1. Introduction
This Privacy Policy describes how ChronicOS (the “App”) collects, uses, discloses, retains, and protects information when you download, access, or use the App and any optional cloud features. ChronicOS helps adults organize and track multiple chronic conditions, medications, symptoms, labs, appointments, and caregiver collaboration. The App is a personal health organization and education tool. It is not a medical device, healthcare provider, insurer, or emergency service.
Version 1.0.0 scope. At launch, core features include manual health journaling, voice symptom entry (with an offline demo path), on-device rule-based visit preparation, medication and lab tracking you enter yourself, rule-based alerts, visit prep exports, and optional cloud sign-in. Optional cloud AI through OpenAI (text generation and embeddings, via our backend) may consume Health AI Points when you invoke those features. On-device rule engines (visit prep, lab narratives, medication interaction explanations, correlation analysis, Health Coach, and similar) do not consume points. Patient Portal (Coming Soon) (automatic import from U.S. health systems such as Epic MyChart) is shown in the App and is not active in version 1.0.0. The App does not connect to third-party patient portals or import portal data until a future update announces that feature as available.
By using the App, you acknowledge this Privacy Policy. If you do not agree, do not use the App. Where required by law, we request your consent before optional processing (for example, anonymous analytics or personalization of coaching tips).
2. Who We Are (Data Controller)
ChronicOS is published and operated by an individual software developer, not a hospital, clinic, health plan, or covered entity under the U.S. Health Insurance Portability and Accountability Act (HIPAA). We act as the data controller for information processed through the App, except where a third party is an independent controller (for example, Apple for App Store billing, Google for Play billing if applicable, or your health system for portal data you may authorize in a future release).
Privacy contact:
hello@familymedvault.com
Subject line: ChronicOS Privacy Request
HIPAA notice: Unless we expressly enter into a Business Associate Agreement with you or your organization, the App is offered as a consumer personal health record tool. We are not acting as your doctor, health plan, or HIPAA-covered entity. You choose what to enter and with whom to share exports or caregiver access.
3. Summary (Plain Language)
- Your health data lives primarily on your device. You can export or delete it in Settings.
- We do not sell your personal information or health information.
- We do not use your data for third-party advertising or cross-app tracking for advertising purposes.
- Version 1.0.0 focuses on data you enter (symptoms, meds, labs, vitals, doctors) plus on-device rule engines for visit prep, lab narratives, med explanations, and correlation. Optional cloud OpenAI features consume Health AI Points only when that cloud processing runs.
- Patient Portal (Coming Soon). We do not pull records from Epic, Cerner, or athenahealth in version 1.0.0. You may optionally join a waitlist with your email.
- Optional cloud sign-in and sync store encrypted copies on our backend only when you enable them.
- Family profiles (multiple household members) are stored locally on your device unless you separately enable cloud sync.
- Remote caregiver access shares data only with people you invite, according to permissions you set, via our authenticated cloud API when both parties use signed-in accounts.
- Paid subscriptions and Health AI Points are processed by Apple (and Google Play on Android if offered). We do not receive your full payment card number.
- AI outputs are informational only and are not medical advice.
4. Patient Portal (Coming Soon)
The App includes a Patient Portal (Coming Soon) screen describing planned integrations with major U.S. electronic health record systems (for example, Epic MyChart, Cerner / Oracle Health, and athenahealth). In version 1.0.0:
- No OAuth or FHIR connection is activated. The App cannot log in to your patient portal or download portal records.
- No third-party portal credentials are collected, stored, or transmitted by us in this version.
- Waitlist (optional): If you tap “Notify Me” or “Join Waitlist,” you may enter an email address. That address is stored locally on your device in the waitlist list for that provider. If you choose to open your mail app, a pre-filled message may be sent to hello@familymedvault.com; we receive your email only if you send that message or contact us separately.
- Future releases: When Patient Portal Sync becomes available, we will update this Policy, request any additional consent required by law, and describe what data is imported and how tokens are secured before connection is enabled.
App Store disclosure: For version 1.0.0, Apple App Store privacy labels should not indicate collection of health data from third-party sources via patient portal sync, because that feature is not operational at launch.
