Privacy Policy
Last updated: March 8, 2026
1. About this Privacy Policy
This Privacy Policy explains how the CritCase app («the App», «we», «us») processes personal data in accordance with:
- The EU General Data Protection Regulation (GDPR)
- Norwegian Personal Data Act
- Apple App Store guidelines
- Google Play privacy guidelines
CritCase is a learning app for nurse anesthetists and healthcare professionals who wish to practice clinical scenarios and medical knowledge.
2. Data Controller
Data Controller:
CritCase
Norway
Email: support@critcase.app
3. What data do we collect?
3.1 Data we do NOT collect
✅ CritCase does NOT collect:
- Personally identifiable information (name, email, phone number)
- User accounts or login credentials (the app uses anonymous authentication without email or password)
- Health information or medical records
- Location data
- Contacts or calendar data
- Biometric data
- Payment information
3.2 Data stored locally on your device
The following data is stored only on your device and is never sent to us or third parties:
| Data type | Purpose | Storage location |
|---|---|---|
| Game progress | Points, level, completed cases | Local device storage |
| Favorites | Your favorited cases | Local device storage |
| Achievements | Unlocked achievements and timestamps | Local device storage |
| Statistics | Number of exercises, average score | Local device storage |
| Activity dates | Days you have used the app | Local device storage |
| Settings | Theme choice, sound settings | Local device storage |
3.3 Notifications (Push notifications)
The app may send local notifications to remind you of daily challenges. These notifications:
- Are generated and handled locally on your device
- Are not sent via external servers
- Can be disabled in app settings or your device's system settings
3.4 Analytics (Firebase Analytics)
We use Google Firebase Analytics to understand how the app is used and improve the user experience:
| Data type | Purpose | Storage location |
|---|---|---|
| App usage events | Understand which features are used | Google Firebase (EU) |
| Screen views | Improve navigation and UX | Google Firebase (EU) |
| Session duration | Understand engagement | Google Firebase (EU) |
| Device type/OS | Ensure compatibility | Google Firebase (EU) |
| Anonymous user ID | Aggregated usage statistics | Google Firebase (EU) |
Important about analytics:
- ✅ Data is anonymized and cannot identify you personally
- ✅ No names, email or contact information is collected
- ✅ No health information or sensitive data is collected
- ✅ Data is used only to improve the app
- ❌ Data is not sold or shared with advertisers
3.5 Leaderboard (Optional – Requires consent)
The app offers an optional global leaderboard where you can compare your progress with other players. If you choose to participate:
| Data type | Purpose | Storage location |
|---|---|---|
| Display name | Identify you on the leaderboard | Google Firebase (EU) |
| Total score | Ranking on the leaderboard | Google Firebase (EU) |
| Level and title | Show your progress | Google Firebase (EU) |
| Anonymous user ID | Link your score to you | Google Firebase (EU) |
Important about the leaderboard:
- ✅ Participation is entirely voluntary – you choose whether to join
- ✅ You choose your own display name (can be anonymous)
- ✅ You can leave at any time and delete your data
- ❌ We do not collect email, name or other personal information
- ❌ No health information or sensitive data is shared
Data is stored with Google Firebase, which operates in accordance with GDPR and has data centers in the EU. See Google's Privacy Policy for more information.
3.6 Subscription and purchases (CritCase Pro)
The app offers an optional premium service (CritCase Pro) with extended features. Purchase information is handled by:
| Data type | Purpose | Processor |
|---|---|---|
| Purchase status | Verify active subscription | RevenueCat (USA, GDPR-compliant) |
| Anonymous user ID | Link purchase to your device | RevenueCat / App Store / Google Play |
| Purchase history | Restore purchases on new device | App Store / Google Play |
Important about purchases:
- ✅ We do not have access to payment information (credit card, etc.)
- ✅ Purchases are handled exclusively by App Store / Google Play
- ✅ RevenueCat is used only to verify subscription status
- ✅ You can manage your subscription via your device settings
RevenueCat Inc. operates as a data processor in accordance with GDPR. See RevenueCat's Privacy Policy for more information.
