Privacy Policy

TheCVICU.com ("we," "our," or "the Site") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights. **Key Point: TheCVICU.com is a public educational website. We do NOT require user registration, and we do NOT collect personal information from public visitors.**

**Public Visitors (No Account Required):** We do NOT collect personal information from public visitors. You can browse and read all content without providing any information. **Technical Information (Automatically Collected):** Like most websites, we may automatically collect: - IP addresses (for security and analytics) - Browser type and version - Device type and operating system - Pages visited and time spent - Referral source (how you found our site) This information is collected via: - Server logs - Third-party analytics services: Amplitude Analytics **Admin Users (Authenticated Access):** For administrators who manage the website, we collect: - Authentication cookies (httpOnly, secure) - IP address and login timestamps - Activity logs (for security and audit purposes)

We use collected information to: - **Operate and maintain the website** (server logs, error tracking) - **Improve content and user experience** (analytics, usage patterns) - **Ensure security** (detect abuse, prevent unauthorized access) - **Authenticate administrators** (secure admin dashboard access) We do NOT: - Sell or rent your information to third parties - Use your information for marketing or advertising - Track you across other websites - Collect personal information from public visitors

TheCVICU.com uses the following third-party services: **AWS (Amazon Web Services):** **Cloudflare:** **MongoDB:** **Amplitude Analytics:** Each service has its own privacy policy: - AWS Privacy Notice: https://aws.amazon.com/privacy/ - Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/ - MongoDB Privacy Policy: https://www.mongodb.com/legal/privacy-policy - Amplitude Analytics Privacy Policy: https://amplitude.com/privacy-policy

**Authentication Cookies:** Admin users receive httpOnly, secure cookies for session management. These cookies: - Are essential for authentication - Expire after 24 hours - Cannot be read by JavaScript (httpOnly) - Are transmitted over HTTPS only (secure) **Analytics Cookies:** We may use cookies for analytics purposes. You can: - Opt out via browser settings - Use Do Not Track (DNT) signals - Install browser extensions to block analytics **No Third-Party Advertising:** We do NOT use advertising cookies or allow third-party ad networks on this site.

We implement security measures to protect information: - **Encryption:** HTTPS/TLS for all connections - **Access Controls:** Role-based permissions (superadmin, admin) - **Audit Logging:** Activity tracking for administrators - **Rate Limiting:** Protection against brute force attacks - **Bot Protection:** Cloudflare Turnstile on forms However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

**Public Content:** - Permanently stored (educational purpose) **Server Logs:** - Retained for 90 days **Admin Accounts:** - Retained while administrator is active - Deleted upon account removal **Audit Logs:** - Retained for 2 years

**Public Visitors:** You have no personal information stored on our site, so no data rights apply. **Admin Users:** You have the right to: - **Access:** Request your account information - **Correction:** Update your email or username - **Deletion:** Request account deletion (contact superadmin) - **Export:** Request export of your activity logs To exercise these rights, contact: admin@thecvicu.com

TheCVICU.com is intended for healthcare professionals and students. We do not knowingly collect information from children under 13 (or applicable age in your jurisdiction).

TheCVICU.com is hosted in the United States. By accessing the site, you consent to the transfer of information to the United States for processing and storage.

**For visitors from the European Union and European Economic Area:** TheCVICU.com complies with the General Data Protection Regulation (GDPR). Here are your rights and our practices: **Lawful Basis for Processing:** - **Public Visitors:** Legitimate interest (site operation, security, analytics) - **Admin Users:** Contractual necessity (authentication for site management) **Your GDPR Rights:** - **Right to Access:** Request a copy of your personal data - **Right to Rectification:** Correct inaccurate personal data - **Right to Erasure ("Right to be Forgotten"):** Request deletion of your data - **Right to Restrict Processing:** Limit how we process your data - **Right to Data Portability:** Receive your data in a structured format - **Right to Object:** Object to processing based on legitimate interests - **Right to Withdraw Consent:** Withdraw consent at any time (where consent is the legal basis) **Data Processing:** - We do NOT collect personal data from public visitors beyond standard server logs - Server logs (IP addresses) are retained for 90 days for security purposes - We do NOT sell or share personal data with third parties for marketing **International Data Transfers:** - Data may be transferred to the United States (AWS infrastructure) - We rely on standard contractual clauses and adequacy decisions for lawful transfers - AWS provides appropriate safeguards for international data transfers **Data Protection Officer:** For GDPR-related inquiries, contact: admin@thecvicu.com **Supervisory Authority:** You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. **Cookie Consent:** We use cookies only for essential authentication (admin users) and analytics. You may opt out of analytics cookies via browser settings without affecting site functionality.

**For California residents (California Consumer Privacy Act):** TheCVICU.com complies with the California Consumer Privacy Act (CCPA). Here are your rights: **Information We Collect:** - **Public Visitors:** IP addresses, browser information, usage data (via server logs and analytics) - **Admin Users:** Username, email address, authentication data - **NOT Collected:** Social Security numbers, driver's license numbers, financial data, precise geolocation **Categories of Personal Information:** - Identifiers (email addresses for admins) - Internet activity (browsing history on our site, IP addresses) - Device information (browser type, operating system) **How We Use Your Information:** - Operate and maintain the website - Ensure security and prevent fraud - Analyze usage patterns to improve content - Authenticate administrators **Your CCPA Rights:** 1. **Right to Know:** Request disclosure of personal information we collect, use, or disclose 2. **Right to Delete:** Request deletion of your personal information 3. **Right to Opt-Out of Sale:** We do NOT sell personal information (no opt-out needed) 4. **Right to Non-Discrimination:** We will not discriminate against you for exercising your rights **How to Exercise Your Rights:** Email: admin@thecvicu.com Subject: "CCPA Data Request - [Right to Know / Right to Delete]" We will respond within 45 days of receiving a verifiable request. **Verification:** To protect your privacy, we may ask you to verify your identity before fulfilling your request. For admin users, we will verify via your registered email address. **Disclosure:** - We do NOT sell personal information - We do NOT share personal information for cross-context behavioral advertising - We retain personal information only as long as necessary for the purposes stated **Minors:** We do not knowingly collect personal information from minors under 16. We do not sell personal information of minors. **Third-Party Services:** We use third-party services (AWS, Cloudflare, MongoDB, Amplitude) that may process personal information. These services have their own privacy policies and comply with applicable privacy laws.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the site after changes constitutes acceptance. For material changes that significantly affect your rights, we will provide prominent notice on the website and may notify admin users via email.

For questions about this Privacy Policy or data practices, contact: **General Inquiries:** Email: admin@thecvicu.com Website: www.thecvicu.com **GDPR Inquiries (EU Residents):** Email: admin@thecvicu.com Subject: "GDPR Request" **CCPA Inquiries (California Residents):** Email: admin@thecvicu.com Subject: "CCPA Request" **Mailing Address:** TheCVICU.com [Your physical address] United States We will respond to all privacy-related inquiries within 30 days (45 days for CCPA requests).