Privacy Policy

Track Surgery provides patient-reported outcome software for surgical teams. The platform helps doctors assign surveys, collect patient responses, review messages, analyze trends, and export data.

For doctor account, billing, website, and support information, Track Surgery may act as the data controller. For patient survey responses entered under a doctor or clinic account, the doctor, clinic, or healthcare organization is typically the data controller, and Track Surgery acts as a service provider or processor.

Doctor and account information: name, email address, password hash, subscription status, account settings, export requests, support messages, and billing-related metadata where applicable.

Patient access information: doctor-issued patient ID, patient label created by the doctor, assigned procedures, active survey schedules, notification preferences, and device token information if push notifications are enabled.

Survey and outcome information: questionnaire answers at question level, survey type, procedure, completion date, patient messages submitted at the end of a survey, satisfaction answers, weight and height fields for applicable bariatric questionnaires, calculated scores, and dashboard analytics derived from those answers.

Technical information: IP address, browser or device information, logs, authentication events, API usage, error reports, security events, and approximate timestamps needed to operate and secure the platform.

Track Surgery is designed to minimize patient identity data. Patients log in with a doctor-issued ID, and the platform uses a patient label rather than requiring sensitive identity details such as date of birth, address, insurance number, or government ID.

Survey responses may still relate to health, surgery, symptoms, quality of life, satisfaction, BMI, and recovery. Doctors and clinics must make sure they have the appropriate legal basis, consent, notice, or authorization required to use Track Surgery with their patients.

We use information to provide the platform, authenticate users, display dashboard analytics, store survey responses, manage patient survey assignments, send reminders where enabled, export data, provide support, improve reliability, detect abuse, and maintain security.

We do not sell patient survey responses. We do not use patient survey responses for advertising. We do not require patients to create public profiles.

Where GDPR or similar laws apply, we may process doctor account and support data to perform a contract, comply with legal obligations, protect legitimate interests such as security and fraud prevention, and respond to consent-based requests where applicable.

For patient survey data, the doctor, clinic, or healthcare organization is responsible for identifying the applicable legal basis, such as healthcare provision, explicit consent, legitimate interests, contract, or other lawful grounds available under local law.

We may share information with trusted service providers that help operate Track Surgery, such as hosting, database infrastructure, email delivery, payment processing, error monitoring, backups, and push notification services.

We may also disclose information when required by law, to protect rights and security, to investigate abuse, or as part of a business transfer such as merger, acquisition, or restructuring, subject to appropriate safeguards.

We use technical and organizational measures designed to protect information, including authenticated access, server-side authorization, encrypted transport where deployed with HTTPS, database access controls, restricted public access, and operational monitoring.

No system is perfectly secure. Account holders are responsible for using strong passwords, protecting credentials, limiting dashboard access, and exporting data only to secure locations.

We retain account, patient label, survey, message, analytics, and export-related data for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain backups, and support clinical follow-up workflows.

Doctors may request export or deletion of account data. Some records may remain in backups, audit logs, billing records, or legally required archives for a limited period.

Track Surgery may use cloud infrastructure and service providers located in different countries. Where required, we use contractual, technical, and organizational safeguards intended to protect transferred information.

Doctors and organizations are responsible for confirming that their use of the platform and selected hosting region comply with their local data protection requirements.

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have the right to lodge a complaint with a data protection authority.

Patients should usually contact their doctor or clinic first because the doctor or clinic controls the clinical relationship and patient label. Doctors and account holders can contact support@tracksurgery.com for privacy requests related to the platform.

The public website and dashboard may use essential cookies or local storage for login sessions, security, preferences, and platform functionality. If analytics or marketing cookies are added later, this policy should be updated and consent controls may be added where required.

Track Surgery is not intended for direct use by children without involvement from a doctor, clinic, parent, guardian, or legally authorized representative where required. Clinical teams are responsible for ensuring appropriate authorization for minors.

We may update this Privacy Policy as the platform, legal requirements, or data practices change. Material changes will be communicated through the website, dashboard, or account contact details where appropriate.

For privacy questions, support requests, data export, or deletion requests, contact support@tracksurgery.com.