๐ŸŒฟ Family Healthcare

Privacy Policy

Last updated: June 2026  ยท  Effective: June 2026

Health data notice. Family Healthcare stores sensitive personal health information on your behalf. We treat this data with the highest level of care and never sell, share, or use it for advertising purposes.

1. Who we are

Family Healthcare is a product of thestackmint, a solo software studio based in India. Contact: [email protected].

2. What data we collect

Account data

  • Phone number (OTP authentication)
  • Email address (optional, for Google Sign-In)
  • Display name and profile photo (optional)
  • Language and timezone preferences

Health data (entered by you)

  • Medications, dosage schedules, and dose logs
  • Medical appointments and linked doctor/hospital details
  • Vital measurements (blood pressure, blood sugar, weight, oxygen saturation, etc.)
  • Health record files you upload (prescriptions, lab reports, discharge summaries)
  • Family member profiles and caretaker assignment relationships

Technical data

  • Anonymised crash reports via Sentry (no health data)
  • Subscription plan status and change history
  • Security audit logs โ€” retained 90 days

We do not collect advertising identifiers, location data, contact lists, microphone audio, or browsing history.

3. How we use your data

  • Core app functionality (medications, appointments, vitals, records)
  • Medication and appointment reminders you have enabled
  • Subscription plan enforcement and self-serve plan changes
  • Bug detection and security monitoring
  • Legal compliance

We do not use your data for advertising, profiling, or sale to third parties.

4. Data storage & security

  • Stored in Supabase (PostgreSQL + Object Storage), AES-256 at rest, TLS 1.2+ in transit
  • Row Level Security (RLS) โ€” users access only their own family's data
  • Private storage buckets โ€” only the uploading family can access files
  • Certificate pinning, Android FLAG_SECURE, 10-minute session timeout, biometric lock

5. Third-party processors

  • Supabase โ€” database, auth, file storage
  • Sentry โ€” anonymised crash reporting (no health data)
  • Google Sign-In โ€” optional OAuth (no health data shared)

6. Your rights (GDPR โ€” EU/EEA)

  • Access, erasure, portability, restriction, rectification, objection, and consent withdrawal

Email [email protected] โ€” we respond within 30 days.

7. FTC Health Breach Notification (US)

In the event of a breach affecting US residents, we notify each individual and the FTC within 60 days.

8. India DPDPA 2023

We comply with India's Digital Personal Data Protection Act 2023 โ€” collecting only necessary data and enabling account deletion at any time.

9. Data retention

  • Active accounts: retained while active
  • Deleted accounts: all data permanently deleted within 30 days
  • Security logs: 90 days; crash reports: 12 months

10. Children's privacy

Accounts must be created by adults (18+). Contact us immediately if you believe a child under 13 provided data without consent.

11. Changes

Material changes notified via in-app notice at least 7 days before taking effect.

12. Contact

[email protected]