systems never handle Protected Health Information, eliminating an entire category of data breach risk.

8. Data Retention and Deletion

Because OstomyRN does not store personally identifying information on our servers, there is minimal personal data to retain or delete. If you wish to:

  • Delete your account — You can request account deletion by contacting us at support@ostomyrn.com. We will remove your opaque user record from our system and coordinate with Auth0 to remove your authentication credentials.
  • Clear local data — Uninstalling the App will remove all locally stored data, including authentication tokens, from your device.

9. Children's Privacy

OstomyRN is not directed at children under the age of 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has used the App, please contact us at support@ostomyrn.com and we will take appropriate steps to remove any associated data.

10. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, delete, or port your data. Because OstomyRN stores virtually no personal data on our servers, many of these rights are satisfied by our architecture itself. For any data-related requests, please contact us at support@ostomyrn.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective" date at the top of this page. If we make material changes to how we handle your data, we will notify you through the App or by other appropriate means before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

OstomyRN, LLC
Email: support@ostomyrn.com