Privacy Policy

1. Data Controller

EKG Cases, operated by Dr. José de Alencar Neto from <strong>São Paulo, Brazil</strong>, is the controller of personal data collected through this platform.

• Legal Name: José de Alencar Neto
• Contact email: privacy@ekgcases.com
• Website: ekgcases.com

2. Personal Data Collected

We collect the following types of personal data:

2.1. Registration Data

• Full name
• Email address
• Password (stored in encrypted form)
• Mini bio (optional)

2.2. Usage Data

• EKG interpretation history
• Scores and performance
• Configuration preferences (hospital type)
• Access date and time

2.3. Payment Data

• Subscription information
• Transaction history

Note: Credit card data is processed directly by Stripe and is NOT stored on our servers.

2.4. Technical Data

• IP address
• Browser and device type
• Operating system
• Cookies and session identifiers

3. Purposes of Data Processing

We use your personal data for the following purposes:

4. Data Sharing

Your data may be shared with:

All partners are contractually obligated to protect your data according to adequate security standards.

5. International Data Transfer

Some of our partners are located outside Brazil. International data transfers are conducted based on:

• Approved standard contractual clauses
• Recognized privacy certifications
• Countries with adequate levels of data protection

6. Data Retention

Your personal data is retained for the following periods:

• Account data: While the account is active + 5 years after deletion
• Usage data (interpretations): While the account is active
• Payment data: 5 years (tax obligation)
• Access logs: 6 months

7. Your Rights

Under applicable data protection laws, you have the following rights:

• Confirmation and access: Know if we process your data and access it
• Correction: Correct incomplete, inaccurate, or outdated data
• Anonymization or blocking: Of unnecessary or excessive data
• Portability: Receive your data in a structured format
• Deletion: Request deletion of data processed with consent
• Information: Know with whom we share your data
• Revocation: Revoke consent at any time
• Opposition: Object to processing in certain circumstances

To exercise any of these rights, contact us at: privacy@ekgcases.com

8. Data Security

We implement technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Passwords stored with bcrypt hash
• Secure authentication with JWT tokens
• Unauthorized access monitoring
• Regular backups
• Restricted data access (principle of least privilege)

9. Cookies

We use cookies for:

• Essential cookies: Authentication and session security
• Preference cookies: Remember your settings

We do not use advertising tracking cookies or third-party marketing cookies.

10. Children's Privacy

The Platform is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13 in compliance with the U.S. Children's Online Privacy Protection Act (COPPA). Furthermore, the Platform is designed for healthcare professionals and medical students, and registration requires users to be at least 18 years of age. If you believe a child under 13 has provided us with personal data, contact us immediately at privacy@ekgcases.com so we can promptly delete it.

11. Notice for United States Residents

If you are a resident of the United States, the following additional disclosures apply:

• We do not sell your personal information. We have never sold personal information and have no plans to do so.
• We do not share your personal information for cross-context behavioral advertising purposes.
• We do not use or disclose sensitive personal information for purposes other than providing the services you requested.
• You have the right to request access to, correction of, or deletion of your personal data by contacting privacy@ekgcases.com.
• We will not discriminate against you for exercising any of your privacy rights.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete it, the right to opt out of the sale of personal information (we do not sell data), and the right to non-discrimination. To submit a verifiable consumer request, email privacy@ekgcases.com. We will respond within 45 days.

EKG data on this Platform: The EKG tracings displayed are de-identified medical records that do not constitute protected health information (PHI) under HIPAA. All clinical contexts (patient stories, symptoms, demographics) are fictional and created for educational purposes.

12. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated by email or through a notice on the Platform.

We recommend reviewing this page regularly to stay informed of any changes.

13. Contact and Data Protection Officer

For questions related to privacy and data protection:

• Email: privacy@ekgcases.com
• Website: ekgcases.com

You may also file a complaint with applicable data protection authorities (including the California Attorney General for California residents) if you believe your rights have not been respected.