3.7 Challenges (Optional – Requires consent)
The app offers an optional challenge feature where you can challenge friends to quiz duels. If you choose to create or participate in a challenge:
| Data type | Purpose | Storage location |
|---|---|---|
| Display name | Identify you to your opponent | Google Firebase (EU) |
| Quiz score | Compare results | Google Firebase (EU) |
| Number of correct answers | Show detailed result | Google Firebase (EU) |
| Time used | Compare speed | Google Firebase (EU) |
| Challenge code | Allow friends to participate | Google Firebase (EU) |
| Anonymous user ID | Link the challenge to you | Google Firebase (EU) |
Important about challenges:
- ✅ Participation is entirely voluntary – you choose whether to create/participate
- ✅ You choose your own display name (can be anonymous)
- ✅ Challenges expire automatically after 48 hours
- ✅ Only you and your opponent see the challenge content
- ❌ Challenge codes are not searchable – only direct sharing works
- ❌ We do not collect who you share the code with
4. Legal basis for processing
We base our data processing on the following legal grounds under GDPR Article 6:
| Processing | Legal basis |
|---|---|
| Storage of game progress | Legitimate interest (GDPR Art. 6(1)(f)) – necessary for app functionality |
| Local push notifications | Consent (GDPR Art. 6(1)(a)) – you can choose to allow or deny |
| Analytics (Firebase) | Legitimate interest (GDPR Art. 6(1)(f)) – to improve the app |
| Leaderboard (Firebase) | Consent (GDPR Art. 6(1)(a)) – requires explicit opt-in from user |
| Challenges (Firebase) | Consent (GDPR Art. 6(1)(a)) – requires active action from user |
5. Data sharing
5.1 Local data
Most of the app's data is stored locally only and is never shared.
5.2 Leaderboard data (Optional)
If you choose to participate on the leaderboard, the following is shared with other users:
- Your chosen display name
- Your score and level
This information is stored with Google Firebase (Firestore) and is visible to other players.
5.3 Challenge data (Optional)
If you create or participate in a challenge, the following is shared with your opponent:
- Your chosen display name
- Your score and number of correct answers
- Your time used
This information is stored with Google Firebase (Firestore) and is only visible to you and your opponent. The challenge code you share with friends gives them access to the challenge.
5.4 Analytics data
We share anonymized usage data with Google Firebase Analytics to improve the app. This data:
- Cannot identify you personally
- Is not used for advertising
- Is not sold to third parties
5.5 What we do NOT share
- ❌ No third-party advertising networks
- ❌ No social media integration
- ❌ No sale of data to third parties
- ❌ No sharing of personal information
6. Data retention and deletion
6.1 Retention period
Data is stored on your device for as long as the app is installed.
6.2 Deletion of data
You can delete all stored data by:
- Delete everything (recommended): Go to Settings → Danger Zone → Delete all my data. This deletes all local data, all cloud data (leaderboard, challenges) and your anonymous account — all in one step.
- Reset progress: Go to Settings → "Reset progress" to only delete local game data.
- Complete deletion: Uninstall the app from your device to permanently delete all local data.
When you use the "Delete all my data" feature, all data is deleted from both your device and our servers immediately. You do not need to contact us separately.
7. Your rights
Under GDPR, you have the following rights:
| Right | Description | How to exercise |
|---|---|---|
| Access | See what data is stored | All data is visible in the app (statistics, achievements) |
| Rectification | Correct inaccurate data | Reset progress in settings |
| Erasure | Have data deleted | Settings → Delete all my data (deletes everything from device and server) |
| Data portability | Receive data in a readable format | Contact us (data is stored locally only) |
| Complaint | Complain to supervisory authority | Norwegian Data Protection Authority: www.datatilsynet.no |
8. Children's privacy
CritCase is a learning app aimed at healthcare professionals and students over 16 years of age. We do not knowingly collect data from children under 16.
9. Security
Your data is protected by:
- Your device's built-in security features
- Encrypted local storage (via the operating system's standard mechanisms)
- Secure HTTPS transmission for analytics data to Firebase
- Anonymization of user data in analytics
10. Changes to this Privacy Policy
We may update this Privacy Policy. For material changes, we will:
- Update the «Last updated» date at the top
- Notify via app update where relevant
11. Contact
Do you have questions about privacy or wish to exercise your rights?
Email: support@critcase.app
Norwegian Data Protection Authority (Supervisory Authority):
P.O. Box 458 Sentrum
0105 Oslo, Norway
www.datatilsynet.no
This Privacy Policy applies to the CritCase app distributed via Apple App Store and Google Play Store.