Privacy Policy

Scope

This Privacy Policy explains how Fesera handles information entered into the App.

Data We Process

Fesera stores session data in the cloud to enable access across devices and reliability of your documentation workflow. We design the App to be used with de-identified content only and instruct users not to include PHI/PII.

• Session content (de-identified): notes, templates, drafts, and associated metadata (timestamps, IDs).
• Account and authentication data: email, hashed identifiers, session tokens.
• Device and usage metadata (non-identifying) for security and performance (e.g., IP at login for fraud prevention, error logs).

The App may also keep limited local caches to improve performance; the authoritative copy of your sessions is stored in our cloud.

Information We Store

Your sessions and related content are stored in our cloud infrastructure. Limited local caches may be used for speed but are not the authoritative copy.

• De-identified session notes and plan drafts.
• Custom templates and preferences.
• Authentication and account metadata.

Important: Do not include PHI/PII (e.g., names, identifiers, facial images) in any content you enter or store in the App.

Cookies and Similar Technologies

We use essential cookies or secure storage (e.g., httpOnly cookies or tokens) for authentication and session management. We do not use advertising cookies, third-party ads, or analytics beacons.

If you contact support (e.g., email), your message may contain personal information you choose to provide. We will only use it to respond to your request.

User Control & Data Portability

• You can view, edit, export, or delete your cloud-stored sessions via the App where available.
• You may request account deletion; we will delete cloud-stored session content after a reasonable processing period, subject to backup retention.
• If you export content to third-party services, their terms and privacy policies govern those copies.

Data Security

We use industry-standard safeguards to protect cloud-stored data.

• Encryption in transit (TLS) and at rest by our cloud providers.
• Role-based access controls and least-privilege practices for systems and personnel.
• Security monitoring and periodic reviews of third-party processors.

Despite safeguards, no system is 100% secure. Use only de-identified content.

Third-Party Sharing

We do not sell your data. We may share data with service providers who process it on our behalf (e.g., hosting, authentication, email). We require them to protect it and use it only for our instructions. We may also disclose information to comply with law, protect rights and safety, or in a business transfer. If you export notes to external systems (e.g., EMR), you are responsible for ensuring proper safeguards and lawful transfer.

Data Retention and Deletion

We retain cloud-stored sessions for your ongoing use. When you delete sessions or your account, we remove active copies and then delete from backups within a reasonable period. We may retain minimal logs as required for security, fraud prevention, or legal obligations.

Compliance Responsibility

While Fesera is designed to facilitate compliant documentation, ultimate responsibility for meeting professional and legal obligations — including HIPAA, PIPEDA, GDPR, or local health-record statutes — rests with you. Use only de-identified content in the App.

Changes to This Policy

We may amend this Privacy Policy. The updated policy will replace prior versions and will be packaged with software updates.