Overview
AccredReady ("we", "our", "the app") is an independent educational tool built to help hospitals prepare for NABH 6th Edition accreditation. We are not affiliated with NABH or QCI. This policy explains what personal and operational data we collect, how we use it, and your rights regarding that data.
We do not sell, rent, or share your data with advertisers or third-party marketing platforms. Your hospital's compliance data is yours alone.
Data We Collect
Your email address and password (stored as a secure hash) when you create an account.
Hospital name and any display name you choose to set. No address, registration numbers, or patient-identifiable information is required by the app.
OE scores, CAPA records, KPI entries, audit records, mock drill records, committee meeting logs, statutory license details, checklist progress, and calendar plans that you enter into the app.
Theme preference (light/dark) and programme selection, stored to restore your session state across devices.
We do not use Google Analytics, Facebook Pixel, or any behavioural tracking SDK. We do not collect IP addresses, device fingerprints, or browsing history.
How We Use Your Data
- To provide and operate the AccredReady compliance tracking features you access.
- To restore your session and preferences when you return to the app.
- To calculate readiness scores, gap analysis, and compliance reports within the app.
- To allow you to export PDF reports of your own hospital's data.
We do not use your data to train AI models, create advertising profiles, or for any purpose beyond operating the app for your benefit.
Data Storage — Supabase
All data is stored in Supabase, a PostgreSQL-based backend-as-a-service platform hosted on AWS infrastructure. Supabase applies row-level security policies so that each user can only read and write their own hospital's data.
Supabase's data centres are located in Singapore (ap-southeast-1 region). By using AccredReady, you consent to your data being stored in this region.
For Supabase's own privacy and security practices, refer to supabase.com/privacy.
No Advertisements
AccredReady contains no third-party advertisements. We do not partner with ad networks. The Pricing screen describes our own subscription tiers — no external ad code is loaded.
Data Sharing
- We do not sell your data to any third party.
- We do not share your data with NABH, QCI, or any accreditation body.
- We do not share your data with other hospitals or users.
- We may disclose data if required by law or a valid court order, and only to the extent required.
Data Retention & Deletion
Your data is retained for as long as your account is active. When you delete your account — either through the in-app Profile → Danger Zone → Delete Account flow or by emailing us — all of the following are permanently removed:
- Your hospital profile and all associated assessments
- All OE scores and evidence links
- All CAPA records
- All KPI data entries
- All audit records and custom audit templates
- All mock drill records
- All committee meeting logs and calendar plans
- All checklist progress and statutory license records
- Your authentication account (email + password hash)
Deletion from Supabase's live database is immediate upon request. Any residual copies in Supabase's automated backup snapshots are purged within 30 days as those snapshots roll off.
To request manual deletion, email us at dr.mehul_ku@yahoo.com with the subject line "Account Deletion Request" and we will process it within 7 business days.
For step-by-step instructions on the in-app deletion flow, see our Account Deletion page.
Cookies & Local Storage
AccredReady uses browser localStorage solely to store your Supabase authentication session token so you remain signed in across page refreshes. No tracking cookies are set. No third-party cookies are loaded.
Security
All data in transit is encrypted via TLS 1.2 or higher. Passwords are never stored in plain text — Supabase Auth uses bcrypt hashing. Row-level security policies ensure no user can query another user's data.
If you discover a security vulnerability, please disclose it responsibly by emailing dr.mehul_ku@yahoo.com.
Children's Privacy
AccredReady is designed for use by healthcare professionals and hospital quality teams. It is not directed at, and we do not knowingly collect data from, individuals under the age of 18.
8. Account Deletion
You may delete your account and all associated data at any time using either of the following methods:
- In-app (instant): Sign in → open the ••• More menu → Profile → scroll to ⚠️ Danger Zone → click Delete Account and confirm. All data is deleted immediately.
- By email: Send a request to dr.mehul_ku@yahoo.com with the subject line Account Deletion Request. We process email requests within 7 business days.
Deletion from our live database is immediate for in-app requests. Residual copies in automated backup snapshots are fully purged within 30 days. No data is retained after that point.
For a full list of what gets deleted and step-by-step instructions, see the Account Deletion page.
Changes to This Policy
We may update this policy periodically. The effective date at the top of this page will reflect the date of the latest revision. Continued use of AccredReady after an update constitutes acceptance of the revised policy. For significant changes, we will notify active users by email.