Sign In
Legal

Privacy Policy

Last updated: June 1, 2026

XReport Pro ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, and share information when you use our healthcare form-building and reporting platform at xreport.pro (the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you accept a workspace invitation, we also store the invitation metadata and your role within that workspace.

1.2 Form and Report Data

Our Service enables you to build medical forms and generate structured reports. We store the form schemas you create (field definitions, logic rules, display settings) and the report data submitted through those forms ("Form Data"). This data may include clinical or patient-related information depending on how you configure your forms.

1.3 Usage Information

We automatically collect certain technical information when you use the Service, including IP addresses, browser type, operating system, pages visited, and feature interactions. This information is used to operate, improve, and secure the Service.

1.4 Workspace and Collaboration Data

We collect information about your workspaces, team memberships, and collaboration activity, including invitation emails, role assignments, and workspace names.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and store the forms and reports you create
  • Authenticate users and manage workspace access
  • Send transactional communications (e.g., invitation emails, account notifications)
  • Detect, prevent, and respond to security incidents
  • Comply with legal obligations
  • Improve and develop new features

We do not use your Form Data to train machine learning models, sell to third parties, or deliver advertising.

3. Data Storage and Security

XReport Pro is built on Supabase, a secure cloud database platform. All data is encrypted in transit (TLS) and at rest. Access controls are enforced at the workspace level, meaning only authenticated members of a workspace can access its forms and reports.

We implement technical and organisational safeguards consistent with industry standards for healthcare software, including row-level security, strict authentication requirements, and regular security reviews.

4. Data Sharing

We do not sell, rent, or trade your personal data. We may share data:

  • Within your workspace: Members of your workspace can access forms, reports, and collaborator information within that workspace according to their assigned roles.
  • With service providers: We use third-party infrastructure providers (e.g., Supabase, Resend for transactional email) who process data only on our behalf and are bound by confidentiality obligations.
  • For legal compliance: We may disclose information when required by applicable law, court order, or governmental authority.

5. Data Retention

We retain your account and workspace data for as long as your account is active or as needed to provide the Service. Form Data is retained until you delete it or close your workspace. You may request deletion of your account and associated data at any time by contacting us.

6. Healthcare Considerations

XReport Pro is a tool for building and managing clinical forms. You are responsible for ensuring that your use of the Service complies with applicable healthcare privacy regulations (such as GDPR, HIPAA, or local equivalents). We provide a secure technical foundation, but the classification and legal responsibilities for any protected health information you process remain with you as the data controller.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise these rights, contact us at privacy@xreport.pro.

8. Cookies

We use essential cookies and local storage to maintain your authentication session and workspace preferences. We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy, please contact us at privacy@xreport.pro.