Privacy Policy
This Privacy Policy describes how Strukto LLC processes personal information collected through the VitalTrak mobile application. Because VitalTrak's primary deployment is in Mexico, this policy is also issued as an Aviso de Privacidad Integral under the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) — see the Spanish version for the LFPDPPP-formatted notice.
1. Identity of the controller
Strukto LLC ("Strukto", "we", "us") is a limited liability company organized under the laws of the State of Texas, USA, with registered address at 5511 Parkcrest Drive, Austin, TX 78731, USA. Strukto develops and operates the VitalTrak mobile application and related services (collectively, the "Application").
For any matter related to this Policy or your personal data, contact Strukto's privacy team at info@strukto.tech.
2. Roles in the processing of data
VitalTrak is used by hospitals, clinics, and medical centers (the "Institutions") to record and track surgical procedures. Institutions upload patient data to the Application; family members access scoped procedure information; medical staff act on those records.
The roles in data processing are:
- Patient data: the Institution acts as the data controller and Strukto acts as a processor operating the infrastructure on the Institution's instructions. The privacy notice given to patients is issued directly by the Institution.
- Data of medical staff, clinic administrators, and family members who register in the Application: Strukto acts as the data controller, since Strukto collects this data at sign-up and processes it to operate the Application.
This distinction matters when a user deletes their account: the registered user's own data is erased (because Strukto controls it), but patient data — including the full clinical record — remains in the custody of the treating Institution, which is the legal data controller for the medical record and is required to retain it under Mexican Official Standard NOM-024-SSA3-2012. As a processor, Strukto cannot delete the patient's clinical record at a family member's request (see Section 7).
3. Personal data we collect
3.1 Medical staff and clinic administrators
| Identification | Full name, email, phone, profile photo (optional). |
|---|---|
| Professional | Professional license number ("cédula"), specialty, role (surgeon, anesthesiologist, nurse, orderly, administrator), years of experience. |
| Authentication | Hashed password, session identifiers. |
3.2 Registered family members
| Identification | Full name, email, phone. |
|---|---|
| Relationship | Relationship to the patient (spouse, mother, father, child, sibling, other), access code used. |
| Authentication | Hashed password, session identifiers. |
3.3 Patient data uploaded by Institutions
This data is uploaded by the Institution and Strukto stores it as a processor. Strukto does not collect this data directly from patients.
| Identification | Full name, age, photo (optional), health insurance information (provider, policy number, validity). |
|---|---|
| Contact | Phone, email, emergency contact (name and phone). |
| Sensitive health data | Blood type, allergies, prior medical conditions, prior surgeries, family medical history, current medications, clinical notes, surgery type and description, diagnosis, doctor notes, post-operative instructions, lab results (pre-operative, lab work, imaging), pre-operative checklist, follow-up dates. |
Sensitive personal data. The health data listed in section 3.3 is considered sensitive personal data under Mexican law (Article 3, fraction VI of the LFPDPPP) and would also fall under heightened protections under HIPAA in the United States where applicable. It is processed only with the express consent of the data subject (collected by the Institution as controller) and under enhanced security measures.
3.4 Technical and security data
| Connection | IP address, user-agent, device type, operating system, application version. |
|---|---|
| Audit | Access logs, failed authentication attempts, hashed access code used, timestamps for actions performed. |
3.5 Disclosures for App Store and Google Play
For consistency with this Policy, the following table summarizes the data categories VitalTrak declares in the App Privacy section of App Store Connect and in the Google Play Data Safety form. All categories are collected linked to the user's identity and are used exclusively for the operation of the Application (App Functionality).
| Category | Examples | Declared purpose |
|---|---|---|
| Contact info | Email address, name, phone (optional) | App functionality |
| Identifiers | Internal user ID, session identifier | App functionality |
| Health & fitness | Blood type, allergies, medical history, current medications, lab results | App functionality |
| Sensitive info | Diagnoses, procedure descriptions, post-operative instructions | App functionality |
| Other user content | Notes and observations captured by medical staff | App functionality |
| Usage & diagnostics | IP address, user-agent, action timestamps | Security analytics |
VitalTrak does not use any of these categories for advertising tracking, cross-app tracking, or third-party marketing. VitalTrak does not share this data with advertising networks, data brokers, or third parties for their own commercial purposes. The Application does not integrate any advertising SDKs.
