Sophra Privacy Policy

Effective date: June 5, 2026

Sophra is an iPad application for licensed eyecare professionals that measures

pupillary distance and lens centration from a photo of a patient wearing their

frame. This policy explains how Sophra handles data.

The short version

Sophra does not collect, transmit, or share any data. Everything you enter or

capture stays on your iPad. There is no account, no cloud sync, and no analytics.

Data stored on your device

To do its job, Sophra stores the following locally on your iPad, in the app's

private storage:

• Patient information you enter (such as name, date of birth, and an optional

practice patient ID).

• Photos captured during a measurement.
• Measurement results and related notes.

This information never leaves your device unless you explicitly export it (see

below). We, the developers of Sophra, cannot see it and never receive it.

Data we collect

None. Sophra contains no analytics, advertising, tracking, or third-party data

collection SDKs. The app does not require an account and does not connect to our

servers.

Camera and photo library

The camera is used only to capture the patient photo needed for a measurement.

Photo library access is used only if you choose to save a measurement photo.

These images are processed entirely on the device.

Exports

You can export your data (for backup or to move it to your records) from the

app's Settings screen. Exported files contain protected health information. You

are responsible for sending them only through HIPAA-compliant channels. Once a

file leaves the app, its handling is governed by the destination you choose, not

by Sophra.

Payments

Sophra is sold as a subscription through the App Store. All billing is handled by

Apple. We never receive or store your payment card details, and a purchase does

not create an account with us or send us any patient data. Apple's handling of

your purchase is governed by Apple's privacy policy.

Data retention and deletion

Because all data lives on your device, you control it completely. Deleting a

patient in the app removes their records and photos. Deleting the app removes

all Sophra data from the device.

HIPAA

Sophra is designed to support HIPAA-compliant workflows by keeping protected

health information local to the device and never transmitting it. Your practice

remains the covered entity responsible for safeguarding patient data, including

device security and the channels used for any exports.

Children

Sophra is a professional tool and is not directed to children.

Changes to this policy

If this policy changes, the updated version will be posted at this address with

a new effective date.

Contact

Questions about privacy: info@crossguard.io