iMedicate Health

Privacy Policy

Last updated: September 21, 2025

This Privacy Policy explains how iMedicate (“iMedicate,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you use our mobile applications, websites, clinic dashboard, and related services (collectively, the “Services”). By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

We may update this Policy from time to time. Changes take effect when posted. We encourage you to review this Policy periodically.

1) What We Collect

We collect information in the following categories:

a) Account & Contact Information

  • Name, email address, password (hashed), preferred language.

  • Optional profile details you choose to provide.

b) Medication & Health-Related Data (Consumer Health Data)

  • Medication names, dose, frequency, schedules, adherence logs (“Taken,” “Not Yet Taken,” “Missed”), instructions and notes you add.

  • Optional: mood logs and notes; vitamin/supplement tracking.

  • Images you upload for OCR-based label recognition; extracted text (e.g., partial/truncated drug names); RxNorm matches and related metadata.

c) Accessibility & Experience Preferences

  • Text-to-Speech (TTS) settings, high contrast/large text/dyslexia-friendly font preferences, reminder style (Classic/Funny/Inspirational), notification timing/frequency.

d) Device & Usage Data

  • Device model, OS version, app version, unique identifiers, IP address, time zone, language, crash diagnostics, and in-app activity (e.g., screens visited, taps) to improve performance and stability.

e) Contacts You Choose to Add

  • Emergency contact name and phone number (and their consent/opt-in/opt-out state for SMS alerts).

  • Clinic/provider code, clinic name, and membership records if you join a clinic pilot.

f) Cookies & Web Data (Sites & Dashboard)

  • Cookies and similar technologies for authentication, session management, analytics, and fraud/security.

2) Sources of Information

  • Directly from you when you sign up, log medication, adjust settings, upload images, export logs, or contact support.

  • Automatically via the app/website (diagnostics, performance, analytics).

  • From integrated services you enable (e.g., RxNorm queries, SMS gateway).

  • From clinics/providers only when you join a clinic pilot and consent to share.

3) How We Use Information

We use information to:

  • Provide and operate the Services (medication schedules, reminders/notifications, SMS alerts, calendar logging, TTS, accessibility features).

  • Recognize medications from images with OCR and perform RxNorm lookups to suggest standardized names/dosages.

  • Support clinics and caregivers you explicitly add (e.g., emergency contact alerts, clinic dashboards).

  • Improve, maintain, and secure the Services (debugging, fraud prevention, quality assurance, feature development).

  • Communicate with you about your account, features, updates, and support.

  • Comply with law and enforce our terms, protect rights, safety, and security.

We may de-identify and/or aggregate data for analytics, research, and product improvement. De-identified/aggregated data does not identify you.

4) Legal Bases (where applicable)

Depending on your region, our processing relies on:

  • Performance of a contract (to provide the Services you request).

  • Legitimate interests (e.g., security, service improvement) balanced against your rights.

  • Consent (e.g., emergency SMS alerts to your designated contact; certain analytics where required).

  • Legal obligations (e.g., responding to lawful requests).

5) Consumer Health Data Disclosures (U.S. state laws)

Some states (e.g., WA, CO, CT, NV) define “Consumer Health Data” (CHD). Where these laws apply, we:

  • Collect and use CHD only as necessary to provide requested Services or with your consent.

  • Share CHD only as described in Section 6 and with safeguards/agreements.

  • Honor rights provided by applicable CHD laws (see Section 10).

  • Maintain records of consent for emergency SMS alerts and clinic sharing.

6) How We Share Information

We do not sell your personal information.

We may share as follows:

  • Service Providers/Processors. Vendors assisting with hosting, database, analytics, logging/diagnostics, OCR, RxNorm lookups, and SMS delivery (e.g., our SMS provider). They act under contract, use data only on our instructions, and implement security safeguards.

  • Your Emergency Contact. If you enable emergency alerts, we may send SMS about missed doses to the contact you designate. We store and honor their opt-in/opt-out status.

  • Clinics/Providers (Pilot). If you join a clinic with a code or invite, certain adherence summaries and clinic-relationship metadata can be viewed by authorized clinic staff via the clinic dashboard, consistent with your consent and applicable agreements.

  • Business Transfers. In a merger, acquisition, financing, or sale of assets, information may transfer subject to continued protections.

  • Legal/Safety. To comply with law, legal process, or enforceable government requests; to enforce our terms; or to protect rights, property, or safety of iMedicate, users, or the public.

  • With Your Direction or Consent. As you instruct, for example exporting your data or sharing with a caregiver you designate.

7) Clinics, HIPAA & BAAs

iMedicate is generally a consumer app and not a HIPAA “covered entity” or “business associate.” However, for clinic pilots, we may act as a business associate under a Business Associate Agreement (BAA) with that clinic. In BAA contexts, we handle protected health information (PHI) in accordance with HIPAA and the BAA terms. Outside of a BAA, HIPAA typically does not apply to your use of the consumer app.

8) Retention

We retain personal information as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. You may delete your account or request deletion (see Section 10). We may keep de-identified/aggregated data.

9) Your Choices

  • Notifications. Control medication reminders and emergency alert timing in app settings.

  • Emergency SMS Alerts. You can enable/disable; your contact can opt in by replying “YES” and opt out by replying “STOP.”

  • Access & Edits. Review and update your profile, medications, and preferences in the app.

  • Export. You can export medication and mood logs from the app.

  • Cookies. Manage browser cookies via your browser settings.

10) Your Rights

Depending on your location, you may have rights to:

  • Access and port your data.

  • Correct inaccurate data.

  • Delete your data.

  • Limit/opt out of certain processing (e.g., targeted advertising where applicable).

  • Withdraw consent (e.g., emergency SMS alerts).

To exercise rights, email imedicateapp@gmail.com. We may verify your request and respond within the timeframe required by applicable law. Authorized agents may act on your behalf as permitted by law.

11) International Transfers

If you access the Services from outside the United States, your information may be processed in the U.S. and other countries that may have different data protection laws than your country. Where required, we implement appropriate safeguards (e.g., contractual clauses).

12) Security

We implement administrative, technical, and physical safeguards designed to protect your information (e.g., encryption in transit, access controls, audit logging). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

13) Children’s Privacy

The Services are not directed to children under 13 (or the age defined by your local law). We do not knowingly collect personal information from children without appropriate consent. If you believe a child provided us personal information, contact us and we will take appropriate steps.

14) Third-Party Links & Integrations

Our Services may link to third-party sites or services (e.g., external resources). We are not responsible for their practices. Review their privacy policies.

15) Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the revised Policy with an updated “Last updated” date.

16) Contact Us

If you have questions, requests, or complaints about this Policy or our practices, contact:

iMedicate Health
Email: imedicateapp@gmail.com