5. Information We Collect
5.1 Information you provide directly
- Profile and display preferences; active chronic condition selections
- Health and wellness data you enter manually: symptoms (including pain, fatigue, mood, activity, diet notes), medications (prescription, OTC, supplements), side-effect diary, allergies, lab results, vital signs (e.g., blood pressure, glucose, weight, eGFR, A1c), doctor and visit records, appointment preparation notes, and unified timeline entries
- Household / family member names when you use multi-patient profiles on a shared device (local storage per patient profile)
- Caregiver collaboration data: invitee email, relationship label, permission level (full access, medication only, or appointment access), invite tokens, and observations a caregiver logs on your behalf
- Account information if you sign in for cloud sync: email address, authentication tokens (stored securely on device), and optional display name from your identity provider
- Consent choices at first launch: optional anonymous analytics, optional personalization of coaching tips, and region selection (United States or EEA/GDPR-oriented practices)
- Voice recordings you choose to submit for symptom transcription (processed only when you initiate voice entry and a network connection is available; a demo path uses sample text without uploading audio)
- Patient Portal Sync waitlist email (optional): stored on your device if you join the waitlist; received by us only if you email us
- Communications you send to support
5.2 Information collected automatically
- App preferences: language (English, Chinese, Spanish), theme, notification settings
- Device and app technical data needed to operate the App: operating system version, app version, general device type
- Push notification device tokens if you allow notifications (for medication reminders and visit-prep alerts)
- Anonymous usage analytics only if you opt in on the consent screen
- Crash or diagnostic logs as permitted by your device settings and platform policies
5.3 Information from third parties (only if you connect or purchase)
- Apple App Store / Google Play: subscription status, product identifiers, transaction/receipt identifiers for validation (we do not receive your full payment card number)
- Authentication providers (email/password, Google, or Apple Sign In if enabled): basic account identifiers per their policies
- Patient portal / FHIR: Not collected in version 1.0.0. In a future release, if you connect a patient portal, we may receive health records you authorize from your health system (for example, Epic MyChart). Their privacy policies will also apply.
- RxNorm / open drug databases (optional remote lookup during medication safety scan): drug identifiers you submit for interaction checking
- OpenAI (cloud text generation and embeddings, via our backend): the minimum text or audio needed to fulfill optional cloud AI requests that consume Health AI Points, or for live voice transcription when you initiate it
5.4 What we do not collect by design (version 1.0.0)
- Patient portal login credentials or FHIR OAuth tokens (portal sync not active)
- Health records imported automatically from hospitals or insurers (until Patient Portal Sync launches)
- Social Security numbers, insurance member IDs, or government IDs (not required for core use)
- Data for behavioral advertising or ad-network profiling
- Precise real-time location tracking for marketing
- Apple HealthKit or Google Health Connect data unless a future version explicitly requests permission and updates this Policy
- Contacts, photos, or camera roll except microphone access when you record voice symptoms
6. App Store Privacy Label Alignment (Version 1.0.0)
The following table supports Apple App Store privacy nutrition labels and Google Play Data safety disclosures for the current release.
| Category | Examples in ChronicOS 1.0.0 | Linked to you? | Used for tracking? |
|---|---|---|---|
| Health & fitness | Symptoms, meds, labs, vitals, conditions, coaching, alerts (data you enter) | Yes | No |
| User content | Symptom notes, visit prep, side-effect diary, voice transcripts | Yes | No |
| Identifiers | Account user ID, push token, invite tokens | Yes | No |
| Contact info | Email (account, caregiver invite, or waitlist if you email us) | Yes | No |
| Purchases | Subscription tier, AI point packs | Yes | No |
| Usage data | Opt-in analytics only | If opted in | No |
| Diagnostics | Crash logs (if enabled by OS/build) | May be linked | No |
| Audio | Voice symptom recordings you submit for live transcription | Yes | No |
Not collected at launch: Health data obtained from third-party patient portals (Epic MyChart, Cerner, athenahealth, or other FHIR sources) because Patient Portal Sync is not enabled in version 1.0.0.
Tracking: We do not track you across other companies’ apps or websites for advertising. We do not use the App Tracking Transparency framework for ad targeting because we do not engage in cross-app advertising tracking.
