Privacy Policy — Residipok
This Privacy Policy describes how the Residipok mobile application (“Residipok,” “we,” “our,” or “the app”) handles information about you (“you” or “the user”). By installing, creating an account, or using Residipok you agree to the practices described below. If you do not agree, do not install or use the app.
1. Who we are
Residipok is an educational reference application for licensed healthcare professionals and trainees. It is published by an individual developer (“the developer”). Residipok is not a medical device, does not provide medical advice, and is not intended to diagnose, treat, cure, or prevent any disease.
2. Summary
- Residipok requires a free account to use, created with an email address (with email verification), Apple Sign-In, or Google Sign-In.
- We collect only what is required to maintain that account: your email address, a unique account identifier, and (if you choose to share it via Apple or Google) your name.
- We do not sell, rent, share, or transfer any user data to third parties for advertising, marketing, or any other purpose unrelated to running your account.
- We do not contain advertising, analytics SDKs, tracking pixels, attribution SDKs, or social-media SDKs.
- The reference content and your in-app preferences are stored only on your device.
- You can delete your account at any time from the About screen inside the app, which permanently removes your account record.
3. Information we collect
3.1 Account information (required)
To create and maintain your Residipok account, we collect:
| Item | Source | Purpose |
|---|---|---|
| Email address | You provide it on sign-up, or it is supplied by Apple / Google when you use their sign-in flow | Account identification, password reset, email verification, security notifications |
| Account identifier (Firebase UID) | Generated by Firebase Authentication when your account is created | Internal account identifier; never shown to other users |
| Auth-provider identifier | Apple ID subject identifier or Google account ID, depending on sign-in method | To recognize you on future sign-ins via that provider |
| Display name (optional) | You may share a name when signing in with Apple or Google; we do not require it | Display in the About screen so you can confirm which account you are signed into |
If you sign in with Sign in with Apple, Apple allows you to share an anonymized relay email instead of your real email. Residipok supports this — we never see your real email if you choose this option.
3.2 On-device data
The following information is stored locally on your device only and never sent to us:
| Item | Purpose |
|---|---|
| In-app disclaimer acceptance flag, version, and timestamp | So we do not prompt you on every launch |
| Authentication session token | So you do not need to sign in on every launch (managed by Firebase Authentication’s secure on-device storage; iOS Keychain / Android EncryptedSharedPreferences) |
| Future per-user preferences (e.g. favorites, dark mode) | When such features are added, they will also be stored locally unless this policy is updated |
3.3 What we explicitly do NOT collect
To be explicit, Residipok does not collect:
- Patient information of any kind
- Search queries or in-app navigation telemetry
- Usage analytics or product-analytics events (no Mixpanel, Amplitude, PostHog, Segment, or similar)
- Crash reports or diagnostic logs (no Sentry, Firebase Crashlytics, or similar)
- Advertising identifiers (IDFA, AAID), nor MAC, IMEI, or other device hardware IDs
- Your precise or approximate location (GPS, IP-derived, or otherwise)
- Photos, microphone, calendar, contacts, or any other on-device content
- Health, fitness, or biometric data — Residipok does not integrate with Apple Health or Google Health Connect
- Payment or financial information — Residipok is free, with no in-app purchases
4. Third-party services we use
To run authentication, Residipok uses Firebase Authentication, operated by Google. Firebase processes your email address, password (in hashed form only), authentication tokens, and IP-address request metadata strictly for the purpose of running the sign-in / verification / password-reset flow. Firebase acts as a data processor on the developer’s behalf. Google’s privacy practices for Firebase are described in the Firebase Privacy and Security documentation and the Google Privacy Policy.
If you choose Sign in with Google, your interaction with Google’s OAuth flow is governed by Google’s own privacy policy. Residipok only receives the basic profile information (account ID, email, name) you consent to share at sign-in.
If you choose Sign in with Apple, your interaction with Apple’s OAuth flow is governed by Apple’s privacy policy. Residipok only receives the basic information Apple shares with us (identifier token, and email/name if you choose to share them).
Residipok does not integrate any analytics, advertising, attribution, or social SDK. The only outbound network traffic the app makes is:
- Authentication requests to Firebase Authentication endpoints (under
*.firebaseapp.comand*.googleapis.com). - Optional app updates served by the Expo Application Services Update infrastructure (under
*.expo.dev), which never receives personal information.
5. How we use your information
We use the information we collect only to:
- Create, authenticate, and maintain your Residipok account.
- Send transactional emails: email verification, password reset, account deletion confirmation.
- Communicate security or policy notices specific to your account when required.
- Diagnose account-level bugs or fraud you report to us.
We do not use your information to:
- Advertise to you or to third parties.
- Track you across other apps or websites.
- Build a profile for advertising, segmentation, or analytics purposes.
- Sell or trade your information.
6. Sharing your information
We do not sell, rent, share, or transfer any personal data to third parties for advertising or marketing.
We may share information only in the following narrow cases:
- Service providers — Firebase Authentication (Google), which processes the data described in Section 4 strictly on our instructions, for the sole purpose of running authentication.
- Legal obligations — if compelled by a valid subpoena, court order, or similar lawful process from a jurisdiction where we operate.
- Protection of safety — to prevent imminent harm or fraud, in narrowly tailored circumstances.
If the developer is ever acquired, you will be notified before any change of data controller takes effect, and you will have the opportunity to delete your account before the transfer.
7. International data transfers
Firebase Authentication processes data in Google data centers located in the United States and other regions. By creating a Residipok account you consent to this processing.
8. Children’s privacy
Residipok is intended for healthcare professionals and trainees, presumed to be at least 17 years of age. The app is not directed at children under 13 and we do not knowingly collect any information from children.
9. Security
- All network traffic between the app and Firebase Authentication is encrypted in transit using TLS.
- Passwords are never sent to the developer in plain text; Firebase Authentication stores only a one-way hash.
- The on-device session token is protected by the operating system’s secure storage (iOS Keychain / Android EncryptedSharedPreferences).
- No personal data is stored on the developer’s servers — there are no servers operated by the developer.
10. Your rights
Regardless of where you live, you can:
- View your account details at any time in the About screen inside the app.
- Change your password via the “Forgot password” flow on the sign-in screen.
- Sign out of your account at any time in the About screen.
- Permanently delete your account in the About screen → Delete account. This removes your Firebase Authentication record. Account deletion is immediate and irreversible.
If you are in the EU/UK and the GDPR applies, you have the additional rights granted by it (access, rectification, erasure, restriction, portability, and objection). Because the data we hold is minimal — your email, account ID, and optional name — you can effectively exercise these rights with the in-app Delete account function or by emailing the developer at the address listed on the App Store and Google Play listings.
If you are in California and the CCPA/CPRA applies, you have similar rights, and we do not “sell” or “share” your personal information as those terms are defined under California law.
11. Data retention
- Account data is retained for as long as your account exists.
- When you delete your account, your Firebase Authentication record is removed immediately.
- Transactional emails (verification, password reset) are not stored by the developer; Firebase may retain delivery logs for a limited period for fraud-prevention purposes.
12. Changes to this policy
If this policy changes, the updated text will be published at the same URL and the Last updated date above will reflect the change. Material changes will also be surfaced in-app on the next launch and you may be asked to re-acknowledge the disclaimer.
13. Contact
For privacy questions, contact the developer at the email address listed on the App Store and Google Play listings for Residipok.