Privacy
Policy
Plain language summary: Medly collects only what's needed to make reminders work. We never sell your health data. Medication names are never used as analytics events. You can delete your account and all data at any time.
1. Who We Are
Medly ("we," "us," or "our") is a medication reminder application available on iOS and Android. We are committed to protecting your privacy and handling your health information with care.
Questions about this policy? Contact us at privacy@medly.app
2. Information We Collect
2.1 Information You Provide
| Data | Details |
|---|---|
| Account | Email address and password (never stored in plain text) |
| Medication data | Names, dosages, schedules, instructions, and start/end dates — stored securely, access-restricted to your account |
| Dose logs | Records of doses taken, skipped, or missed — as recorded by you or an authorized caregiver |
| Group membership | Family/caregiver group membership and role information to enable caregiver features |
2.2 Device Permissions
| Permission | Purpose |
|---|---|
| Camera | QR code scanning only when joining a caregiver group. No photos stored or transmitted. |
| Notifications | Medication reminders at your scheduled times. Disable anytime in device settings. |
| Biometrics | Local on-device app lock (Face ID / fingerprint). Biometric data never leaves your device. |
2.3 Collected Automatically
- Device tokens: Push notification tokens to deliver reminders across devices
- Crash reports: Anonymous crash data to fix bugs — no medication names or health data included
- IANA timezone: Your timezone to ensure reminders fire at the correct local time
Analytics: Health data tracking is disabled. Medication names, dosages, and health-related data are never transmitted as analytics event parameters.
3. How We Use Your Information
We use your information exclusively to provide the Medly service:
- Sending push notifications at scheduled medication times
- Sending missed-dose follow-up alerts
- Displaying your schedule and adherence history in the app
- Enabling caregiver features with explicit authorization
- Syncing data across your own devices
- Diagnosing app crashes and technical issues
We do not use your information for advertising, behavioral profiling, data brokering, or any purpose unrelated to the Medly service.
4. Data Sharing
We do not sell your personal data. We share data only in these limited circumstances:
Service Providers
Trusted third-party cloud infrastructure to operate the service. These providers receive your data solely to deliver Medly on our behalf, under their own privacy commitments.
Caregivers You Authorize
If you add a caregiver to your group, that person has access to your medication schedule, dose logs, and adherence history as specified by the role you assign. You can remove a caregiver at any time.
Legal Requirements
We may disclose data if required by law, court order, or to protect the safety of our users, subject to applicable legal processes.
5. Data Retention
| Data | Retention |
|---|---|
| Account & medication records | Until account deletion |
| Dose logs | Until account deletion |
| Crash reports | 90 days |
| Backups after deletion | Purged within 90 days |
Deleting your account through the app permanently removes all personal data within 30 days.
6. Security
- All data transmitted over HTTPS/TLS
- Database security rules enforce users can only access their own data
- Passwords are never stored in plain text — managed by a dedicated authentication service
- Security rules are tested with automated tests before every deployment
7. Children's Privacy
Medly is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, contact privacy@medly.app and we will delete it promptly.
Parents or guardians may use Medly to manage medications on behalf of a minor under their own account via the caregiver group feature.
8. Your Rights
| Right | How to exercise |
|---|---|
| Access | Request a copy of your personal data — email privacy@medly.app |
| Correction | Most data can be edited directly in the app |
| Deletion | Delete account & all data via app Settings → Delete Account |
| Portability | Request a machine-readable export — email privacy@medly.app |
| Objection | Contact us — note most processing is necessary for the service |
We respond to all rights requests within 30 days.
9. California Residents (CCPA)
We do not sell personal information. California residents have the right to know what is collected, to request deletion, and to non-discrimination for exercising these rights. To submit a CCPA request, email privacy@medly.app with "CCPA Request" in the subject line.
10. European Users (GDPR)
Our legal basis for processing your data:
- Contract: Processing necessary to provide the service you signed up for
- Legitimate interests: Crash reporting and security monitoring
- Consent: Push notification permissions (withdraw anytime via device settings)
Data is stored on cloud infrastructure with Standard Contractual Clauses in place for transfers outside the EEA.
11. Health Data — Special Notice
While Medly as a consumer app does not constitute a HIPAA-covered entity, we voluntarily apply HIPAA best practices:
- Analytics tracking is disabled for health data
- Medication names are never used as analytics event parameters
- Caregiver access requires explicit user authorization
- We do not share medication data with insurers, employers, or pharmaceutical companies
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via in-app notification and email before taking effect. Continued use of Medly after the effective date constitutes acceptance.
13. Contact Us
| Contact | Address |
|---|---|
| Privacy Team | privacy@medly.app |
| General Support | support@medly.app |
Effective as of March 11, 2026.