7. How We Use Information
We use information only for purposes compatible with operating the App:
- Provide core features: multi-condition dashboard, manual symptom diary, voice symptom entry, medication list and safety scanning, lab trends, visit preparation and AI-assisted summaries, between-visit coaching, rule-based alerts, exports, doctor records, and patient timeline
- Display Patient Portal (Coming Soon) information and process voluntary waitlist sign-ups stored on your device
- Support household switching among local patient profiles on your device
- Provide on-device rule-based features at no point cost, including visit preparation, lab trend narratives, medication interaction explanations, correlation analysis, Health Coach, medication safety scanning, and PDF export
- Operate optional cloud AI through OpenAI (text generation and embeddings via our backend) that consumes Health AI Points only when cloud processing completes successfully — for example: specialist/provider summaries (~5 points), full trend orchestration (~5 points), live voice symptom structuring (~1 point when LLM extraction is used), and OpenAI embedding-based longitudinal memory indexing (~5 points). On-device rule engines and local fallbacks do not consume points
- Process auto-renewable subscriptions and consumable Health AI Point packs through platform billing
- Enable caregiver invitations, acceptance, and scoped remote access according to permissions you configure
- Sync or back up data to our cloud database only when you sign in and initiate sync
- Deliver local push notifications (medication reminders, visit prep) if you grant permission
- Personalize coaching tips only if you opt in to personalization
- Maintain security, prevent abuse, debug issues, and comply with law
- Respond to support, privacy, security reports, and waitlist inquiries you send by email
We do not sell, rent, or share your information for third-party advertising.
8. Legal Bases (EEA, UK, and Similar Jurisdictions)
If you select an EEA/GDPR-oriented region on the consent screen, we process personal data on these bases:
- Consent — optional analytics, optional personalization, optional cloud features, optional voice/AI processing, and (when available in a future release) optional patient portal connection
- Contract — providing features you request, including paid subscriptions and point-based AI features
- Legitimate interests — securing the App, operating a voluntary waitlist you initiate, preventing fraud and abuse, and improving reliability (balanced against your rights)
- Legal obligation — where applicable law requires retention or disclosure
You may withdraw consent for optional processing in Settings or by emailing us. Withdrawal does not affect the lawfulness of processing before withdrawal.
10. Service Providers and Subprocessors
When you use optional cloud, AI, or voice features, we may use the following categories of providers. Each is engaged for specific functions and is contractually or terms-bound to protect data:
| Provider (category) | Purpose | Typical data |
|---|---|---|
| Supabase (database & authentication) | Account sign-in, encrypted health record storage, caregiver invite records | Account ID, email, encrypted health payloads |
| Vercel or equivalent (API hosting) | Backend API for sync, caregiver access, AI orchestration, receipt validation | Authenticated requests, encrypted payloads, API logs |
| OpenAI (cloud AI / speech) | Voice transcription, text summarization, and embeddings when you invoke optional cloud AI features | Audio or text you submit for that request |
| Apple / Google | App distribution, in-app purchases, push notification delivery | Store receipts, device tokens, account tokens |
| U.S. NIH RxNorm (public API) | Optional medication normalization and interaction lookup | Drug names or identifiers you submit for scanning |
Patient portal / FHIR providers (for example, Epic) are not subprocessors in version 1.0.0 because portal sync is not active. We may update this table when Patient Portal Sync launches.
11. Storage, Encryption, Location, and Retention
11.1 On-device storage
Most health records are stored locally on your phone or tablet. Patient-scoped data for household members is kept in separate local namespaces on the same device. Patient Portal Sync waitlist entries (if any) are stored locally until you delete App data or uninstall. You may export data as JSON and delete all data from Profile → Settings. Local deletion is permanent for that device’s copy.
11.2 Cloud storage and encryption
If you sign in and use cloud sync or remote caregiver features, health payloads are transmitted over HTTPS (TLS) and stored in our database using application-layer encryption (AES-256-GCM envelope encryption) for designated health fields. Authentication tokens and sensitive configuration use the device secure enclave / Keychain on iOS where supported.
Cloud servers may be located in the United States or other regions where our infrastructure providers operate.
11.3 Retention
- Local data: until you delete it or uninstall the App
- Waitlist emails (device): until you delete all App data or uninstall
- Waitlist emails (received by us): until your request is fulfilled or no longer needed, unless longer retention is required by law
- Cloud data: until you delete your account or data, or until no longer needed to provide the service
- Caregiver invites: until accepted, revoked, expired, or deleted
- Support emails: as long as needed to resolve your request and meet legal obligations
- Purchase records: as required by tax law and App Store / Play policies
- Server logs: typically rolling retention (e.g., 30–90 days) unless longer retention is required for security investigations
12. Security
We implement reasonable administrative, technical, and organizational measures appropriate to the sensitivity of health-related data, including encryption in transit, encrypted cloud payloads, access controls, and authenticated APIs for caregiver access. However, no system is perfectly secure. You are responsible for securing your device (passcode, biometrics), keeping credentials confidential, and choosing caregivers you trust.
Report suspected vulnerabilities to hello@familymedvault.com.
