Privacy Policy for Sonnical

Last Updated: November 4, 2025

Introduction

Sonnical ("we", "our", or "us"), operated by Logic Line LLC, is committed to protecting your privacy. This Privacy Policy explains how information is collected, used, and disclosed when you use our medical shift scheduling application (the "App").

Information Collection and Use

Data We Do Not Collect

We do not directly collect, store, or process any personal data on our own servers. Shifttie-RN is designed as a client-side application that connects directly to Firebase services provided by Google LLC.

Data Stored in Firebase

When you use the App, certain information is stored in Firebase (Google's Backend-as-a-Service platform) to enable the functionality of the application:

Account Information

• Email address (for authentication purposes)

• User profile information (name, role, preferences)

• Authentication credentials managed by Firebase Authentication

Application Data

• Medical shift schedules and assignments

• Calendar events and shift details

• User preferences and settings

• Overtime tracking information

• Any other data you voluntarily input into the App

All data you input into the App is stored directly in Google Firebase's Cloud Firestore database and is subject to Google's privacy policies and security practices.

How Data is Used

The data stored in Firebase is used solely to:

1. Provide Core Functionality: Enable shift scheduling, calendar management, and assignment features

2. Authentication: Verify user identity and manage access to the App

3. Data Synchronization: Sync your data across multiple devices (web, iOS, Android)

4. AI-Powered Features: Process shift assignment algorithms and scheduling optimization (all processing occurs client-side or within Firebase Cloud Functions)

Data Storage and Security

Firebase Security

Your data is stored in Google Firebase infrastructure and is protected by:

• Firebase Security Rules: Access control rules that restrict data access to authenticated users only

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest

• Google Cloud Security: Industry-standard security measures implemented by Google Cloud Platform

For detailed information about Firebase security practices, please refer to:

• Firebase Security Documentation

• Google Cloud Privacy

Our Security Approach

• We implement Firebase Security Rules to ensure users can only access their own data

• We do not have direct access to your data stored in Firebase

• We do not maintain any separate databases or servers that store your personal information

• All authentication is handled by Firebase Authentication

Data Sharing and Third Parties

We Do Not Share Your Data

We do not sell, rent, or share your personal data with any third parties for marketing or commercial purposes.

Firebase/Google

Your data is stored in Firebase, which is operated by Google LLC. By using this App, you acknowledge that your data is subject to:

• Google Privacy Policy

• Firebase Privacy and Security

Google may process your data as described in their privacy policy to:

• Provide and maintain Firebase services

• Comply with legal obligations

• Protect against fraud and abuse

No Other Third Parties

We do not integrate with any other third-party services that access, process, or store your personal data.

Your Data Rights

Access and Control

You have full control over your data:

• Access: You can view all data you've entered through the App interface

• Modification: You can edit or update your information at any time

• Deletion: You can delete your data through the App settings

Account Deletion

If you wish to delete your account and all associated data:

1. Use the account deletion feature in the App settings, or

2. Contact us at [Your Contact Email] to request manual deletion

Upon account deletion, all your personal data stored in Firebase will be permanently removed according to Firebase data retention policies.

Data Portability

Since all your data is stored in Firebase Firestore, you can request an export of your data by contacting us. We will provide your data in a structured, commonly used format.

Children's Privacy

Shifttie-RN is intended for use by healthcare professionals and is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

International Data Transfers

Firebase infrastructure may store and process data in multiple locations worldwide. By using the App, you consent to the transfer of your data to countries outside your residence, which may have different data protection laws.

For information about Firebase data locations and compliance, please see:

• Firebase Data Processing and Security Terms

GDPR Compliance (for European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your data based on:

• Consent: You provide explicit consent when creating an account

• Contract Performance: To provide the shift scheduling services you request

Your GDPR Rights

• Right to access your personal data

• Right to rectification of inaccurate data

• Right to erasure ("right to be forgotten")

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent at any time

To exercise these rights, contact us at [Your Contact Email].

Data Controller

Google LLC (Firebase provider) acts as the data processor, while you maintain control as the data subject. We act as an intermediary facilitating your use of Firebase services.

HIPAA Compliance Notice

Important: While Sonnical is designed for medical shift scheduling, the App is not HIPAA-compliant and should not be used to store, transmit, or process Protected Health Information (PHI).

Users should only input:

• Work schedule information

• Shift assignments

• Non-medical administrative data

Do not enter:

• Patient names or identifiable information

• Medical records or diagnoses

• Any Protected Health Information (PHI)

Healthcare facilities requiring HIPAA-compliant solutions should ensure appropriate safeguards and consult with legal counsel.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy

• Posting a notice in the App

• Sending an email notification (if applicable)

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

Cookies and Tracking Technologies

The App may use minimal local storage and session management to:

• Maintain user authentication state

• Store user preferences

• Enable offline functionality

We do not use cookies or tracking technologies for advertising or analytics purposes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Email: logiclinelabs@gmail.com

Acknowledgment of Firebase Terms

By using Sonnical, you also agree to comply with:

• Firebase Terms of Service

• Google Cloud Terms of Service

• Google Privacy Policy

Transparency

We believe in transparency. Our approach is simple:

We don't collect your data - You store it directly in Firebase
We don't sell your data - We have no access to sell it
We don't share your data - Only you and Firebase have access
You control your data - Delete it anytime
Open architecture - Firebase handles all data storage and security

This Privacy Policy is effective as of the date listed above and applies to all users of Sonnical across all platforms (web, iOS, and Android).