Patient Ready, Inc. (“Patient Ready,” “Company,” “we,” “our,” or “us”) is committed to protecting personal information and respecting user privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when individuals access or use our digital learning and training platform, including our websites, web applications, mobile applications, virtual reality modules, simulations, and related services (collectively, the “Platform”).

This Privacy Policy should be read in conjunction with our Terms of Use.

1. Scope and Applicability

This Privacy Policy applies to individuals who access or use the Platform, including:

• Institutional and Administrative Users, such as faculty members, instructors, simulation staff, evaluators, and administrators

• Learners, such as students, trainees, residents, and practicing professionals

Access to the Platform is typically provided through an educational institution, health system, or enterprise customer (“Institution”). In most cases, Patient Ready provides the Platform on behalf of and under the direction of the Institution.

2. Information We Collect

2.1 Personal and Account Information

We may collect information that you or your Institution provides, including:

• Name, email address, phone number, and organizational affiliation

• Professional role, credentials, or educational background

• User ID, username, and account authentication credentials

• Communications with Patient Ready, including support requests and feedback

2.2 Usage, Technical, and Device Data

We automatically collect certain information related to use of the Platform, including:

• IP address and general location

• Browser type, device type, operating system, and application version

• Login events, access times, session duration, and frequency of use

• Pages viewed, features used, navigation paths, and interaction events

• Platform performance, error logs, and security-related telemetry

• Cookies and similar technologies used to support Platform functionality, analytics, and security

This usage data helps us understand how the Platform is accessed and used, support system reliability, and improve user experience.

2.3 Learning, Simulation, Assessment, and Performance Data

When users engage with the Platform, we collect and process data related to learning and assessment, which may include:

• Simulation progress, completion status, and interaction patterns

• Learner responses, decision paths, and task execution within simulations

• Assessment results, performance metrics, and indicators of clinical reasoning, judgment, or accuracy within simulated scenarios

• Engagement data and learning analytics

• AI-generated insights, scoring, or adaptive outputs related to educational performance

This data is used solely for educational, training, assessment, quality improvement, and Platform operation purposes. It is intended to support learner feedback, faculty review, institutional oversight, curriculum refinement, and program evaluation.

Learners are informed that participation in simulations may generate assessment and performance data used for educational evaluation. Assessment and performance data generated by the Platform does not constitute clinical evaluation, diagnosis, treatment, or measurement of real-world clinical performance.

2.4 Virtual Reality and Mobile Application Data

When using virtual reality or mobile components of the Platform, we may collect:

• VR or device identifiers and configuration information

• Session activity, duration, and interaction logs

• Performance and assessment data generated during VR experiences

• Audio recordings and/or speech converted to text for simulation interaction

• Sensor-based interaction data (such as gaze or movement tracking), where enabled and permitted by the Institution

Such data is collected for educational functionality, assessment, system performance, and experience improvement.

3. What We Do Not Collect

Patient Ready is not a healthcare provider and does not collect or process personal information for the purpose of delivering medical care.

We do not intentionally collect:

• Protected Health Information (PHI) for treatment purposes

• Patient medical records

• Real-world clinical decision-making data

Any health-related content or data within the Platform is simulated, de-identified, or educational in nature.

4. How We Use Information

We use the information we collect to:

• Provide, operate, maintain, and support the Platform

• Enable simulations, assessments, learning analytics, and educational feedback

• Assess learner performance and clinical accuracy within simulated environments

• Support faculty review, learner remediation, and institutional evaluation

• Monitor usage, engagement, and system performance

• Improve Platform functionality, content, reliability, and security

• Communicate with users and Institutions

• Conduct aggregated and anonymized research and analysis

• Comply with legal obligations and enforce our Terms of Use

Patient Ready does not sell personal information.

5. Institutional Control and Responsibilities

Where access to the Platform is provided by an Institution:

* The Institution typically controls user provisioning, roles, permissions, and access

* The Institution determines how learner assessment and performance data is interpreted, applied, or incorporated into grading, progression, remediation, or competency evaluation processes

* Patient Ready acts as a service provider supporting the Institution’s educational and training programs

Learners should direct questions regarding academic decisions, evaluation, or records to their Institution.

6. FERPA Compliance (United States)

Where the Platform is used by an educational institution subject to the Family Educational Rights and Privacy Act (FERPA), Patient Ready acts as a school official with a legitimate educational interest, as defined by FERPA.

Patient Ready:

• Uses education records solely to provide the Platform and related services to the Institution

• Does not use education records for purposes unrelated to the Institution’s educational objectives

• Does not disclose education records except as permitted by FERPA or authorized by the Institution

7. Data Sharing and Disclosure

We may share information:

• With Institutions that sponsor or administer access to the Platform

• With third-party service providers or embedded technologies necessary for the Platform to function, including hosting, analytics, security, and customer support

• To comply with applicable laws, regulations, legal processes, or governmental requests

• In connection with a merger, acquisition, financing, or sale of assets, subject to applicable safeguards

We do not share personal information for targeted advertising or commercial marketing purposes.

8. Data Retention

We retain personal information only as long as reasonably necessary to:

• Support educational, assessment, and training outcomes

• Fulfill contractual obligations with Institutions

• Comply with legal, regulatory, or audit requirements

Retention periods may be governed by Institutional agreements or applicable law.

9. Data Security

Patient Ready implements reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no security system is completely secure.

Users are responsible for safeguarding their account credentials.

10. International Use and Data Transfers

Patient Ready is based in the United States, and personal information may be processed in the United States or other jurisdictions where Patient Ready or its service providers operate.

Where required by applicable law, regulation, governmental directive, sector-specific requirement, or contractual obligation, or upon request by an Institution, Patient Ready may support hosting or processing of data within a specific geographic region, subject to technical feasibility, security requirements, and applicable agreements.

Patient Ready implements appropriate safeguards designed to ensure that international data transfers and any regional hosting arrangements comply with applicable data protection laws and regulatory requirements.

11. GDPR and UK GDPR

Depending on jurisdiction and subject to applicable law, individuals may have rights.For users located in the European Union or United Kingdom, the following applies:

• The applicable Institution generally acts as the data controller

• Patient Ready generally acts as a data processor, processing personal data on the Institution’s behalf

11.1 Lawful Bases for Processing

Personal data is processed under applicable lawful bases, including performance of a contract, compliance with legal obligations, and legitimate interests related to providing and improving educational services, as determined by the Institution.

11.2 Data Subject Rights

Depending on jurisdiction, individuals may have rights to access, correct, restrict, delete, or object to processing of personal data, and to data portability. Requests should be submitted through the applicable Institution or by contacting Patient Ready.

12. California Privacy Rights (CCPA / CPRA)

For California residents:

• Patient Ready does not sell or share personal information as defined under the CCPA and CPRA

• California residents may have rights to request access to, correction of, or deletion of personal information, subject to applicable exceptions

• Patient Ready does not discriminate against individuals for exercising privacy rights

Requests may be submitted through the applicable Institution or by contacting Patient Ready at legal@patientready.net. 

13. Children’s Privacy

The Platform is not directed to children under the age of 13 unless access is provided through an authorized Institution with appropriate consent and oversight.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on the Platform with a revised effective date. Continued use of the Platform constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: legal@patientready.net.