13. Device Permissions
- Microphone — only when you use live voice symptom entry; recordings are used for transcription you request (demo mode uses sample text without uploading audio)
- Notifications — only if you enable medication reminders or visit-prep alerts
- Network — required for optional cloud sync, caregiver remote access, optional AI, live voice transcription, and optional drug-database lookups; not required for Patient Portal Sync in version 1.0.0 because that feature is not active
You may deny permissions; related features will not function, but core on-device tracking may still work offline.
14. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access / portability — export JSON from Settings
- Deletion — delete all local data from Settings (including waitlist entries stored on device); request cloud deletion by email
- Correction — edit entries directly in the App
- Opt out — decline optional analytics and personalization on the consent screen
- Restrict or object — EEA/UK users may object to certain processing
- Withdraw consent — for optional features at any time
- Complaint — lodge a complaint with your supervisory authority (EEA/UK)
14.1 California (CPRA/CCPA)
California residents have rights to know, delete, and correct personal information, and to opt out of sale or sharing for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising. Submit requests to hello@familymedvault.com. We will verify requests as required by law. You may designate an authorized agent where applicable.
14.2 Apple subscriptions
Manage or cancel auto-renewable subscriptions in Settings → Apple ID → Subscriptions on iOS. Deleting the App does not cancel an active subscription. Refunds are handled under Apple’s policies.
15. Children
ChronicOS is intended for adults managing their own or family members’ health information and is not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child provided information without appropriate consent, contact us and we will delete it promptly.
16. International Transfers
If you access the App from outside the United States, your information may be processed in the U.S. and other countries with different data-protection laws. Where required for transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
17. Third-Party Services and Links
The App may link to legal pages, your device’s mail client for waitlist messages, or third-party sites. Third-party privacy practices govern those services. When Patient Portal Sync becomes available, review your health system’s policies before connecting a portal. We are not responsible for third-party outages, security incidents, or policy changes outside our control.
18. Changes to This Policy
We may update this Privacy Policy from time to time, including when we enable Patient Portal Sync or add subprocessors. We will post the revised version at this URL with an updated “Last updated” date. For material changes, we may provide additional notice in the App or by email where appropriate. Continued use after the effective date constitutes acceptance of the updated Policy, except where law requires additional consent.
19. Not Medical Advice; Emergency Disclaimer
ChronicOS provides educational and organizational tools only. Content, alerts, coaching tips, clinical reference bands on charts, AI summaries, and lab narratives are not medical advice, diagnosis, or treatment. Always consult qualified clinicians for medical decisions. In an emergency, call 911 (U.S.) or your local emergency number immediately. Do not rely on the App for emergency monitoring.
20. Individual Developer; Disclaimer; Limitation of Liability
THE APP AND ALL RELATED SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, ACCURACY, AND NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
TO THE FULLEST EXTENT PERMITTED BY LAW, THE OPERATOR (AN INDIVIDUAL SOFTWARE DEVELOPER) SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF DATA, PROFITS, GOODWILL, OR HEALTH OUTCOMES, ARISING FROM OR RELATED TO THIS PRIVACY POLICY OR YOUR USE OF THE APP, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE FULLEST EXTENT PERMITTED BY LAW, THE OPERATOR’S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE APP OR THIS PRIVACY POLICY SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID TO THE OPERATOR FOR THE APP OR IN-APP PURCHASES IN THE TWELVE (12) MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (B) FIFTY U.S. DOLLARS (USD $50.00).
Nothing in this Policy limits rights that cannot be waived under mandatory consumer protection, privacy, or health laws in your jurisdiction (including certain GDPR/EEA rights). Some jurisdictions do not allow certain disclaimers or limitations; in those cases, our liability is limited to the maximum extent permitted by law.
You agree to use the App at your own risk and to maintain independent backups of information you consider important. The Operator is a sole individual developer; you acknowledge that support, incident response, and legal resources may be more limited than those of a large company, and you should not rely on the App as your only record of critical health information.
21. Governing Law
This Privacy Policy is governed by the laws of the United States and the State of California, without regard to conflict-of-law principles, except where mandatory consumer or privacy laws in your country of residence provide otherwise.
22. Contact Us
For privacy questions, data subject requests, Patient Portal Sync waitlist, or security reports:
Email: hello@familymedvault.com
Subject line: ChronicOS Privacy Request
We aim to respond within thirty (30) days, or sooner where required by applicable law.
Related documents: Terms of Use (EULA) · Technical Support