Privacy Policy
Effective date: July 16, 2026
This Privacy Policy explains how White Arc Surgical, Corp. (“White Arc,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with Arc Insight, our websites, mobile applications, and related services (collectively, the “Services”).
1. Information We Collect
Depending on how the Services are configured by an institution, we may collect:
- Account and profile information: name, email address, institution, program, training level, professional role, and authentication-related information.
- Educational and performance information: procedure category, date of educational activity, evaluator, structured ratings, autonomy assessments, coaching comments, completed steps, simulation results, debrief activity, and related training analytics.
- Usage and technical information: device type, browser, operating system, IP address, application events, crash data, approximate location inferred from IP, and security logs.
- Communications: information provided when contacting support, requesting a demonstration, or otherwise communicating with us.
2. Patient Information
Arc Insight is designed as an educational platform and does not require patient names, medical record numbers, dates of birth, addresses, clinical notes, images, or other patient identifiers. Users and institutions should not enter protected health information or identifiable patient information into free-text fields. Arc Insight is not an electronic health record and is not intended for clinical decision-making or patient care documentation.
3. How We Use Information
- Provide, operate, maintain, and secure the Services.
- Authenticate users and administer institution-based access.
- Generate resident, faculty, and program-level educational analytics.
- Support coaching, evaluation, research, quality improvement, and program administration as authorized by the applicable institution.
- Respond to support requests and communicate service-related information.
- Detect misuse, investigate security events, and improve reliability and functionality.
- Comply with applicable law and enforce our agreements.
4. Institutional Data
When an institution sponsors or administers an Arc Insight account, that institution may determine which users receive access, what information is entered, how long information is retained, and how educational information is used. Users should direct questions about institution-specific practices to their program or institutional administrator.
5. How We Share Information
We may share information with service providers that support hosting, authentication, analytics, communications, security, and technical operations; with the institution or program associated with an account; when required by law or necessary to protect rights and safety; and in connection with a merger, financing, acquisition, reorganization, or sale of assets. We do not sell personal information for money or use educational performance data for third-party targeted advertising.
6. Research and Aggregated Information
Where permitted by an institution and applicable approvals, data may be used for research, program evaluation, or quality improvement. We may create aggregated or de-identified information that does not reasonably identify an individual and use or disclose that information for analytics, benchmarking, research, product improvement, or other lawful purposes.
7. Data Retention
We retain information for as long as reasonably necessary to provide the Services, satisfy institutional requirements, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary based on institutional configuration and the type of information.
8. Security
We use administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication, encrypted transmission where supported, monitoring, and restricted access. No internet-based service can guarantee absolute security.
9. Your Choices and Rights
Depending on applicable law and the institution controlling an account, users may request access, correction, deletion, or restriction of certain personal information. Some requests must be directed to the sponsoring institution. We may retain information where required by law, institutional agreement, legitimate security needs, or other permitted purposes.
10. Children
The Services are intended for adult healthcare professionals, trainees, educators, administrators, and institutional users. They are not directed to children under 13.
11. Third-Party Services
The Services may link to or rely on third-party services, including authentication, app distribution, and infrastructure providers. Those providers may process information under their own privacy policies.
12. United States Processing
White Arc is based in the United States. Information may be processed and stored in the United States or other locations where our service providers operate, subject to applicable contractual and legal protections.
13. Changes to This Policy
We may update this Privacy Policy as the Services evolve. The effective date above indicates the latest revision. Material changes may also be communicated through the Services or by other appropriate means.
14. Contact Us
Questions or privacy requests may be sent to [email protected].