OneSim

Privacy Policy

Last updated: July 2026

1. Who We Are

OneSim Inc. ("OneSim", "we", "us", or "our") operates the OneSim platform, which includes the AI Patient Simulator, Clinical Skills EMR, and Inventory Manager — simulation technology tools for healthcare education programs. Our website is myonesim.com.

2. Information We Collect

We collect information you provide directly:

  • Account data: name, email address, and password (stored securely via Supabase Auth)
  • Profile and scenario data: fictional patient profiles and simulation scenarios you create
  • Simulation transcripts: conversation logs from AI Patient Simulator practice sessions
  • EMR exercise data: charting entries, orders, scores, and completion records from Clinical Skills EMR sessions
  • Inventory records: asset, consumable, and space data you enter into the Inventory Manager
  • Billing information: payment processing is handled by Stripe; we do not store card details
  • Institution data: for institutional accounts, we store seat assignments, member roles, and access configurations set by institution administrators

We also collect limited technical data automatically:

  • Usage analytics: page views, referrer, device type, browser, and approximate region — collected via Vercel Web Analytics (see Section 5)
  • Session data: authentication session tokens stored in secure httpOnly cookies

3. How We Use Your Information

  • To provide, operate, and improve the Service and its three products
  • To authenticate your account and maintain your session
  • To process subscription payments via Stripe
  • To send transactional emails (account invites, receipts, password resets) via Resend
  • To enable institution administrators to manage seat access and shared case libraries
  • To understand aggregate usage patterns and improve the platform
  • To respond to support requests

We do not sell your data to third parties. We do not use your data for advertising.

4. AI Processing

Conversations in the AI Patient Simulator are sent to Anthropic's Claude API to generate AI responses. Anthropic processes this data subject to their own privacy policy.

All profile content in OneSim is fictional and intended for simulation purposes only. Do not enter real patient names, real medical record numbers, or any actual patient data into any OneSim product.

5. Analytics

We use Vercel Web Analytics to understand how the platform is used. Vercel Analytics is privacy-first: it does not use cookies, does not track users across sites, and does not collect personally identifiable information. It records page views, device type, browser, operating system, referrer, and approximate country using a daily-resetting hash that cannot be used to identify individual visitors.

No analytics data is sold or shared with advertisers. We do not use Google Analytics, Meta Pixel, or any other third-party advertising trackers.

6. Voice Data

Voice input in the AI Patient Simulator is processed entirely in your browser using the Web Speech API. Audio is not transmitted to or stored on our servers. Transcribed text from your session is sent to Anthropic's API as described in Section 4.

7. Cookies

We use cookies for the following purposes only:

  • Authentication (strictly necessary): Supabase Auth sets a secure, httpOnly session cookie to keep you logged in. This cookie is required for the Service to function and cannot be disabled.

We do not use advertising cookies, third-party tracking cookies, or cross-site analytics cookies. Vercel Analytics does not set cookies.

8. Data Storage and Security

Your data is stored in Supabase (hosted on AWS). We use row-level security policies to ensure users can only access their own data. Institution members can only access institution-scoped content as configured by their administrator. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Stripe handles all payment card data and is PCI-DSS certified. We never store card numbers or CVVs.

9. Institutional Accounts

If you access OneSim through an institution (university, hospital, or training program), your institution administrator may have visibility into your account status, seat assignment, and product access. Simulation transcripts, EMR exercise scores, and inventory records created under an institutional account may be accessible to facilitators and administrators within that institution. Contact your institution administrator for details on their data policies.

10. Data Retention

We retain your account data for as long as your account is active. After account deletion, personal data is removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely. Institution members whose accounts are deactivated by an admin retain their data until account deletion is requested.

11. Your Rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. You may also have the right to object to or restrict certain processing.

To exercise any of these rights, email info@myonesim.com. Institution administrators may also manage member accounts through the admin panel. We will respond within 30 days.

12. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact us at info@myonesim.com and we will delete it promptly.

13. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or a prominent notice within the Service at least 14 days before they take effect. Continued use after changes constitutes acceptance.

14. Contact

Privacy questions or data requests? Email info@myonesim.com.