Privacy Policy

Last updated: January 1, 2026

1. Introduction

Cureonics LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Maculogic desktop application ("Software") and our website (maculogic.com).

2. Our Privacy-First Approach

Maculogic is designed with privacy at its core. The Software operates on an offline-first model, meaning:

  • Patient data is stored locally on your device, not on our servers
  • We never access, collect, or transmit your patient health information
  • Your database is encrypted using AES-256 encryption at rest
  • Internet is only required once - during initial license activation

3. Information We Collect

3.1 Information You Provide

When you create an account on maculogic.com or purchase a license, we collect:

  • Name and email address
  • Company/practice name (optional)
  • Billing information (processed securely by Stripe)
  • License activation information (hardware fingerprint)

3.2 Automatically Collected Information

When you visit our website, we may collect:

  • IP address and browser type
  • Pages visited and time spent
  • Referring website
  • Device information

3.3 Information We Do NOT Collect

We do not collect, access, or store:

  • Patient names, identifiers, or health information
  • Medical records or clinical data
  • Images (OCT, fundus photos, etc.)
  • Any data stored in your local Maculogic database

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Verify and activate software licenses
  • Send important updates about the Software
  • Respond to support requests
  • Analyze website usage to improve user experience
  • Comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service Providers: Stripe (payments), Resend (email), Vercel (hosting), Supabase (authentication)
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement appropriate security measures to protect your information:

  • HTTPS encryption for all web communications
  • Secure password hashing
  • Regular security audits
  • Limited employee access to personal data

For the Software itself, your data is protected by:

  • SQLCipher database encryption (AES-256)
  • Local storage only (no cloud transmission)
  • Hardware-bound encryption keys

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and personal information
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@maculogic.com.

8. International Data Transfers

We are based in the United States. If you access our website from outside the US, your information may be transferred to, stored, and processed in the US. We use Standard Contractual Clauses and other appropriate safeguards for international data transfers.

9. HIPAA Compliance

Maculogic is designed to support HIPAA compliance for covered entities. Because patient data is stored locally and never transmitted to us, the primary responsibility for HIPAA compliance rests with you as the healthcare provider. The Software provides tools to support your compliance, including encryption, audit logging, and access controls.

10. KVKK Compliance (Turkey)

For users in Turkey, we comply with the Personal Data Protection Law (KVKK). Patient data processed by the Software remains under your control as the data controller. We act as a software provider only and do not process patient data. For questions about KVKK compliance, contact kvkk@maculogic.com.

11. GDPR Compliance (EU/EEA)

For users in the European Economic Area, we comply with GDPR requirements. Our legal bases for processing include contract performance, legitimate interests, and consent. You have the right to lodge a complaint with your local data protection authority.

12. Cookies

Our website uses cookies for:

  • Essential cookies: Required for authentication and security
  • Analytics cookies: To understand how visitors use our website
  • Preference cookies: To remember your settings

You can control cookies through your browser settings.

13. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Data Retention

We retain your account information for as long as your account is active. After account deletion, we may retain certain information for legal, tax, and audit purposes for up to 7 years. Website analytics data is retained for 26 months.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our website. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

16. Contact Us

For privacy-related questions or to exercise your rights:

Cureonics LLC
Email: privacy@maculogic.com
Website: https://maculogic.com