Privacy Policy

1. Who we are

FamilyMedApp ("FamilyMedApp," "we," "us," or "our") is operated by FamilyMedApp LLC, a limited liability company organized in the State of Texas, United States. This Privacy Policy describes how we collect, use, and safeguard information when you visit familymedapp.com or use the FamilyMedApp web and progressive-web application (together, the "Service").

If you have questions about this policy or your data, contact us at help@familymedapp.com.

2. Information we collect

2.1 Information you provide directly

• Account information: email address, first and last name, time zone, and a password you create.
• Family health records you enter: names, relationships, dates of birth, medical conditions, medications, appointments, vital-sign readings (e.g., blood pressure, glucose, weight, heart rate, oxygen saturation, temperature), notes, and other medical information you choose to record.
• Support communications: the content of messages you send us.

2.2 Information collected automatically

• Session and device data: a session cookie to keep you signed in, an optional 30-day "trusted device" token if you enable it, and an optional PIN hash if you enable PIN quick-unlock on a device.
• Basic analytics: anonymous, aggregated visitor data (coarse geographic region derived from IP address, browser category, pages viewed). We do not use cross-site tracking, device fingerprinting, or advertising cookies.
• Security logs: timestamps, IP address, and event type for sign-in, sign-out, failed login, password change, and similar account-security events.

2.3 Information from third parties

• Payments: if you subscribe, our payment processor provides us with confirmation of your subscription status and limited billing metadata (e.g., subscription tier, renewal date, last four card digits). We never receive or store your full card number.

3. How we use your information

We use the information we collect to:

• Provide, maintain, and secure the Service, including authentication, two-factor verification, and fraud prevention.
• Store, encrypt, and display the health records you enter back to you.
• Process subscription payments and send related transactional messages (receipts, renewal reminders, payment-failure notices).
• Send important service messages (security alerts, policy changes, scheduled maintenance).
• Respond to your support requests.
• Monitor and improve the Service using aggregated, non-identifying usage data.
• Comply with legal obligations and enforce our Terms of Service.

We do not use your health information to train machine-learning models, to target advertising, or to generate behavioral profiles.

4. Legal bases (for EU/UK users)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal information under the following legal bases of the GDPR and UK GDPR:

• Contract — to provide the Service you signed up for.
• Consent — for processing health data ("special category" data under Article 9), which you provide by voluntarily entering it into your account and accepting this policy.
• Legitimate interests — to secure the Service, prevent fraud, and improve reliability.
• Legal obligation — to meet tax, accounting, and regulatory requirements.

You can withdraw consent at any time by deleting the relevant data or your account. Withdrawal does not affect processing that already occurred.

5. How we share information

We share personal information only in the limited circumstances below, and never sell it.

• Service providers. We use a small number of vetted vendors to run the Service, in the following categories:
  • Payment processor — we use Stripe, Inc. to handle subscription payments. Card details go directly to Stripe and never touch our servers. See stripe.com/privacy.
  • Email delivery provider — a commercial transactional-email service delivers account messages such as sign-up confirmations, two-factor codes, and receipts on our behalf.
  • Hosting provider — a commercial hosting provider runs the servers on which the Service operates. Data at rest is stored in encrypted form.
  A current list of our subprocessors is available on request at help@familymedapp.com.
• Legal and safety. We may disclose information if we reasonably believe it is required by law, legal process, or a valid government request, or to protect the rights, safety, or property of FamilyMedApp, our users, or others.
• Business transfers. If FamilyMedApp is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction. You will be notified before your information becomes subject to a different privacy policy.
• With your consent. We will share information for any other purpose only with your explicit consent.

6. How we protect your information

• All medical records, names, and sensitive identifiers are encrypted at rest using authenticated encryption.
• All connections to the Service are protected by HTTPS/TLS in transit.
• Passwords are stored as one-way hashes using a modern, salted, adaptive hashing algorithm — never in plain text.
• Two-factor authentication by email is required for every login.
• Optional PIN quick-unlock and trusted-device features are limited to devices you explicitly approve and can revoke from your Profile at any time.
• Access to production systems is restricted and logged.

No online service can guarantee absolute security. If we ever discover a personal-data breach affecting you, we will notify you without undue delay as required by applicable law.

7. Data retention

• Active accounts: we retain your data for as long as your account is active.
• Closed accounts: after you delete your account, we permanently delete your medical data and personal identifiers within 30 days, except for information we are legally required to retain (for example, billing records for tax purposes, typically retained for 7 years).
• Backups: encrypted backups are rotated on a rolling schedule and overwritten within 90 days.
• Security logs: retained for up to 12 months for fraud prevention and incident response.

8. Your rights and choices

You have the following rights regarding your personal information. Some rights depend on where you live.

• Access and export. You can view and export your family health records at any time from within the app.
• Correct or update. You can edit any information you have entered directly in the app.
• Delete. You can delete individual records, family members, or your entire account from Settings.
• Restrict or object. You may ask us to restrict or stop certain processing.
• Withdraw consent. You can withdraw your consent for us to store health data at any time by deleting it.
• Lodge a complaint. EU/UK residents have the right to complain to their local data-protection authority.
• California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and to request deletion. We do not "sell" or "share" personal information as those terms are defined under California law.

To exercise any of these rights, email help@familymedapp.com. We will verify your identity before acting on requests and respond within the timelines required by applicable law.

9. International data transfers

FamilyMedApp is operated from the United States, and our servers and most of our vendors are located there. If you access the Service from outside the United States, you understand that your information will be transferred to, processed, and stored in the U.S. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers from the EU/UK.

10. Children

FamilyMedApp is designed for adults (18+) to manage their own and their family's health information, including that of minor children under the adult's legal care. We do not knowingly allow users under the age of 13 (or 16 in the EU/UK) to create their own accounts or provide us with personal information directly. If you believe a child has created an account, contact help@familymedapp.com and we will delete it.

11. Not a HIPAA-covered entity

FamilyMedApp is a consumer product that you use for your own personal or family health tracking. We are not a "covered entity" or a "business associate" under the U.S. Health Insurance Portability and Accountability Act (HIPAA). HIPAA does not apply to data you enter on your own behalf. We nevertheless apply strong security safeguards that draw on HIPAA's principles.

12. Cookies

We use a small number of strictly necessary cookies and first-party anonymous analytics. We do not use advertising cookies. See our Cookie Policy for full details.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by a prominent notice in the app before the changes take effect. The "Last updated" date at the top of this page shows when it was most recently revised.

14. Contact us

FamilyMedApp LLC
Email: help@familymedapp.com
Texas, United States

This policy is provided for transparency and to meet standard best-practice disclosure. It is not legal advice. A licensed attorney should review it for your jurisdiction before relying on it.