Privacy Policy — MedMinder: Medication Tracker (iOS & Android)

The short version: MedMinder keeps your health data on your device. We do not collect, store, or share your personal health information on any server we control. Optional iCloud (iOS) or Google Drive (Android) backup is available to Premium subscribers and is fully under your control.

1. Information We Collect

Data Stored Locally on Your Device

MedMinder stores all of the following data exclusively on your device — in an encrypted SwiftData store on iOS and an encrypted Room (SQLite) database on Android. This data never leaves your device unless you explicitly enable an optional cloud backup feature (see Section 3). It is not accessible to us:

Medication names, colors, urgency level, and an optional RxNorm identifier (RxCUI)
Dose schedules (frequency, times of day, pills per dose, meal relation, start/end dates)
Dose logs (taken, skipped, or missed — including scheduled time and the time you logged the dose)
Refill quantities, fill dates, and computed pills-remaining estimates
Profile information for family/caregiver mode (a name and emoji you choose — Premium allows up to 5 profiles; free tier allows fewer)
App preferences, settings, and onboarding state
Cached adherence statistics computed from your dose logs

None of this data includes your real name, email, phone number, address, or any account credentials, because MedMinder does not require an account to use.

Drug Name Search and Interaction Check (RxNorm)

MedMinder uses the National Library of Medicine's RxNorm API, a free public service operated by the U.S. government, for two purposes:

Drug name search: When you type in the search field, MedMinder sends your search text to the RxNorm spelling-suggestion and identifier endpoints to return a verified drug name and its RxCUI. Only the text you type is transmitted — no personal information, device identifiers, or dose history is included.
Drug interaction check: When you are about to save a new medication that has a verified RxCUI, MedMinder sends the RxCUI values of your currently active medications (numeric identifiers only — not their names, your identity, or any other personal data) to the NLM's interaction-list endpoint. The API returns known drug-interaction information that is displayed to you on-device before you confirm the save. No personal data is transmitted in this request.

All requests to the NLM are made over HTTPS. Please review the NLM's privacy policy for details on how the U.S. government handles these queries.

In-App Purchases (Premium)

Premium purchases (lifetime or annual subscription) are handled entirely by Apple's App Store on iOS and Google Play Billing on Android. We do not collect, process, or store any payment information. The app receives only a verified entitlement token from Apple or Google indicating whether you have an active purchase. See Apple's Privacy Policy or Google's Privacy Policy for details on how each platform handles your purchase information.

Notifications and Alarms

MedMinder may request permission to send you local notifications and schedule local alarms for medication reminders. These are generated entirely on your device. No notification or alarm content is transmitted to us, to Apple, to Google, or to any third party.

On iOS, this uses the system Notifications framework and (on iOS 26 and later) AlarmKit so dose-time alarms can sound even when your phone is on Silent or Focus mode. For medications you mark as high-urgency, MedMinder also schedules a series of escalating reminder notifications — delivered every 5 minutes for up to 60 minutes after the scheduled dose time — until you log the dose as taken or skipped. These re-fire notifications are cancelled on-device the moment a dose log is recorded; no data about the reminder chain leaves your device. On Android, MedMinder uses local notifications with an exact-alarm permission so reminders fire at the precise scheduled time, and may use the Notification Policy permission to allow critical, high-urgency reminders to bypass Do Not Disturb if you grant that permission.

2. Information We Do Not Collect

MedMinder does not collect any of the following:

Your name, email address, or any account information (no account required)
Location data (no location permissions are requested or used)
Device identifiers, advertising identifiers (IDFA on iOS or AAID on Android), or any tracking IDs
Crash reports, telemetry, or analytics sent to our servers or to any third-party analytics provider
Health data through platform health frameworks (Apple HealthKit or Android Health Connect — these frameworks are not used by MedMinder)
Data from your contacts, camera, photos, microphone, or calendar

MedMinder does not include Firebase Analytics, Crashlytics, Firebase Cloud Messaging, Google Analytics, AdMob, Mixpanel, or any comparable third-party analytics, advertising, or crash-reporting SDK. The Apple App Store privacy manifest (PrivacyInfo.xcprivacy) declares NSPrivacyTracking = false and an empty list of tracking domains.

3. Optional Cloud Backup & Sync (Premium)

If you subscribe to Premium, MedMinder offers an optional, opt-in cloud backup feature. This feature is platform-specific and is disabled by default. You can turn it on or off at any time in the app's Settings.

iOS — iCloud Sync

On iOS, Premium users may enable iCloud sync. When enabled, your medication data, schedules, dose logs, refill records, and profiles are synchronized through Apple's CloudKit service to your private iCloud account. The data is stored in a private database that only you can access — Apple does not give us access to it. You may disable iCloud sync at any time in MedMinder's Settings or revoke iCloud access entirely in your iOS device settings. See Apple's Privacy Policy.

Android — Google Drive Backup

On Android, Premium users may enable Google Drive backup. When enabled, MedMinder writes a single backup file (a JSON export of your data) to the app-private "App Data" folder of your Google Drive using the most restrictive Drive scope (drive.appdata). This folder is private to MedMinder — it is not visible to other apps, and it does not appear in your normal Google Drive view. You may delete the backup file or revoke MedMinder's Drive access at any time from your Google Account settings. See Google's Privacy Policy.

