Injectix Complications Assistant - Master Injectors
This Privacy Policy explains how Injectix collects, uses, discloses, and protects information about you when you use our Service. Capitalized terms have the meaning in the Terms of Use. If you do not agree with this Policy, do not use the Service.
Name, email, password hashes or SSO tokens, professional credentials, specialty, preferences.
Device type, OS, app version, interactions, event logs, crash reports, diagnostic data, IP address, general location inferred from IP, cookies or similar identifiers.
Prompts, text queries, and uploads (e.g., images) that you submit without PHI. Uploads are processed to generate responses and may be stored temporarily for that purpose and for abuse prevention.
With your consent, identity and completion information needed for credit (full name, profession/degree, NPI where applicable, email, mailing address, completion date, credits earned, required activity evaluation responses) to forward monthly to Global Education Group strictly for credit issuance.
Subscription plan, status, last 4 digits and card brand (if provided by processor), Stripe customer ID, transaction identifiers. We do not store full card numbers; Stripe is PCI DSS Level 1 certified and processes payment information.
We use information to: (a) provide, operate, maintain, and secure the Service; (b) deliver AI features and educational content; (c) authenticate users and personalize experience; (d) process payments and manage subscriptions; (e) provide support and service notices; (f) comply with legal obligations and prevent misuse; (g) conduct analytics to improve quality, safety, and performance (using aggregated or de-identified data where possible). We do not sell your personal information.
Where GDPR/UK GDPR applies, our processing relies on: contract (providing the Service); legitimate interests (security, fraud prevention, analytics, service improvement); consent (optional communications, CME disclosures to Global); and legal obligation (tax, accounting).
We share information with:
(Acting under data processing agreements and subject to confidentiality and security obligations):
Global Education Group receives the limited participant data described in §3 monthly for the sole purpose of administering CME credit and issuing certificates.
To comply with law, respond to lawful requests, enforce Terms, protect rights and safety, or in connection with corporate transactions.
We operate globally with primary processing in the United States, with secondary processing in the European Union. Transfers are protected using appropriate safeguards (e.g., Standard Contractual Clauses) where required.
Upon account deletion, we delete or de-identify personal data within 30 days, with backups purged within 90 days, unless longer retention is required by law or for dispute resolution.
Depending on your region, you may have rights to access, correct, delete, or port your data, and to object or restrict certain processing. Manage consents (e.g., marketing, CME sharing) in the app or by contacting us. You may delete your account in-app or via support; we will process within a reasonable period.
We employ layered safeguards, including TLS 1.3 in transit, AES-256 encryption at rest, key management, least-privilege access, logging and monitoring, a secure SDLC, routine vulnerability scanning and penetration testing, and incident response processes. We review vendors, conduct risk assessments, and maintain administrative, technical, and physical controls appropriate to the data we process.
The Service is not directed to children and may not be used by individuals under 18 (or older where required by law). We do not knowingly collect personal data from children.
We comply with applicable federal and state privacy laws. Injectix is not a HIPAA covered entity and is designed to avoid PHI. CME credit administration is available to U.S. users only.
If GDPR/UK GDPR applies to you, see §4 and contact us to exercise your rights.
We provide the disclosures required by the CCPA/CPRA; we do not sell or share personal information for cross-context behavioral advertising; you may exercise CPRA rights via omplications@injectix.com .
We may update this Policy from time to time. The current version is effective October 01, 2025. We will post updates in-app or on our site and indicate the effective date. Material changes will be notified via the Service or email.
If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority. We welcome the opportunity to address your concerns first—please contact us using the details above.
If you have any questions about this Privacy Policy or our data practices: