Privacy Policy

Effective date: 2026-04-21
Last updated: 2026-04-21

Pill Tracker ("the App", "we", "us", "our") is a medication-tracking mobile application operated by NYC Mike ("we") and made available through Google Play. This Privacy Policy explains what information the App collects, how it is used, and the choices you have.

For questions or requests, contact: support@ptpilltracker.com.

1. Information we collect

1.1 Account information

When you create an account in the App we collect:

Email address (for email/password sign-in) or the Google account identifier you choose to sign in with.
A unique user ID generated by our authentication provider.

We do not collect your real name, physical address, phone number, date of birth, or government identifiers unless you choose to enter such information into free-text fields (e.g., a profile nickname, a doctor's address in your own records).

1.2 Health and medication information you enter

The core purpose of the App is to help you track medications. Information you voluntarily enter includes:

Medications: name, dosage, schedule, notes, prescription status, pharmacy, prescribing doctor, expiry, refills, inventory.
Dose logs: whether you took, skipped, or missed each scheduled dose, plus any notes.
Health metrics: blood pressure, weight, mood, symptoms, journals, and any custom trackers you configure.
Doctor and pharmacy contact details that you enter.
Family members: profiles you create to track medications on behalf of someone else (e.g., an elderly parent).

This information is stored in our cloud database (Supabase, see §3) under your account ID so it can sync between your own devices.

1.3 Device and usage information

We collect a small amount of technical information automatically:

Error reports and crash logs (via Sentry, see §3): stack traces, device model, OS version, app version, the screen where an error occurred. These may include values you were editing at the moment of a crash.
Anonymized product analytics: low-volume events such as "user connected cloud backup" or "user created a family member" (counts and enum values only — no medication names, notes, or other personal content).
Notification permissions: whether you granted permission for local reminders. All medication reminders are generated and delivered locally on your device — we do not send push notifications from our servers.

1.4 Information stored only on your device

Some data stays on your device and is not sent to our servers:

OAuth tokens for Google Drive or Dropbox cloud backup (if you connect them). These tokens live in the app's private storage and are used only to upload/download your backup files directly between your device and Google/Dropbox.
Local backup JSON files (a copy of your data) saved in the app's private storage.
App preferences such as theme, language, units, and PIN/biometric lock state.

When you sign out of the App, cloud-provider tokens and user-specific device-local data are wiped.

1.5 We do not collect

We do not collect any of the following:

Precise or approximate device location.
Contacts, calendar, photos, or other device content.
Browsing history or web activity outside the App.
Advertising identifiers.
Microphone or camera input, except when you explicitly use the barcode/OCR medication scanner (images are not stored or transmitted).
Payment information directly (when subscriptions launch, billing will be handled by Google Play and we receive only anonymized purchase tokens).

2. How we use the information

We use the information above to:

Provide the App's core features (remind you to take medications, log doses, chart progress, share family-member schedules).
Sync your data across devices you sign in on.
Back up your data to your chosen cloud provider (Google Drive or Dropbox) at your direction.
Debug crashes and improve reliability (via Sentry).
Understand which features are being used (anonymized analytics).
Send email about important account or policy changes (rare — we are not a marketing product).

We do not use your information for advertising, to build user profiles for sale, or to train machine-learning models.

3. Third-party services

The App relies on the following third-party services. Each has its own privacy policy that governs how they handle data we send:

Service	Role	Privacy policy
Supabase	Hosted database + user authentication	supabase.com/privacy
Google (Firebase / Google Sign-In)	Optional Google sign-in, Google Drive backup	policies.google.com/privacy
Dropbox	Optional Dropbox backup	dropbox.com/privacy
Sentry	Error monitoring + low-volume analytics	sentry.io/privacy
Google Play	App distribution and, in the future, subscription billing	policies.google.com/privacy

All network connections to these services use TLS (HTTPS). Servers operated by Supabase and Sentry that store our data are located in the United States.

We do not sell personal information to any third party, and we do not share your data with advertisers or data brokers.

4. Data retention

Active accounts: We keep your data for as long as your account exists.
Account deletion: When you tap Delete Account in Settings, we permanently remove your medications, dose logs, health metrics, doctors, pharmacies, family members, and cloud-backup link records from our database. This action cannot be undone. Residual backups held in your own Google Drive or Dropbox are your files — we cannot delete them; you can remove them manually.
Inactive accounts: We may delete accounts that have had no sign-in activity for 24 months. We will attempt to email you before doing so.
Error logs: Sentry crash reports are retained for 90 days.

5. Your rights and choices

5.1 Everyone

Access: Use the in-app Export JSON feature (Settings → Backup & Export) to download all data we hold about your account.
Correct: Edit any record directly in the App.
Delete: Use Delete Account in Settings (Settings → Account) to wipe your account and all its data.
Disconnect cloud backup: Settings → Cloud Backup → Disconnect at any time.
Turn off analytics / crash reporting: Sentry reporting is only enabled in production builds. We do not currently offer a granular opt-out; if you wish to opt out entirely, please contact us at support@ptpilltracker.com and we will disable it for your account.

5.2 California residents (CCPA)

If you reside in California, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

Right to know what personal information we collect, how we use it, and with whom we share it.
Right to access your personal information (via Export JSON).
Right to delete your personal information (via Delete Account).
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information — we do not sell or share personal information within the meaning of the CCPA.
Right to non-discrimination for exercising these rights.

To exercise any of these rights, email support@ptpilltracker.com from the email address associated with your account, or use the equivalent in-app feature where available. We will respond within 45 days.

5.3 Residents of other jurisdictions

Users outside California and the European Union can exercise the same access, correction, and deletion rights by emailing support@ptpilltracker.com or using the in-app tools above.

6. Children's privacy

The App is intended for adults managing their own medications or tracking medications on behalf of another person in their household. The App is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child under 13 has created an account, please contact us at support@ptpilltracker.com and we will delete the account promptly.

7. Security

All data in transit between the App and our services is encrypted via TLS.
Data at rest in our database is encrypted by Supabase.
Authentication tokens are stored in the device's private application storage.
Medication names are not included in notification bodies so they do not appear on your lock screen.

No system is perfectly secure. We cannot guarantee absolute protection of your information, but we commit to notifying affected users and applicable authorities of any breach as required by law.

8. International data transfers

Because Supabase, Sentry, and Google operate primarily in the United States, data you provide is processed in and transferred to the United States. If you are located outside the United States, your data will cross international borders. By using the App you consent to this transfer.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be reflected by updating the Last updated date at the top and, for significant changes, by an in-app notice or email. Continued use of the App after an update constitutes acceptance of the revised policy.

10. Contact us

Email: support@ptpilltracker.com

Operator: NYC Mike

Jurisdiction: United States

For CCPA-specific requests, include "CCPA Request" in the subject line.