Separately, the Android Room database used by MedMinder is explicitly excluded from Android's automatic system-level Auto Backup and from Google account cloud backup, so your medication data is never uploaded to the cloud unless you opt in to the Premium Drive backup feature described above. The database is included in device-to-device transfer (so switching phones works), but is excluded from off-device cloud backup.

4. How Your Data Is Used

All data you enter in MedMinder is used solely to provide the app's features — displaying your schedule, sending reminders, logging doses, calculating adherence, tracking refills, checking for drug interactions, and (if you enable it) syncing across your own devices. Because this data is stored locally on your device (and, if you opt in, in your own iCloud or Google Drive), we have no access to it and cannot use it for any other purpose.

5. Data Sharing and Third Parties

We do not sell, trade, rent, or share your personal information with any third parties. The only external services MedMinder communicates with are:

NLM RxNorm API — for drug name lookups (search text only) and drug interaction checks (RxCUI numeric identifiers only; no personal data).
Apple App Store / StoreKit (iOS only) — for processing in-app purchases.
Google Play Billing (Android only) — for processing in-app purchases.
Apple iCloud / CloudKit (iOS only, optional, Premium opt-in) — for syncing your data to your own iCloud account.
Google Drive (Android only, optional, Premium opt-in) — for backing up your data to your own Drive App Data folder.

No personal health data is transmitted to MedMinder, and the iCloud and Google Drive integrations only ever write to your own personal account, never to ours.

6. Data on Companion Devices

If you install the optional Apple Watch app (iOS) or Wear OS app (Android), your phone shares your daily dose list with the watch so it can show upcoming doses and let you log them. On iOS this uses Apple's WatchConnectivity framework; on Android it uses the Wearable Data Layer. In both cases, the watch communicates only with your paired phone — the data does not pass through any MedMinder server.

Home Screen widgets (iOS) and Glance widgets (Android) read directly from the same on-device database used by the main app, via the platform's normal sandboxed mechanisms (an iOS App Group container or, on Android, the app's own process). They do not transmit data.

7. Data Security

MedMinder relies on each platform's built-in encryption to protect your data on-device.

iOS: The SwiftData store is protected with NSFileProtectionComplete, which encrypts the file using a key derived from your device passcode or biometrics. Your medication data is only readable while your device is unlocked.
Android: Your data is protected by Android's full-disk or file-based encryption (mandatory on modern Android devices) and is sandboxed so that only MedMinder can read it. The DataStore preferences are also encrypted at the OS level. All network traffic is forced to HTTPS by the app's network security configuration; cleartext HTTP is disabled.

We strongly recommend using a strong passcode or biometric authentication (Face ID, Touch ID, fingerprint, or a PIN) to further protect your data.

8. Data Retention, Deletion, and Export

Because all data is stored locally on your device, you are in full control at all times:

You can delete individual medications, schedules, dose logs, or profiles within the app.
You can export your data at any time. iOS supports JSON, CSV, and PDF export from the Settings screen; Android supports JSON export and import.
You can remove all app data by uninstalling MedMinder. Uninstalling permanently removes the on-device database.
If you enabled iCloud sync (iOS) or Google Drive backup (Android), you can disable it inside MedMinder, and you can delete the cloud copy by removing the data from iCloud (Settings → Apple ID → iCloud → Manage Storage) or by removing the backup file from your Google Drive App Data folder.

9. Permissions

MedMinder requests only the permissions it needs to deliver medication reminders. Specifically:

Notifications — to deliver dose reminders (both platforms).
Alarms — on iOS 26 and later, AlarmKit is used so dose alarms sound through Silent and Focus modes. For high-urgency medications, MedMinder also schedules escalating re-fire notifications (every 5 minutes, up to 60 minutes) that are cancelled automatically once you log the dose. On Android, an exact-alarm permission is requested so reminders fire at the precise time.
Notification Policy / Do Not Disturb bypass (Android, optional) — only used to let you mark high-urgency medications as critical so their reminders can sound during DND.
Boot Completed (Android) — to reschedule your alarms after the device restarts.
Internet / Network State (Android) — for RxNorm drug-name lookup, drug interaction checks, and (if enabled) Google Drive backup.
Vibrate / Wake Lock (Android) — for dose reminders and Wear OS companion features.
iCloud / CloudKit entitlements (iOS) — only used if you enable iCloud sync.

MedMinder does not request access to your camera, microphone, photos, contacts, calendar, location, or any health framework on either platform.

10. Children's Privacy

MedMinder is not directed to children under the age of 13. We do not knowingly collect any personal information from children under 13. If you believe a child under 13 has provided personal information, please contact us using the details below. The app may be used by an adult to manage medications for a child as part of family-profile mode, but only the supervising adult interacts with the app.

11. Your Rights

Because MedMinder does not collect or store personal data on our servers, most traditional data-rights requests are satisfied by your control over your own device: you can view, export, and delete all of your data directly in the app. If you are located in the European Economic Area, the United Kingdom, California, or another jurisdiction with applicable privacy laws (such as the GDPR, UK GDPR, or CCPA/CPRA), you may have additional rights — including the right to access, correct, delete, or port your data, and the right to lodge a complaint with a supervisory authority. Please contact us at the email below to exercise any such rights.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will provide notice through the App Store or Google Play update notes and inside the app.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Developer: Michael Hrdlicka
Email: support@hrdlickaapps.com
GitHub: github.com/hrdlickaapps/MedMinder-Medication-Tracker