CATH REPORT iOS MOBILE APP PRIVACY POLICY
Effective Date: March 28, 2026
Cascade Digital Technologies LLC ("we," "us," or "our") operates the cathReport mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect information when you use the App.
1. Information We Collect
Images. The App allows you to capture coronary angiogram images using your device's camera. Images are stored locally on your device and are only transmitted when you choose to share them via email or text message.
Procedure Notes. Notes you enter are stored locally on your device using on-device storage. We do not have access to the content of your notes.
Recipient Contact Information. Phone numbers and email addresses you enter for sharing are used solely to deliver messages you initiate. We do not store, log, or retain recipient contact information on our servers beyond the time necessary to complete the delivery.
SMS Consent Records. When a message recipient opts in to receive text messages via our online consent form at cascadedigitaltechnologiesllc.com/cathreportopt-in, we collect and retain the following information: the recipient's full name, phone number, date and time of consent, IP address, and consent status. This information is stored securely in a private consent log maintained by Cascade Digital Technologies LLC and is retained indefinitely for compliance and audit purposes.
No Personal Health Information (PHI). The App is designed for sharing de-identified procedural images. Users are instructed not to enter Protected Health Information. The App is not intended to store, transmit, or process PHI and is not a HIPAA-covered service.
2. How We Use Information
• Image Sharing. When you send an email, we transmit the image and message content through our backend service (hosted on Cloudflare Workers) to SendGrid for email delivery. When you send an MMS, we transmit the image through Twilio for message delivery. Images sent via MMS are temporarily hosted on ImgBB (typically up to 3 days) solely to facilitate delivery.
• Interactive Comparison Links. When you send an email with two images, we may generate a temporary interactive comparison webpage. Both images are stored on Cloudflare's infrastructure for up to 48 hours and are automatically deleted after expiration.
• Anonymous Email Aliases. The App can generate temporary email aliases for anonymous communication. These aliases expire after 48 hours and are automatically deleted.
• Subscription Management. We use Apple's StoreKit framework to manage in-app subscriptions. Payment processing is handled entirely by Apple. We do not collect or store payment information.
3. Third-Party Services
We use the following third-party services to operate the App:
• Cloudflare Workers — Hosts our backend API and temporarily stores shared images and comparison pages.
• Twilio — Delivers MMS text messages on your behalf.
• SendGrid (Twilio) — Delivers emails on your behalf.
• ImgBB — Provides temporary image hosting required for MMS delivery.
• Apple App Store — Processes in-app subscription payments.
Each third-party service is governed by its own privacy policy. We encourage you to review them.
4. Data Retention
• On-device data (images, notes, settings): Retained until you delete them or uninstall the App.
• Shared images on Cloudflare KV: Automatically deleted after 48 hours (or up to 7 days for image uploads).
• Images on ImgBB: Automatically deleted after 3 days.
• Email aliases: Automatically deleted after 48 hours.
• SMS consent records: Retained indefinitely for compliance and audit purposes. Records include recipient name, phone number, consent date, IP address, and consent status (active or revoked).
• Server logs: We do not maintain persistent logs of message content or recipient information.
5. Data Security
All data transmitted between the App and our backend is encrypted using HTTPS (TLS). Images and messages are transmitted only when you initiate a share action. We use industry-standard security practices, but no method of electronic transmission is 100% secure.
6. Children's Privacy
The App is not intended for use by individuals under the age of 17. We do not knowingly collect information from children.
7. Your Rights
• You can delete all locally stored notes using the Clear History feature in the App.
• You can export your notes to CSV before deleting them.
• Shared data expires automatically and cannot be retrieved after expiration.
• You can stop using the App at any time and uninstall it to remove all local data.
8. HIPAA Disclaimer
cathReport is not a HIPAA-compliant application. It is designed for sharing de-identified coronary angiogram images for educational and clinical communication purposes. Users are solely responsible for ensuring that no Protected Health Information is entered into or transmitted through the App. Do not include patient names, medical record numbers, dates of birth, or any other identifying information.
9. Text Messaging Terms
Program Name: cathReport PCI Image Sharing
What It Does. cathReport allows healthcare professionals to share de-identified coronary angiogram (PCI) images via MMS text message to a recipient phone number entered by the sender. Messages contain a procedural image and optional clinical notes. Messages are sent from a toll-free number operated by Cascade Digital Technologies LLC.
Consent and Opt-In. Before any MMS message can be sent through cathReport, the recipient must first provide explicit consent by completing the online opt-in form at cascadedigitaltechnologiesllc.com/cathreportopt-in. The opt-in form requires the recipient to provide their name and phone number and to affirmatively check a consent box with the following disclosure:
"I consent to receive text messages from cathReport containing medical procedure imaging results at the phone number provided above. Message and data rates may apply. Message frequency varies. Reply STOP to opt out at any time. Reply HELP for help."
The App verifies that the recipient has an active consent record on file before allowing any message to be sent. If no consent is found, the sender is prompted to share the opt-in link with the recipient. Messages cannot be sent to phone numbers that have not completed the opt-in process.
Message Frequency. One (1) message is sent per user-initiated send action. cathReport does not send recurring, scheduled, or automated messages. Each message requires a manual action by the sender.
Message and Data Rates. Message and data rates may apply. The recipient's carrier may charge standard messaging fees.
Opt-Out. Recipients can opt out at any time by replying STOP to any message received from cathReport. Once opted out, no further messages will be delivered to that number.
Help. Recipients can reply HELP to any message for assistance. For additional support, contact us at owner@cascadedigitaltechnologiesllc.com or visit cascadedigitaltechnologiesllc.com.
Carriers Supported. Major US carriers are supported, including AT&T, T-Mobile, Verizon, and others. Carrier support is provided through Twilio's messaging platform.
Compliance. The sender agrees to comply with all applicable laws, including the Telephone Consumer Protection Act (TCPA), and agrees not to use the App to send unsolicited, harassing, or spam messages. We reserve the right to suspend messaging capabilities if misuse is detected.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, contact us at:
Cascade Digital Technologies LLC