Last Updated: July 7, 2026 · Effective Date: July 7, 2026
Overview
Pocket Protocols is a mobile application and related website (collectively, the "Service") that provide quick-reference access to Emergency Medical Services ("EMS") protocols, medications, and hospital information for EMS providers across the United States and Canada. The Service is operated by Rappasoft LLC ("Rappasoft," "we," "us," or "our").
This Privacy Policy explains what information we collect through the Service, how we use and share it, and the rights and choices available to you. By downloading, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.
Government Affiliation Disclaimer
Pocket Protocols is an independent, third-party application developed by Rappasoft LLC. This app is NOT affiliated with, endorsed by, sponsored by, or officially connected to any federal, state, provincial, or local government agency or emergency medical services authority.
The protocol information contained in this app is based on publicly available documents published by the relevant state, provincial, regional, and local EMS authorities. Providers should always consult the current, official protocol documents published by their own EMS authority.
Information We Collect
Information You Provide to Us
You can use the core app without creating an account. If you choose to create an account, use cross-device sync, or request or use agency features, we collect the information needed to provide those features, such as your name, email address, password or authentication credentials, agency membership and access-request information, role, and related account settings.
If you contact us directly (for example, by email), we will receive the information you provide, such as your email address and the contents of your message.
When you are signed in, we may store selected app data so it can sync across your devices. This may include app preferences, downloaded protocol-set identifiers, notes, favorites, bookmarks, history, and similar app state. You should not enter patient-identifying information, protected health information, or clinical treatment records into notes, logs, or other user-entered fields.
Information Collected Automatically
Subscription Information
We use RevenueCat to manage and validate in-app subscriptions. In connection with a purchase, RevenueCat and the applicable app store process:
- Purchase, subscription, and renewal status
- Subscription type (e.g., monthly or yearly) and trial status
- App store transaction identifiers and pseudonymous app-user identifiers
- Device and platform information necessary to deliver entitlements
Payment card details are handled directly by the Apple App Store or Google Play and are not collected by or disclosed to us. For RevenueCat's privacy practices, see https://www.revenuecat.com/privacy.
Analytics and Usage Data
To understand how the Service is used and to improve it, our website may use analytics tools such as Google Analytics, and the mobile app uses an in-app telemetry tool (Sentry) that records non-identifying usage events and screen views as diagnostic breadcrumbs. We also keep standard server logs. Depending on the part of the Service you use, this may include:
- Pages, screens, and features viewed, and time spent
- Approximate geographic location derived from IP address (e.g., country or region)
- Device type, model, operating system, app or browser version, and language
- Referring URLs and general usage information
- Internet Protocol (IP) address and similar online identifiers
See "Cookies and Tracking Technologies" below for more detail and your choices.
Crash and Diagnostic Data
The mobile app uses Sentry to detect and diagnose errors and crashes. When the app encounters a problem, Sentry may collect diagnostic information such as error messages and stack traces, the device model and operating system, the app version, and related technical data, which may include your IP address. We use this information solely to identify, troubleshoot, and fix issues and to improve the stability of the app. For Sentry's privacy practices, see https://sentry.io/privacy/.
Information We Do Not Collect
We have designed the Service to minimize data collection. We do not intentionally collect:
- Mailing addresses or telephone numbers unless you voluntarily provide them
- Precise geolocation (GPS) data
- Patient information or protected health information
- Clinical, diagnosis, or treatment records
- Photos, camera, microphone, or contacts data
- Health data about you
If you voluntarily include any such information when contacting us, we will receive it, but we do not solicit it.
Cookies and Tracking Technologies
Our website may use cookies and similar technologies, such as Google Analytics, to recognize repeat visits and measure usage. We also use Google Fonts to render typography, which may cause your browser to request font files from Google's servers; in doing so, Google may receive your IP address.
You can control or disable cookies through your browser settings, and you can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. For information about Google's data practices, see Google's Privacy Policy.
Do Not Track. Some browsers transmit "Do Not Track" signals. Because there is no industry-standard interpretation of these signals, the Service does not currently respond to them.
