This policy describes what data Glaucosim collects, what we do with it, and the rights you have over it. We try to write this in plain language because the consequence of getting it wrong is your trust and your medical records.
1. Who runs Glaucosim
Glaucosim is operated by Mauro Filho. Contact: hello@glaucosim.com. Our data infrastructure runs on Supabase (Postgres + Storage + Edge Functions). Email delivery uses Resend. Hosting uses Cloudflare Pages.
2. What we collect
2.1 From you, directly
- Account data. Email, name, password (stored hashed, never in plain text).
- Medical history (anamnesis). Diagnosis, medications, surgeries, family history, symptoms — what you fill in.
- Eye drop diary. Dose times you record, plus per-dose taken/skipped status.
- Exam results. Visual field thresholds, visual acuity scores, contrast sensitivity, anterior segment recordings + computed surface scores, NEI VFQ-25 answers, acoustic IOP signals.
- Patient-reported symptoms. What you log in the symptoms diary.
2.2 Captured automatically during exams
- Webcam frames are processed in your browser to compute distance, gaze, eye occlusion, and ambient light. Raw video is not uploaded except for the anterior segment selfie, which is stored encrypted in our private storage bucket.
- Microphone audio is captured for the acoustic IOP test. The raw audio waveform is uploaded for analysis; we retain it as part of the exam record.
- Per-stimulus reaction times, responses, and reliability indices for each test.
2.3 Technical
- Browser user agent, screen resolution, time zone, device family. Used for stimulus calibration and bug diagnostics.
- An anonymized error event when something crashes (no PHI in the payload).
3. What we do with it
- Show you your own data — trends, drop adherence, exam history.
- Share with the clinician you linked, if any. You choose who.
- Send you reminders (eye drops, exams) via Web Push and email, only if you opted in.
- If you explicitly enrol in a research study, we share de-identified data with the principal investigator named in the consent form. Re-identifying that data outside Glaucosim is not technically possible without re-merging with our internal pseudonym table, which never leaves our servers.
We do not sell your data, share it with advertisers, or use it to train external models without explicit consent.
4. Who can see it
- You, always.
- Your clinician, once you accept their invite or they invite you.
- Glaucosim engineering, only when troubleshooting a specific issue you reported, and only the minimum data required. Every access is recorded in our audit log.
- Research investigators, only for studies you actively consented to, and only on de-identified data.
5. Your rights
Under LGPD (Brazil) and GDPR (EU), you have the right to:
- Access a copy of everything we have on you. Download it from your profile — it's a single JSON file.
- Correct anything that's wrong.
- Delete your account and all the data we hold tied to it. Audit-log entries we are legally required to retain stay anonymized.
- Port your data to another provider. The JSON export is structured for this.
- Withdraw consent from any research study at any time. We stop using your data prospectively; data already used in completed analyses cannot be retracted.
- Object to processing — write to hello@glaucosim.com and we will respond within 15 days.
6. Security
- All traffic uses HTTPS with HSTS.
- Row-level security on Postgres enforces that you only see your own data.
- Audio + video recordings are stored in private buckets; access requires a signed URL bound to your session.
- Passwords are hashed (bcrypt). We do not have plaintext access.
- Our infrastructure provider (Supabase) maintains SOC 2 Type II compliance.
7. Children
Glaucosim is not intended for users under 18. We don't knowingly collect data from minors. Paediatric glaucoma monitoring requires a clinician-led account; reach out at hello@glaucosim.com.
8. Changes to this policy
If we make material changes, you'll see an in-app notice and an email before they take effect. Minor wording or structural changes are reflected here without notification.
9. Contact
Privacy questions, data requests, or anything else: hello@glaucosim.com.