Privacy Policy

1. Who We Are

Medly ("we," "us," or "our") is a medication reminder application available on iOS and Android. We are committed to protecting your privacy and handling your personal and health information with care.

For questions about this Privacy Policy, contact us at: privacy@medly.app

2. Information We Collect

2.1 Information You Provide

• •Account information: Email address and password (passwords are never stored in plain text).
• •Medication data: Medication names, dosages, schedules, instructions, and start/end dates that you enter into the app. This data is stored securely in the cloud and protected by access rules tied to your account.
• •Dose logs: Records of when doses were taken, skipped, or missed — as recorded by you or a caregiver.
• •Group membership: If you create or join a family/caregiver group, we store group membership and role information to enable caregiver features.

2.2 Device Permissions

• •Camera: Used solely to scan QR codes when joining a caregiver group via invite. No photos or video are captured, stored, or transmitted.
• •Notifications: Used to deliver medication reminders at your scheduled times. You can disable notifications at any time from your device settings.
• •Biometrics (Face ID / fingerprint): Used locally on-device only to lock the app. Biometric data never leaves your device and is never transmitted to our servers.

2.3 Information Collected Automatically

• •Device tokens: Push notification tokens are collected to deliver reminders to your device. These are stored to support multi-device users.
• •Crash reports: If the app crashes, anonymous crash data may be collected to help us fix bugs. This does not include medication names or health data.
• •IANA timezone: Your local timezone name is stored to ensure reminders fire at the correct local time across time zones and during daylight saving changes.

3. How We Use Your Information

We use your information exclusively to provide the Medly service:

• •Sending push notifications at your scheduled medication times
• •Sending missed-dose follow-up alerts if a dose is not confirmed within a grace period
• •Displaying your today's schedule and adherence history within the app
• •Enabling caregiver features: allowing designated caregivers to view your schedule, mark doses, and receive missed-dose alerts
• •Syncing your data across your own devices
• •Diagnosing app crashes and technical issues

We do not use your information for advertising, behavioral profiling, data brokering, or any purpose unrelated to delivering the Medly service.

4. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

4.1 Service Providers

We use trusted third-party cloud infrastructure to operate the service. These providers receive your data solely to deliver the Medly service on our behalf, under their own terms and privacy commitments.

4.2 Caregivers You Authorize

If you add a caregiver to your group, that person will have access to your medication schedule, dose logs, and adherence history as specified by the role you assign. You can remove a caregiver at any time from within the app.

4.3 Legal Requirements

We may disclose data if required by law, court order, or to protect the safety of our users, subject to applicable legal processes.

5. Data Retention

We retain your data as long as your account is active. If you delete your account through the app, all of your personal data — including medication records and dose logs — will be permanently deleted from our systems within 30 days.

Backups may retain data for up to 90 days after deletion as part of our disaster recovery procedures, after which it is purged.

6. Security

We take security seriously for an app that handles health data:

• •All data is transmitted over HTTPS/TLS
• •Database security rules enforce that users can only access their own data (or data of group members they are authorized for)
• •Passwords are never stored in plain text — credential management is handled by a dedicated authentication service
• •Security rules are tested with automated rule tests before every deployment

7. Children's Privacy

Medly is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us at privacy@medly.app and we will delete it promptly.

Parents or guardians using Medly to manage medications on behalf of a minor child may do so under their own account, using the caregiver group feature.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• •Access: Request a copy of the personal data we hold about you
• •Correction: Correct inaccurate data — most data can be edited directly in the app
• •Deletion: Delete your account and all associated data
• •Portability: Request an export of your data in a machine-readable format
• •Objection: Object to processing (noting that most processing is necessary for the service to function)

To exercise any of these rights, contact us at privacy@medly.app. We will respond within 30 days.

9. California Residents (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. You have the right to know what personal information is collected, to request deletion, and to non-discrimination for exercising your rights.

To submit a California privacy rights request, email privacy@medly.app with "CCPA Request" in the subject line.

10. European Users (GDPR)

For users in the European Economic Area, our legal basis for processing your data is:

• •Contract: Processing necessary to provide the service you signed up for
• •Legitimate interests: Crash reporting and security monitoring
• •Consent: Push notification permissions (you may withdraw consent at any time through your device settings)

Data is stored on cloud infrastructure with Standard Contractual Clauses in place for data transfers outside the EEA.

11. Health Data — Special Notice

Medication information is considered health data and may be subject to heightened protections under applicable laws (including HIPAA in the US for covered entities). While Medly as an individual-use consumer app does not constitute a HIPAA-covered entity, we voluntarily apply HIPAA best practices:

• •Analytics tracking is disabled for health data — no health data flows to analytics systems
• •Medication names are never used as analytics event parameters
• •Access to your medication data by caregivers requires explicit user authorization
• •We do not share your medication data with insurers, employers, or pharmaceutical companies

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via:

• •An in-app notification on your next app open
• •An email to the address associated with your account

Continued use of Medly after the effective date of changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy questions, data requests, or concerns, reach us at: