Gigabox EHR

App Store Compliance

This page documents how Gigabox EHR complies with Apple's App Review Guidelines. It is intended as a reference for App Store reviewers and for our own internal audits.

Current submission

App: Gigabox EHR
Bundle Identifier: com.gigaboxresearch.ehr
Version: 1.0.1 (4)
Target Platform: iOS 15.1+ (iPhone and iPad)
Age Rating: 17+
Category: Medical
Uses Encryption: No (HTTPS only, no custom crypto)
Distribution: Public (App Store)

Guideline-by-guideline compliance

§5.1.1(v) — In-app account deletion

Apps that offer account creation must also let users initiate account deletion from within the app.

Met

How we comply: Settings → Delete Account. The row presents a double-confirmation alert and, on confirm, calls the backend DELETE /api/patient-portal/me endpoint (which unlinks the patient record and removes all push tokens), then deletes the Clerk user via Clerk’s client SDK, then signs the user out and returns them to the sign-in screen.

§4.8 — Sign in with Apple

Apps that use a third-party or social login service must also offer Sign in with Apple as an equivalent option.

Met

How we comply: The Sign In and Sign Up screens render expo-apple-authentication’s native AppleAuthenticationButton (HIG-compliant) as the primary option on iOS. Sign-in is wired to Clerk’s oauth_apple strategy via useOAuth, using Clerk-hosted Apple credentials — no custom Apple Service ID or key is required.

§5.1.1(i) — Privacy Policy access

Apps must link to their Privacy Policy both in the app and on the App Store listing.

Met

How we comply: Settings → Legal → Privacy Policy opens www.gigabox.ai/apps/ehr/privacy in an in-app browser (expo-web-browser). The Sign Up screen shows a legal blurb beneath the Sign Up button with a tappable Privacy Policy link to the same URL.

§3.1.2(a) — Terms of Service access

Apps with subscriptions or user accounts must link to their Terms of Service from within the app.

Met

How we comply: Settings → Legal → Terms of Service opens www.gigabox.ai/apps/ehr/terms in an in-app browser. The Sign Up screen legal blurb also links to Terms.

§5.1.2 — Data collection disclosure

Apps must disclose any data collection in the App Store App Privacy section and in an in-app or linked Privacy Policy.

Met

How we comply: The Privacy Policy at www.gigabox.ai/apps/ehr/privacy lists every third-party processor (Clerk, Google Cloud, OpenRouter/DeepSeek, Resend, Expo, APNs), explicitly states that no data is sold, specifies US hosting, and describes the 30-day data deletion process. The App Store App Privacy nutrition label mirrors this disclosure.

§1.4.1 — Medical device disclaimer

Apps providing medical information must disclose that they are not a substitute for professional medical advice.

Met (with note)

How we comply: The Settings footer, the App Store description, and the Privacy Policy all state that Gigabox EHR is a research and development product from Gigabox Research, that it is not a medical device, is not FDA cleared, and is not intended for diagnosis, treatment, cure, or prevention of any disease. All clinical decisions must be made by a licensed healthcare provider.

Note: EHR is not currently making clinical claims. It is a demonstration of an AI-built practice intelligence workflow using fictional patient data.

§2.3.10 — Accurate metadata

App metadata (name, description, screenshots, keywords) must accurately represent the app.

Met

How we comply: The App Store description describes the actual shipped functionality: 4-tab patient app (Home, Appointments, Records, Settings), Apple / Google / email sign-in, patient picker, and push notifications. Screenshots are captured from real app screens on the 1.0.1 (4) TestFlight build.

§5.1.1(iv) — Consent for data collection from minors

Apps that collect data from children under 13 must comply with COPPA.

Met

How we comply: The Terms of Service require users to be at least 17 years of age and prohibit use by anyone under that age. The App Store Age Rating is set to 17+. No age-gated features or child-directed content exist in the app.

Account deletion data flow

When a user taps Delete Account in Settings, the app performs the following steps, in order. If any step fails, the flow aborts and the user is shown an error — no partial deletion state is left behind.

The app shows a native iOS alert asking the user to confirm. The confirmation message explicitly states that this will remove their account and cannot be undone.
On confirm, the app calls DELETE /api/patient-portal/me with the user's Clerk JWT in the Authorization header.
The backend verifies the JWT against Clerk's public JWKS, extracts the sub claim (Clerk user ID), and looks up the linked patient record in the patients table.
If a patient is linked, the backend deletes every row in the push_tokens table where patient_id matches, and sets the patient's clerk_user_id to NULL. The patient record itself is retained (it is a demo profile shared across users).
The entire backend operation runs in a single transaction and commits before returning 200 OK.
The app then calls Clerk's client SDK user.delete() to permanently remove the user from Clerk. This also deletes the user's Apple / Google OAuth linkage, email address, and any active sessions.
The app signs the user out and navigates to the Sign In screen.

Users may also request deletion by emailing info@gigabox.ai. Email requests are honored within 30 days.

Backend endpoints used by the mobile app

Method	Path	Description
DELETE	/api/patient-portal/me	Unlinks the currently authenticated Clerk user from their patient record and removes all push tokens associated with that patient. Called by the in-app Delete Account flow before the client-side Clerk user.delete() call.
POST	/api/patient-portal/link	Links an authenticated Clerk user to a selected demo patient profile. Called by the patient picker on first sign-in and by Switch Patient in Settings.
DELETE	/api/patient-portal/push-tokens/{token}	Removes a single Expo push token. Called when push permissions are revoked on-device.

Data collected (App Privacy nutrition label)

Category	Items	Linked to user	Used for tracking	Purpose
Contact Info	Email Address, Name (from Apple/Google OAuth)	Yes	No	Account Management, App Functionality
Identifiers	User ID (Clerk), Device Token (Expo push)	Yes	No	App Functionality
Health & Fitness	Medical history, appointments, orders, prescriptions (fictional demo data)	Yes	No	App Functionality
Sensitive Info	Health conditions associated with the selected demo patient profile	Yes	No	App Functionality

Gigabox EHR does not collect: Location, Browsing History, Search History, Purchases, Financial Info, Contacts, Photos or Videos, Audio Data, Gameplay Content, Customer Support Data (beyond what you email us), Crash Data, Performance Data, Other Diagnostic Data, Advertising Data, Other Usage Data.

Third-party processors

Clerk: User authentication, session management, and account data. Handles Apple, Google, and email sign-in. Subprocessor agreement at clerk.com/legal/dpa.
Google Cloud Platform (US region): All infrastructure — Cloud SQL (PostgreSQL), GKE (compute), Artifact Registry (container images). Data is stored in us-central1.
OpenRouter (routing to DeepSeek): LLM inference for AI-generated visit summaries, care plans, and practice intelligence. Requests are stateless; no personally identifiable information is stored by OpenRouter or DeepSeek.
Expo (Expo Application Services): iOS build pipeline (EAS Build) and push notification delivery (EAS Push, which routes to Apple's APNs). Push tokens are stored in our database and removed on account deletion.
Resend: Transactional email delivery for appointment reminders and outreach messages (web companion only; the mobile app does not send email).
Apple Push Notification service: Delivery of iOS push notifications. Apple receives only the push token and the notification payload; we do not send identifiable content in push payloads.

Questions from reviewers

If anything on this page is unclear, or if you need to verify a claim, please contact us directly at info@gigabox.ai. We respond to review inquiries within one business day.

See also: EHR home · Privacy Policy · Terms of Service · Support