Legal

Privacy Policy

Effective date: April 22, 2026 · Last updated: April 22, 2026 · Version: 1.0

Table of Contents

Who We Are
Information We Collect
How We Use Your Information
Data Sharing & Third Parties
Data Retention
Your Rights (GDPR / CCPA)
Children's Privacy
Data Security
Advertising (AdMob)
Changes to This Policy
Contact Us

1Who We Are

MedPal ("we", "our", or "us") is a mobile application designed to help users track medications, set reminders, and coordinate care with family members and caregivers.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the MedPal mobile application (iOS and Android) and any related services.

      Plain English summary: We only collect what we need to make the app work. We never sell your health data. Ever.
    

2Information We Collect

2.1 Information you provide directly

Data	Purpose	Required?
Email address	Account creation and login	Required
First name	Personalized greetings	Optional
Medication names & doses	Core app functionality — reminders	Required
Dose schedules & times	Scheduling push notifications	Required
Dose logs (taken/missed/skipped)	Adherence history & reports	Required
Dependent/family member names & DOB	Family caregiver mode	Optional
Refill quantities	Refill reminder alerts	Optional

2.2 Information collected automatically

Device type and operating system version (for compatibility)
App version and crash reports (for bug fixing)
Anonymous usage analytics (screens visited, features used — no health data)
Advertising identifier (IDFA/GAID) for AdMob ads — see Section 9

2.3 Information we do NOT collect

We do not collect your location
We do not access your camera, microphone, or contacts
We do not collect payment information (no in-app purchases)
We do not collect biometric data

3How We Use Your Information

We use the information we collect exclusively to:

Deliver medication reminders and push notifications at your scheduled times
Save and sync your medication schedule across your devices
Generate your personal adherence history and reports
Enable caregiver alerts when a dose is missed
Improve app performance and fix bugs
Display relevant advertisements through Google AdMob

      We never use your health data for advertising targeting. Ad personalization is based solely on your device's advertising identifier, not your medications.
    

4Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following trusted service providers:

Service	Purpose	Data shared
Supabase	Database & authentication hosting	Account data, medication data (encrypted)
Google AdMob	In-app advertising	Advertising identifier only
Expo / EAS	App delivery & push notifications	Push token (anonymous)
Google Firebase Crashlytics	Crash reporting	Anonymous crash logs only

Each of these providers has their own privacy policy and is contractually bound to protect your data in accordance with applicable privacy law.

We may disclose your information if required by law, court order, or to protect the rights and safety of our users.

5Data Retention

We retain your data for as long as your account is active. Specifically:

Medication and dose data: Kept until you delete the medication or close your account
Dose logs: Kept for 2 years from the date of the log, then automatically deleted
Account data: Deleted within 30 days of account deletion request
Crash logs: Retained for 90 days, then automatically purged

You can delete your account and all associated data at any time from the Profile screen → Delete Account.

6Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For users in the European Union / UK (GDPR)

Right of access — request a copy of all data we hold about you
Right to rectification — correct inaccurate personal data
Right to erasure — request deletion of all your data ("right to be forgotten")
Right to data portability — export your data in a machine-readable format
Right to object — object to processing of your data for certain purposes
Right to withdraw consent — at any time, without affecting prior processing

For California residents (CCPA)

You have the right to know what personal information we collect and how it is used
You have the right to request deletion of your personal information
You have the right to opt out of the sale of personal information — we do not sell personal information
You have the right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at the email address in Section 11. We will respond within 30 days.

7Children's Privacy

MedPal is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 years of age.

The "Family" feature in MedPal allows adults to manage medication schedules for dependents of any age. In this case, the adult account holder is responsible for the information entered for the dependent, and consents on behalf of the dependent.

If you believe we have inadvertently collected information from a child under 13 without parental consent, please contact us immediately at the address in Section 11 and we will delete it promptly.

8Data Security

We take the security of your health data seriously. We implement the following protections:

All data is encrypted in transit using TLS 1.3
All data is encrypted at rest in our Supabase database (AES-256)
Authentication is handled by Supabase Auth with secure session tokens
Passwords are never stored in plain text — they are hashed using bcrypt
Row-Level Security (RLS) ensures users can only access their own data
We conduct regular security reviews of our infrastructure

While we implement strong security measures, no method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

9Advertising (Google AdMob)

MedPal is free to use and supported by advertising. We use Google AdMob to display ads within the app.

AdMob may collect and use your device's advertising identifier (IDFA on iOS, GAID on Android) to show you personalized or non-personalized ads.

We do not pass any health data (medication names, dose logs, or schedules) to AdMob
On first launch, you will be shown a consent dialog (ATT on iOS, GDPR consent on Android) to choose your ad preference
You can opt out of personalized ads at any time in your device settings:
- iOS: Settings → Privacy → Tracking → disable for MedPal
- Android: Settings → Google → Ads → Opt out of Ads Personalization

For more information on how Google uses data from apps, visit: policies.google.com/technologies/partner-sites

10Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last updated" date at the top of this page
Send you a push notification informing you of the change
Require your acknowledgment of the new policy on next app launch (for material changes)

Your continued use of MedPal after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the changes, you may delete your account at any time.

11Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:

App name	MedPal - Pill & Med Reminder
Developer	UNIREFS
Email	dvd.project.yellow@gmail.com
Country	Morocco
Response time	Within 30 days

Questions about your data?

We're committed to transparency. If something in this policy is unclear, reach out — we reply to every message.