4. Purposes of processing
4.1 Primary purposes (necessary for the service)
- Create, authenticate, and manage your account.
- Operate surgical tracking: register surgeries, advance stages (registration, preparation, in-surgery, recovery, discharge), and display information to authorized users.
- Allow family members to track a procedure via the access code issued by the Institution.
- Assign and coordinate the medical staff participating in each procedure.
- Store and display medical history, pre- and post-operative instructions, and lab results when the Institution captures them.
- Generate audit logs and security records.
- Detect and prevent abuse, fraud, and unauthorized access attempts.
- Comply with applicable legal obligations.
4.2 Secondary purposes (not necessary)
As of the last update of this Policy, VitalTrak does not process data for secondary purposes such as marketing, commercial prospecting, or advertising. If Strukto decides to introduce secondary purposes in the future, we will request your express consent or provide a clear opt-out mechanism.
5. Data sharing and transfers
To operate the Application, Strukto uses technology providers that may process your data on our behalf:
| Recipient | Purpose | Location |
|---|---|---|
| Supabase Inc. | PostgreSQL database, authentication, Realtime, and Edge Functions. | USA |
| Vercel Inc. | Legal site (privacy/terms) and future admin web hosting. | USA |
| Expo (Expo Application Services) | App build, OTA updates, push notifications. | USA |
| Google LLC (Google Play) | Android distribution. | USA |
| Apple Inc. (App Store) | iOS distribution. | USA |
| Competent authorities | Compliance with valid legal requests. | As applicable. |
The providers listed above act as processors for Strukto under contracts containing data-protection clauses equivalent to those required by the LFPDPPP. They do not use the data for their own purposes. Strukto does not sell, rent, or trade your personal data with third parties for commercial or advertising purposes.
5.1 International transfers
Strukto's infrastructure and that of the providers listed above is primarily located in the United States of America. Personal data of users in Mexico is therefore transferred outside Mexican territory. Strukto ensures that such providers maintain contractual and technical safeguards equivalent to those required by the law applicable to the data subject.
6. Your rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Access the personal data we hold about you.
- Rectify data that is inaccurate or incomplete.
- Erase your data when it is no longer required for the purposes for which it was collected.
- Object to the processing of your data for specific purposes.
- Withdraw your consent previously granted, where processing was based on consent.
- Limit the use or disclosure of your data.
- Portability of your data, where applicable.
Mexican users may exercise the ARCO rights specifically defined under LFPDPPP (Acceso, Rectificación, Cancelación, Oposición). See the Spanish version for the LFPDPPP procedure.
6.1 How to exercise your rights
Send a request to info@strukto.tech with subject
Privacy rights request — VitalTrak, including:
- Full name and contact email.
- A copy of an official identification document (or that of your representative).
- A clear and precise description of the data and the right you wish to exercise.
- For corrections, the corrected data and supporting documentation.
Strukto will respond within 20 business days from receipt of the request. If the request is granted, it will be effected within 15 business days of that response.
7. Account deletion
Any registered user can delete their account and the associated personal data directly from within the Application, without having to leave to a website or contact support. Deletion is immediate: it happens in the same operation, not after a 30-day waiting period.
7.1 How to delete your account (step by step)
- Open the VitalTrak app and sign in to your account.
- Tap the Profile tab on the bottom bar.
- Inside the Account section, tap Delete account.
- Read the confirmation dialog and tap Delete to confirm.
- You will be signed out automatically, and your account will be deleted.
If for any reason the in-app button is not working, you may send an equivalent request to
info@strukto.tech from the email
registered to your account, with subject Delete account — VitalTrak.
