Privacy Policy - MedTracker

MedTracker is built on a single principle: your health data belongs to you. All health data is stored locally on your device and encrypted at rest using AES-256. We do not collect, transmit, or sell your personal health information — ever.

This Privacy Policy explains what information is associated with your use of MedTracker, how it is handled, and what rights you have over it. MedTracker is operated as a sole trader based in the United Kingdom and is subject to UK GDPR and the Data Protection Act 2018.

Definitions

Application — the MedTracker Android app.
Company / We / Us — MedTracker, operated as a sole trader in the United Kingdom.
Device — the Android phone or tablet on which you install the Application.
Health Data — medications, dosing schedules, appointments, symptoms, health measurements, and medical contacts you enter into the Application.
Purchase Data — information processed when you buy the Application (handled by Stripe or Google Play — see below).
You — the individual installing and using MedTracker.

Data Stored on Your Device

Health Data

All Health Data you enter — medications, appointments, symptoms, measurements, contacts — is stored exclusively in an encrypted SQLite database on your device. This data never leaves your device and is never transmitted to us or any third party. It is encrypted at rest using AES-256-CBC and is inaccessible without your master password.

We have no ability to access, read, or recover this data. If you lose your master password, your data cannot be recovered by us.

Optional display name

You may optionally enter a display name within the app (shown on the home screen). This is stored locally on your device only and is never transmitted anywhere.

Data We Do NOT Collect

MedTracker contains no analytics SDKs, no crash reporting services, no advertising networks, and no telemetry of any kind. We do not collect or process:

Device identifiers, advertising IDs, or serial numbers
IP addresses or network information
Usage events, screen views, or feature usage statistics
Crash reports or diagnostic data
Location data
Your device contacts or address book

Purchase Transactions

Direct purchase (our website)

If you purchase MedTracker through our website, the transaction is processed by Stripe, Inc. Stripe collects your payment details (card number, billing address) in accordance with Stripe's Privacy Policy. We receive only a confirmation that payment was successful and your email address, which is used solely to deliver your download link. Your email address is not stored beyond the delivery of that link and is not used for marketing.

Google Play purchase

If you purchase MedTracker through Google Play, the transaction is handled entirely by Google in accordance with Google's Privacy Policy. We receive no payment details and no personal information from Google Play purchases.

Website

Our website (medtrackerapp.co.uk) is hosted on a standard VPS. Standard server access logs (IP address, request path, timestamp) may be retained for up to 30 days for security and uptime monitoring purposes. These logs are not used for analytics, profiling, or marketing, and are not shared with any third party.

Permissions the App Requests

MedTracker requests only the Android permissions it genuinely needs. No permission grants us access to your data — all permissions are used locally on your device only:

POST_NOTIFICATIONS — to deliver local medication and appointment reminders.
USE_BIOMETRIC — optional; used only if you enable biometric unlock in Settings.
SCHEDULE_EXACT_ALARM — to fire reminders at the precise time you set (required explicitly on Android 12+).
CALL_PHONE — optional; used only when you tap the call button on a saved medical contact.
SEND_SMS — optional; used only when you tap the SMS button on a saved medical contact.
READ/WRITE_EXTERNAL_STORAGE — used only when you manually export or import a backup file.

Your Rights (UK GDPR)

Under UK GDPR, you have the following rights in relation to any personal data we hold about you:

Right of access — you may request a copy of any personal data we hold about you.
Right to erasure — you may request deletion of your personal data. For Health Data, this is done by deleting records within the app or uninstalling it. For any purchase-related data (email address used for download delivery), contact us and we will delete it.
Right to rectification — if any data we hold about you is inaccurate, you may ask us to correct it.
Right to object — you may object to any processing of your personal data.
Right to complain — you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data Retention

Health Data stored within the app is retained on your device until you delete individual records or uninstall the app. We hold no copies of this data. Any email address used to deliver a download link is deleted within 7 days of the purchase transaction completing. Standard website server logs are retained for up to 30 days then deleted automatically.

Children

MedTracker is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided personal data to us, please contact us and we will delete it promptly.

Changes to this Policy

If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of the Application after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

Contact Us

For any privacy-related questions, data deletion requests, or to exercise your rights under UK GDPR, contact us at: support@medtrackerapp.co.uk

We aim to respond to all data-related requests within 30 days as required by UK GDPR.