Privacy Policy
- Sonolex stores your case data on your device only — no cloud sync, no account required.
- Supervisor review is opt-in and de-identified. You choose, per case, whether to send.
- No patient identifiers ever leave your device. A PHI sanitizer runs locally before send and again on the server.
- Exports happen only when you tap Export — you choose where they go.
- No advertising. No third-party tracker reads your case data. Site-traffic analytics (GA4 with IP anonymization) only — never case content.
- We do not sell, share, or monetize your data in any form.
1. Who we are
Sonolex is an iOS application and companion web tool published by Sonolex ("we", "our", "us"). It is designed to help clinicians document echocardiography studies in a board-style logbook format. Our support contact is support@sonolex.com.
2. What data Sonolex processes
Sonolex processes only the data you explicitly enter:
- Trainee profile: name, credentials, designation, institution, and optionally a professional email address.
- Supervisor profiles: name, credentials, specialty, institution, and a work email address (required only if you use supervisor review).
- Case records: locally assigned case numbers, encounter dates, echo family (CCE/TTE/TEE/POCUS), indication, diagnosis, shorthand text, structured parsed findings, and supervisor signoff timestamp and name when applicable.
- App preferences: appearance settings, onboarding completion state.
Patient identifiers are explicitly out of scope. The app instructs users not to enter patient names, medical record numbers, dates of birth, or other personal health identifiers. Exports use local case numbers only. If you opt to send a case for supervisor review, a PHI sanitizer runs on-device before transmission and again on the server; cases that fail the check are rejected and not stored on the server.
3. How data is stored
On-device storage. All case data is stored locally on your iOS device using Apple's SwiftData framework, or in your browser's local storage if you use sonolex.com directly. Data is subject to your device's standard encryption and is protected by your device passcode / biometrics.
iOS data is included in standard device backups (iCloud Backup or iTunes/Finder backup) if you have backups enabled. You can exclude the app from iCloud Backup in iOS Settings.
Supervisor review server (optional). If you opt to send a case for supervisor review, the de-identified case payload is stored on a server we operate (api.sonolex.com) for the duration of the review thread. Threads are automatically purged after the supervisor signs or after 30 days of inactivity, whichever comes first. The server stores a hash-chained audit log of review actions (open, sign, decline) for educational integrity; the audit log does not contain case content.
4. How data is transmitted
The iOS app and sonolex.com do not transmit case content unless you explicitly send a case for supervisor review or use the iOS Share Sheet to export it.
Supervisor review (opt-in). When you tap Send for review, the de-identified case payload is transmitted to api.sonolex.com over TLS. The supervisor receives a magic-link email and opens the case in their browser. They never install the app, and they do not create an account.
Email. We use Postmark to deliver supervisor magic-link emails. Postmark processes the recipient email address and message contents in transit. We do not include case content in the email body itself — the email only contains a one-time-use review link.
Exports. PDF logbooks, case files, and CSV exports are generated entirely on-device and are only transmitted when you explicitly use the iOS Share Sheet or browser download to choose a destination.
5. Who can see your data
For on-device cases: only you.
For cases you send for supervisor review: only the supervisor at the email address you specify, until the thread expires. Because the case is de-identified at source, the server holds no patient identifiers. We (the developers) do not browse review threads.
- Apple can access data stored in your iCloud Backup per their privacy policy, if iCloud Backup is enabled.
- No third party can see your case data unless you share an export with them or send a case for review.
6. Analytics and tracking
The iOS app does not include any analytics SDK, crash reporting service, advertising framework, or third-party tracking library that collects your case data.
sonolex.com uses Google Analytics 4 with IP anonymization for aggregate site-traffic measurement (page views, referrers, country). GA4 does not have access to your case content, shorthand text, or review-thread contents.
Apple may collect anonymous, aggregated App Store analytics (installs, crashes) as part of the standard App Store relationship. This is governed by Apple's Privacy Policy and does not include your case content or profile data.
7. Children's privacy
Sonolex is designed for licensed healthcare professionals and trainees. It is not directed at children under 13. We do not knowingly collect information from children.
8. Clinical and medical disclaimer
Sonolex is a documentation tool. It is not a medical device, does not provide clinical diagnosis, and does not offer medical advice. The echo parser produces heuristic-based summaries for documentation purposes only. All clinical decisions remain entirely the responsibility of the treating clinician.
The supervisor signoff recorded in Sonolex is an educational record only. It does not verify institutional approval, board certification, or the supervisor's professional credentials, and is not a substitute for an institutional reading, attending EMR sign-off, or a billable interpretation.
Sonolex is not affiliated with, endorsed by, or approved by any certification board, professional society, or regulatory body, including the National Board of Echocardiography (NBE) or the American Society of Echocardiography (ASE).
9. Data retention and deletion
On-device data. Retained on your device until you delete it. You can delete individual cases from within the app. You can delete all app data by uninstalling Sonolex — iOS removes all associated SwiftData storage when an app is uninstalled.
Supervisor review threads. Auto-purged from the server after sign or after 30 days of inactivity. You may also request immediate deletion of any thread you opened by emailing support@sonolex.com with the thread ID; we will delete within 5 business days.
Self-serve account deletion. If you have a sonolex.com account, you can delete it at any time from the Profile page. The deletion cascades across your user record, every case you composed, all review threads you started, the hash-chained audit events on those threads, and any pending email-verification tokens. Cases sent to you (where you were only a recipient) are kept because they belong to the trainee who composed them.
Email verification. Cases addressed to your email only become visible after you confirm a one-time link sent to that address. The verification token expires in 30 minutes and is consumed on first use; no extra personal data is stored.
Because we hold no copy of your on-device data, we cannot fulfill on-device deletion requests on your behalf — that deletion is performed by you, on your device.
10. Changes to this policy
If we materially change this privacy policy, we will update the effective date at the top of this page. For changes that meaningfully affect how data is handled, we will provide notice within the app and on sonolex.com.
The current policy is always available at sonolex.com/privacy.
Contact us at support@sonolex.com. We will respond within 5 business days.