Privacy Policy

Overview

Extra Hands CPR Assistant ("the App") is developed and published by iHarig LLC. We are committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our mobile application.

Information Collection and Use

We do not collect or transmit any personal information or user data. All data remains on your device.

The App is designed to function primarily offline. It stores data locally on your device for your own use. No personal data, case data, or user-entered content is transmitted to iHarig LLC servers, third-party services, or any external system. The only network requests the App makes are:

• Release notes: Checking for release notes at iharig.com/extrahands/news.json. This is a static JSON file. No user data is sent; the request contains only standard HTTP headers (your IP address is seen by our hosting provider for routing purposes).
• PDF fonts: When you first generate a PDF case summary, the App downloads Noto Sans fonts from Google Fonts (fonts.googleapis.com) to ensure proper rendering across all supported languages. Fonts are cached locally after first download. No case data, user data, or personal identifiers are sent to Google. Google Fonts may log your IP address per their standard CDN logging.

Local Data Storage

The App stores the following information locally on your device:

• User preferences and settings (BPM, CPR mode, device type, language, etc.)
• CPR session case summaries (timestamps, event logs, medications administered, shock counts, compression data)
• Crew member names and identifiers (Pro feature — user-entered)
• Agency/department names, logos, and configurations (Pro feature — user-entered)
• Cardiac Arrest Registry data fields (Pro feature — user-entered)
• Custom medication and action lists
• Generated PDF case summaries
• Pro Library reference PDFs that you add to your own library (Pro feature — user-provided)
• First-run acknowledgment and language preference status

This data is stored using your device's local storage mechanisms and encrypted using platform-standard security (iOS Keychain, Android Keystore). Data is never transmitted off your device. You maintain full control and can delete it at any time by using the in-app data management features, clearing the App's data through your device settings, or uninstalling the App.

No Third-Party Analytics or Advertising

The App does not integrate with any third-party analytics services, advertising networks, or behavioral tracking tools. The App does not use cookies, tracking pixels, or fingerprinting technologies. No usage data, session data, CPR event data, crew data, or case data is transmitted off your device to any party.

Subscription and Payment Services

Pro subscriptions and tip-jar purchases are processed through Apple App Store (iOS) or Google Play (Android) using their standard billing systems. Subscription state is managed by RevenueCat, our subscription-infrastructure provider. When you subscribe, purchase a tip, or the App checks your subscription status, the following information is transmitted:

• An anonymous RevenueCat user identifier, not linked to your name, email, or any other personal data the App stores
• Your Apple or Google in-app purchase receipt (standard store billing data)
• Platform metadata such as OS version, app version, and device locale

RevenueCat does not receive your CPR event data, crew data, case logs, or any clinical content. See RevenueCat's Privacy Policy for their practices. Apple's and Google's privacy policies govern their billing systems.

User-Initiated Data Sharing (Pro)

Pro users can choose to export their own data out of the App at any time. Export is never automatic and never happens without an explicit user action. Exports include:

• CSV export of individual case logs
• PDF case summaries for individual cases
• JSON crew and agency exports for transferring roster and department configurations between devices
• Extra Hands container files (.extrahands) that bundle agency configuration, crew roster, case history, agency logo, and Pro Library PDFs into a single shareable file for transfer between devices or users

The App does not upload exported files to our servers. Files are saved to your device or shared through your operating system's standard share sheet. Once a file leaves the App through export, it is under your control and subject to whatever storage, messaging, or cloud service you send it to. We have no visibility into, and no responsibility for, data after it leaves the App through your own action.

When another user sends you an Extra Hands container file, the App imports its contents only after you confirm an on-device preview dialog showing exactly what will be added or updated. Imports are never silent.

Dates of birth used locally to deduplicate crew members never leave the device. Exports contain only a derived identifier (a cryptographic hash of name, crew ID, and date of birth) that lets receiving devices merge duplicate crew records without exposing the birthdate itself.

Pro Library PDFs that you add to your own library are stored locally on your device. If you include them in an Extra Hands container export, those PDFs travel inside that file to whoever you share it with. You are responsible for any copyright or licensing terms that apply to PDFs you add to your library and any you share.

Users are responsible for following their organization's patient-data policies and applicable regulations (HIPAA, GDPR, LGPD, and others) when deciding what to export and where to send it.

Release Notes

The App fetches a small JSON file from iharig.com approximately once per day to display up-to-date release notes in your chosen language. This is a standard web request and results in a routine server access log entry (IP address, timestamp, user agent) as with any website visit. No identifier from the App is transmitted and nothing is cross-referenced with any other data.

Website (iharig.com) Note

Our website at iharig.com includes a Google Translate widget as an accessibility tool so visitors can read our pages in their preferred language. When a visitor activates translation, Google may set cookies and process data according to Google's own privacy practices. This applies only to the website and not to the mobile App. See Google's Privacy Policy for details on Google Translate. Our server access logs follow standard web-server practice and are not cross-referenced with any analytics product.

Camera and Flashlight Access

The App may request access to your device's flashlight/torch functionality to provide visual cues during CPR procedures. This access is used solely for the intended functionality and does not involve capturing images, videos, or any other data.

File System Access

When you generate PDF summaries of CPR sessions, the App requests permission to save files to your device's storage. These PDF files are saved to a location you specify and remain under your complete control. The App does not access, read, or modify any other files on your device.

Data Security

Because all data remains on your device and is never transmitted, the security of your data is primarily dependent on your device's security settings. We recommend:

• Using device encryption if available
• Setting a secure lock screen password/PIN
• Keeping your device's operating system updated
• Being cautious about who has physical access to your device

Children's Privacy

The App is designed for professional medical use and is not intended for children under 13 years of age. We do not knowingly collect any information from children.

Medical Information Disclaimer

While the App stores session event data locally on your device, this information is for your professional reference only. Users are responsible for following applicable privacy and data protection regulations (including HIPAA, GDPR, LGPD, and other regional requirements) and their organization's policies regarding patient data. The App is an educational assistance tool and is not designed to be a secure medical records system.

Your Rights

Because we do not collect or transmit any user data to our servers, there is no server-side data for us to access, modify, or delete. You have complete control over all data stored locally on your device. You may:

• Delete individual CPR sessions and event logs within the App
• Clear all App data through your device settings
• Uninstall the App to remove all associated data

Compliance

This Privacy Policy is designed to comply with applicable privacy laws and regulations, including GDPR, CCPA, LGPD, and other regional privacy requirements. Since we do not collect, transmit, or remotely process any user data, and all data remains on your device under your control, many provisions of these regulations regarding server-side data processing do not apply to our App.

Changes to This Privacy Policy

iHarig LLC may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have questions about this Privacy Policy, reach out through our contact form or use the details below: