Last Updated: June 15, 2026
VitreOS is a surgical case logging tool for ophthalmology fellows, faculty, and training programs. It is intended for use by medical professionals to record and review training cases. It is not a patient-facing service and is not intended to store protected patient health information. This policy explains what we collect, how we use it, and the choices you have. If you have questions, contact us at support@vitreos.org.
Account and profile information. When you register or are invited to a program, we collect your name, email address, role (for example fellow, faculty, or program director), training level, and program affiliation. Authentication and passwords are handled by our authentication provider; we do not store your password in plain text.
Surgical case data you enter. When you log a case, we store the details you provide, which may include the case date, diagnoses, procedures and surgeries, your role in the case, attending name, surgery location, structured options (such as membrane peel, IOL, and lensectomy details), free-text notes, and a patient identifier field that you supply.
Usage and activity data. We record certain activity within the app, such as which announcement posts you open and when (see Section 7). We also use Vercel Analytics to understand aggregate, anonymized usage of the site; this is privacy-friendly and does not use tracking cookies to identify you.
VitreOS is designed to be used with de-identified case data. The patient identifier field is intended for a de-identified code of your choosing. You should not enter patient names, medical record numbers, or other directly identifying information into any field. You are responsible for ensuring that the data you enter complies with your institution's policies and with applicable law, including any obligations under HIPAA or other health-privacy regulations that apply to you or your program.
Within your program. Access is role-based. Faculty and program directors in your program may view your case data and program reports as part of training oversight. System administrators can access platform data to operate and support the service.
Service providers (sub-processors). We use a small number of vendors to run VitreOS, and your data is processed on their infrastructure:
We do not sell your personal information. We may disclose information if required by law or to protect the rights, safety, and security of our users and the service.
We use cookies that are necessary for authentication and keeping you signed in. Our analytics (Vercel Analytics) are designed to be cookieless and anonymized, and are used to measure aggregate usage rather than to identify individuals.
When you open an announcement or "What's New" post, we record that you viewed it, along with the date and time. System administrators can see which users have viewed a given post and how many times. We use this to understand whether important updates are reaching users. If you would prefer this not be associated with you, contact us using the details below.
We retain your account and case data for as long as your account is active or as needed to provide the service. Because case logs can form part of a training record, your program or institution may have its own retention requirements. When you ask us to delete your data, we will remove what we can while honoring any retention obligations that apply, and we will tell you what was kept and why.
We use technical and organizational measures intended to protect your information, including access controls and row-level security so that users see only the data they are permitted to. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
You can request a copy of your data or ask us to delete it from Privacy & your data in your account (under Profile → Account & Security), or by emailing support@vitreos.org. Depending on where you live, you may have additional rights under laws such as the California Consumer Privacy Act or, for users in the EEA and UK, the GDPR, including rights of access, correction, deletion, and portability. We will honor applicable requests.
VitreOS is intended for medical professionals and is not directed to children. We do not knowingly collect information from children.
We may update this policy from time to time. We will revise the "Last Updated" date above when we do, and material changes will be communicated within the app.
Questions about this policy or your data? Email support@vitreos.org or use our contact page.