Privacy Policy

1. Information We Collect

1.1 Medical Inventory Data

When you use MHM, you provide information about:

• Medical Supplies: Medication names, dosages, quantities, batch numbers, expiry dates
• Nursing Articles: Non-pharmaceutical medical supplies, quantities, categories
• Issue Log: Medication dispensing records including officer position/rank, symptoms, and quantity issued. Patient names are entered locally and never transmitted to any server.
• Orders: Purchase orders for medicines and nursing supplies
• Vessel Information: Ship name, IMO number, flag state, crew count (for hospital category calculation and compliance)
• Officer Information: Name and position of the ship's medical officer (stored locally only)

1.2 Windows Edition — Local Registry Storage

On Windows, all application data is stored in the Windows Registry under a dedicated application key. No data is written to shared system locations. The following identifiers are stored locally for license validation:

• License Key: Your LemonSqueezy license key (stored encrypted with a machine-bound signature)
• Machine GUID: A read-only hardware identifier from the Windows Registry (HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid) used to bind the license to your device and prevent unauthorised transfer
• Instance ID: A LemonSqueezy-assigned activation identifier
• Trial Start Date: Date of first application launch, protected by a tamper-evident cryptographic signature tied to the Machine GUID

1.3 Automatically Collected Information

The app does not collect analytics, crash reports, or usage statistics. No telemetry is transmitted. The only automatic data collection is:

• First launch date (for 15-day trial period management — stored locally only)
• Last sync timestamp (for Cloud Sync, stored locally)

2. How We Use Your Information

MHM collects and stores data locally on your device to:

• Inventory Management: Track medicines, nursing articles, batch numbers, and expiry dates
• Issue Logging: Record medication dispensing with officer and symptom tracking
• Compliance Reporting: Generate XLSX, CSV, and RTF reports for port state control
• License Validation: Verify your Windows license via the LemonSqueezy API (key + instance ID only — no personal data sent)
• Cloud Sync: Optional multi-device synchronisation via Firebase (see Section 4)

3. Patient Data & GDPR Compliance

3.1 GDPR Legal Basis

• Article 5(1)(c) — Data Minimisation: Only officer rank is synced; patient names remain on-device
• Article 5(1)(f) — Integrity and Confidentiality: Machine-bound signatures protect stored data from tampering
• Article 17 — Right to Erasure: "Reset All Data" in Settings permanently deletes all local data
• MLC 2006 — Maritime Labour Convention: Medical records handling complies with seafarer health data protection requirements

4. Data Storage & Cloud Sync

4.1 Local Storage

• iOS / Android: Data stored in device-encrypted AsyncStorage
• Windows: Data stored in the Windows Registry, protected by OS user account permissions
• macOS: Data stored in AsyncStorage with macOS file system encryption
• All local data remains on your device until you explicitly delete it via "Reset All Data" in Settings

4.2 Cloud Sync — Firebase Realtime Database (Optional)

Cloud Sync is entirely optional. When enabled, the following data is synchronised:

• Vessel configuration, medicines inventory, issue log (without patient names), orders, nursing inventory, nursing issue log
• Connected device list (device platform, last-seen timestamp, master/approved status)
• License activation record (IMO number, platform, activation date — written after purchase to enable cross-platform access)

Firebase infrastructure: Google Cloud, europe-west1 region (Belgium). Data is protected under Google's Data Processing Agreement and Standard Contractual Clauses (GDPR Chapter V).

Authentication uses a vessel IMO-derived pseudonymous identifier — no real email address or personal data is used to create the Firebase account.

4.3 Device Approval System

Cloud Sync includes a multi-device approval mechanism. The first device to register becomes the Master device and approves all subsequent devices. Unapproved devices cannot access or modify synced data. A disconnected device loses Pro access until re-approved.

5. License Validation — Windows Edition

The Windows edition uses LemonSqueezy for license management. During license activation and validation, the following data is sent to the LemonSqueezy API:

• Your license key
• An instance name in the format MHM-Windows-{IMO} (e.g. MHM-Windows-1234567)
• Your LemonSqueezy instance ID (after first activation)

No personal data, patient data, or medical records are transmitted during license validation. The Machine GUID is used locally only to bind the license signature — it is never sent to LemonSqueezy or any other server.

LemonSqueezy privacy policy: lemonsqueezy.com/privacy

6. Data Sharing and Disclosure

6.1 We DO NOT Share Your Data

does not sell, trade, or share your medical inventory data, patient information, or vessel data with any third parties for commercial purposes.

6.2 Third-Party Services Used

• Firebase (Google): Optional Cloud Sync — inventory data without patient names. Firebase Privacy
• LemonSqueezy: Windows license management — license key and IMO-based instance name only. LemonSqueezy Privacy
• RevenueCat: iOS/Android subscription management — subscription status only. RevenueCat Privacy
• Apple App Store / Google Play: In-app purchase processing under their respective privacy policies

6.3 Limited Exceptions

We may disclose information only if:

• Legal Requirements: Required by law, court order, or maritime authority
• Safety: To prevent harm or comply with safety investigations

7. Your Privacy Rights

You have complete control over your data:

• Access: All data is visible within the app at all times
• Correction: Edit any record directly within the app
• Deletion: Settings → Reset All Data permanently deletes all local data
• Cloud Deletion: Signing out of Cloud Sync disconnects your device; data remains in Firebase until you contact us for full deletion
• Export: Export inventory and logs in XLSX, CSV, or RTF format at any time
• License Removal: Settings → Windows License → Remove License deactivates the license and frees the activation slot on LemonSqueezy
• Opt-Out: Cloud Sync can be disabled at any time; all data continues to function locally

8. Data Retention

• Local Data: Stored on your device indefinitely until you delete it
• Cloud Sync Data: Retained in Firebase until you delete your account or contact us
• License Records: LemonSqueezy retains purchase records per their data retention policy
• No Analytics: We do not collect or retain any usage analytics

9. International Compliance

Marine Hospital Manager is designed to comply with:

• GDPR (EU General Data Protection Regulation) — data minimisation, right to erasure, lawful basis
• MLC 2006 (Maritime Labour Convention) — seafarer health data protection
• STCW — medical record-keeping requirements for ship officers
• Flag State Regulations — covering Panama, Liberia, Marshall Islands, Bahamas, Antigua & Barbuda, and 6 other flag states representing over 60% of world merchant fleet tonnage

10. Security Measures

We protect your data through:

• Machine-Bound License Signatures: FNV-1a double-hash signatures tie the license and trial period to the specific hardware (Machine GUID + IMO), preventing Registry tampering and PC transfer
• Firebase Security Rules: Each vessel's data is accessible only to authenticated users with matching UID — enforced at the database level
• Device Approval: Cloud Sync requires explicit approval from the Master device for each new device
• No Analytics or Tracking: Zero telemetry, no third-party SDKs for tracking
• Offline-First: The app functions entirely offline; Cloud Sync is an optional add-on, not a requirement
• Regular Updates: Security patches delivered via app store updates

11. Contact Us