How We Use Information
We use the information described above to:
- Provide, operate, and maintain the Service and deliver subscription entitlements
- Create and authenticate optional accounts and provide cross-device sync
- Manage agency membership, access requests, roles, and agency-specific features
- Verify subscription and trial status and prevent fraud or abuse
- Understand usage patterns and improve the Service, its content, and performance
- Respond to your inquiries and provide support
- Maintain the security and integrity of the Service
- Comply with our legal obligations and enforce our Terms of Service
Legal Bases for Processing
Where required by law (for example, in the European Economic Area or the United Kingdom), we process personal information on the following bases: our legitimate interests in operating, securing, and improving the Service; performance of a contract with you (such as providing subscriptions); compliance with legal obligations; and, where applicable, your consent (which you may withdraw at any time).
How We Share Information
We do not sell your personal information. We share information only as follows:
- Service providers: With vendors who process data on our behalf, such as RevenueCat (subscription management), Sentry (crash and diagnostic reporting), and Google (analytics and fonts), under obligations to protect the information.
- App stores: The Apple App Store and Google Play process purchases under their own privacy policies.
- Agencies: If you request to join or are associated with an agency, that agency and its administrators may see information needed to manage your access, such as your name, email address, request status, membership status, role, and agency-specific email information.
- Legal and safety: When we believe disclosure is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, or to protect the rights, property, safety, or security of Rappasoft, our users, or others, or to detect, prevent, or address fraud, security, or technical issues.
- Business transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, information may be transferred as part of that transaction, subject to this Privacy Policy.
- With your direction or consent: When you ask us to share information or otherwise consent to its disclosure.
Data Retention
We retain information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Analytics data is retained in accordance with our Google Analytics configuration; subscription records are retained as long as needed to administer your subscription and to meet legal, tax, and accounting requirements. Account, agency membership, access-request, and synced app data are retained while your account is active or as otherwise needed to provide the Service, unless you request deletion and we are not required to keep it. Content stored locally on your device persists until you delete it or uninstall the app.
Data Storage, Security, and International Transfers
Local Storage
- Protocol content is stored locally on your device for offline access
- Your preferences are stored locally on your device
- If you are not signed in, your app data remains local to your device, except for subscription, diagnostic, analytics, support, and server-log information described above
- If you are signed in, selected app data is stored on our servers for sync, and a local copy remains on your device
Security
- Communications with our services and service providers use HTTPS encryption
- Synced app data is encrypted at rest in our application database
- We use reasonable administrative, technical, and physical safeguards designed to protect information
No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You use the Service at your own risk.
International Transfers
We are based in the United States, and our service providers (including RevenueCat and Google) may process information in the United States and other countries. If you access the Service from Canada, the European Economic Area, the United Kingdom, or elsewhere, you understand that your information may be transferred to and processed in the United States, which may have different data-protection laws than your jurisdiction. Where required, we rely on appropriate safeguards for such transfers.
Your Privacy Rights and Choices
All Users
- If you use the app without signing in, uninstalling the app or deleting app data removes the information stored locally on that device
- If you create an account, you can contact us to request access to, correction of, or deletion of your account and synced app data
- Deleting your account or synced data does not automatically remove local copies that remain on devices where the app is installed
- You can opt out of analytics as described in "Cookies and Tracking Technologies" above
- You can contact us at anthony@rappasoft.com to make a privacy request
California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request access to or deletion of your personal information; to request correction of inaccurate information; and to not be discriminated against for exercising these rights. We do not sell or "share" (as those terms are defined under California law) your personal information, and we do not knowingly process the personal information of minors for such purposes. To exercise these rights, contact us at anthony@rappasoft.com.
Canadian Residents (PIPEDA)
If you are in Canada, you may request access to the personal information we hold about you and request corrections, subject to applicable law. We collect, use, and disclose personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
EEA and United Kingdom Residents (GDPR)
If you are in the European Economic Area or the United Kingdom, you may have the right to access, correct, delete, restrict, or object to our processing of your personal information, the right to data portability, and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact us at anthony@rappasoft.com.
Children's Privacy
The Service is intended for EMS professionals and students and is not directed to children. We do not knowingly collect personal information from children under 13 (or under the age of majority in your jurisdiction). If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.
Third-Party Services and Links
The Service relies on and may link to third-party services (including RevenueCat, Sentry, Google, the Apple App Store, and Google Play). We are not responsible for the privacy practices or content of these third parties, and their use of your information is governed by their own privacy policies. We encourage you to review them.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the revised Privacy Policy.
Contact Us
If you have questions or requests regarding this Privacy Policy or our privacy practices, please contact:
Rappasoft LLC
Email: anthony@rappasoft.com