Nexis Mobile ("the App") is published by CCI Industrial Sales, LLC ("we", "us"). The App is a mobile front-end for a customer's electronic health records system. This policy describes what information the App collects, how it is used, and the rights you have over it.
1. Information the App processes
The App processes the following categories of information, all of which are entered by you or generated by your interaction with your organization's EHR system:
Account credentials — your email and password, exchanged with your organization's authentication server to issue a session token.
Clinical content — patient data, notes, vitals, lab results, medications, and messages displayed from or submitted to your organization's authorized backend.
Device biometrics — Face ID / Touch ID verification handled entirely on-device by Apple. No biometric data ever leaves your device.
Audio — when you use voice dictation, audio is processed either on-device (default) or, if enabled, sent to your organization's authorized backend for transcription. Audio is not retained beyond the transcription request.
Camera frames — when you scan a patient wristband or medication barcode, frames are processed on-device only and discarded immediately after the barcode is decoded.
Push notification token — registered with Apple Push Notification Service, used by your organization's backend to send you alerts.
Diagnostic logs — anonymous error reports used to diagnose crashes. No clinical content is included.
2. How we use information
Information is used solely to:
Authenticate you to your organization's EHR system.
Display and let you submit clinical information to and from that system.
Lock the session when biometric re-authentication fails.
Notify you of clinical and operational events from your organization.
Maintain and improve the App.
3. Sharing
The App does not share information with advertisers, analytics vendors, or other third parties. All clinical data flows only between your device and your organization's authorized backend.
We do share with:
Apple — for App Store delivery, crash reports (Apple's standard service), and Push Notification Service routing.
Expo Application Services (EAS) — for over-the-air JavaScript updates. EAS receives only the JavaScript bundle and build telemetry, no clinical data.
4. Storage and retention
Clinical data is stored only on the customer's authorized backend, governed by that organization's data-retention policy. The App caches data on-device only for the duration of an active session and clears it on sign-out or session expiry.
5. Your rights
Because the App is a front-end to your organization's record system, requests to access, correct, or delete records should be made to that organization's medical records or compliance office, not to us.
6. Security
All network traffic is encrypted with TLS 1.2 or higher.
Session tokens are stored in the iOS Keychain.
The App requires biometric or passcode re-authentication after a configurable idle period.
The App will not run on a device with a compromised (jailbroken) OS where the platform's security guarantees are not intact.
7. Children
Nexis Mobile is intended for adult clinical professionals. It is not directed at children under 13 and we do not knowingly process information about anyone in that capacity.
8. Changes
We will update this policy as the App evolves. Material changes will be announced in the App's release notes and on the support page.