7.2 Summary: what is deleted and what is retained
| Data | What happens on account deletion? |
|---|---|
| Authentication record (email, hashed password, identifiers) | Erased immediately. |
| User profile (name, phone, photo) | Erased immediately. |
| Family member's links to surgeries | The rows linking the user to the surgeries they were following are erased immediately. |
| Medical staff assignments | Future assignments are erased; the user's reference on past surgeries is anonymized (set to NULL) to preserve record integrity without linking back to you. |
| Access audit log | Anonymized immediately (user identifier set to NULL). Entries remain for up to 12 months for security audit and fraud prevention, with no link to your identity. |
| Patient clinical record (medical history, lab results, surgeries, events, stages, instructions) | Not deleted. Belongs to the treating Institution, not to the family member. Must be retained for at least five years pursuant to NOM-024-SSA3-2012. |
| Anonymous tracking sessions (no account) | No user action required; automatically purged 7 days after the surgery ends. |
7.3 Rules by account type
- Family members. Deletion is performed in the Application following the steps in 7.1. No additional authorization required.
- Clinic staff (surgeon, anesthesiologist, nurse, orderly, or other operational roles). Deletion is performed in the Application; future assignments are canceled automatically and historical assignments are anonymized as shown in the table above. The clinical records of patients they cared for are not affected.
- Clinic administrator. May delete their account from the Application. Restriction: if they are the only administrator of their Institution, the Application will refuse the deletion and ask them to designate another administrator first, to prevent the Institution from being left without governance over its own data. Once at least one additional administrator exists, the account can be deleted like any other user.
- Strukto internal super-admin accounts. Not deleted from the Application; offboarding is handled in writing via info@strukto.tech.
7.4 Why some data is retained after you delete your account
Strukto operates the infrastructure, but each patient's clinical record legally belongs to the Institution that treats the patient (see Section 2). Under Mexican Official Standard NOM-024-SSA3-2012 ("Information systems for electronic health records"), the Institution must retain the clinical record for a minimum of five years from the last medical event. For that reason, when a family member deletes their account, the patient's data is not erased: the family member had read access to the record, not ownership of it.
The Account deletion page contains extended details, including alternate routes when in-app deletion is not possible.
8. Data retention
Strukto retains personal data only for as long as necessary to fulfill the purposes described and applicable legal retention periods:
- User account data: while the account remains active; deleted when the account is deleted.
- Patient clinical record (uploaded by the Institution): per the Institution's policy as controller. Under NOM-024-SSA3-2012, the Institution must retain the clinical record for at least five years from the last medical event. This retention persists even if a user who had access to the record — for example, a family member — deletes their account.
- Anonymous tracking sessions: up to 7 days after the surgery ends.
- Access audit log: 12 months from the recorded event; on account deletion, entries are anonymized for the remainder of that period.
9. Security measures
Strukto implements reasonable administrative, technical, and physical security measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure. These include encryption in transit (HTTPS/TLS), encrypted at-rest storage of credentials on the device (iOS Keychain / Android Keystore), role-based access control (Row Level Security at the database layer), audit logs, and rate limiting.
10. Cookies and similar technologies
The mobile application does not use browser cookies. The companion website
vitaltrak.strukto.tech does not use third-party cookies and uses only strictly
necessary technical cookies for site operation.
11. Children's privacy
VitalTrak is intended for adult medical staff and adult family members responsible for a patient. The Application may store clinical data of minor patients when uploaded by the Institution; in such cases, applicable consent is obtained by the Institution from the minor's parent or legal guardian. Strukto does not knowingly collect personal information directly from children under 13.
12. Changes to this Policy
Strukto may update this Privacy Policy to reflect legal, operational, or technological changes. Updates will be published at https://vitaltrak.strukto.tech/privacy/en/ with the updated date at the top. For material changes, Strukto will notify registered users via the application or by email.
13. Supervisory authority
For users in Mexico, the supervisory authority is the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) — home.inai.org.mx. For users in other jurisdictions, please contact your local data protection authority.
14. Contact
Strukto LLC
5511 Parkcrest Drive, Austin, TX 78731, USA
Email: info@strukto.tech