Privacy Policy

Last updated: April 17, 2026 · Effective: April 17, 2026

CuraCircle is designed for elderly patients and their caregivers. We take privacy seriously — especially regarding health information. This policy explains clearly what we collect, how we use it, and your rights.

1. Who We Are

CuraCircle ("we," "us," or "our") operates the CuraCircle Patient and CuraCircle Caregiver mobile applications and the website at www.curacircle.app. We provide medication management and caregiver coordination services.

For questions about this policy, contact us at: privacy@curacircle.app

2. Information We Collect

Information you provide directly

Account information: Name, email address, and password when you create an account
Health information: Medications, dosages, schedules, blood type, allergies, medical conditions, and doctor information you choose to enter
Dose logs: Records of medications taken, missed, or skipped — including reasons you provide
Appointments: Doctor appointment dates, times, locations, and notes
Contact information: Phone numbers for caregivers and patients
Messages: In-app messages between patients and caregivers

Information collected automatically

Device tokens: Push notification tokens to send medication reminders and alerts
Usage data: App interactions, feature usage, and session data to improve the service
Device information: Device type (iOS or Android) for push notification delivery

Information we do not collect

We do not collect location data
We do not access your contacts or address book
We do not collect biometric data
We do not track you across other apps or websites

3. How We Use Your Information

We use the information we collect to:

Provide and operate the CuraCircle service
Send medication reminders to patients at scheduled times
Alert caregivers when a patient misses a dose
Generate weekly adherence reports for caregivers
Enable communication between patients and caregivers
Send invitation emails when patients add new caregivers
Check for drug interactions using the OpenFDA database
Improve and maintain the service
Respond to support requests

We do not sell your personal information or health data to third parties. We do not use your health information for advertising purposes.

4. How We Share Your Information

With caregivers you connect

When you (as a patient) add a caregiver, that caregiver can see your medication schedule, dose history, adherence statistics, appointments, and any information you choose to share. You control who is added to your care circle and can remove caregivers at any time.

With patients you care for

As a caregiver, your name, email, and contact information is visible to patients whose care circle you join.

With service providers

We share data with the following service providers who help operate our platform:

Supabase: Database and authentication infrastructure (data stored in the US)
Resend: Email delivery for invitation and report emails
Expo / EAS: Push notification delivery via Apple APNs and Google FCM
OpenFDA: Drug interaction checking (medication names only, no personal data sent)
RxNorm / NIH: Medication autocomplete (medication names only, no personal data sent)

All service providers are contractually required to handle data securely and only for the purposes we specify.

Legal requirements

We may disclose information if required by law, court order, or government authority, or to protect the safety of our users or others.

5. Data Security

We implement the following security measures:

All data is encrypted in transit using HTTPS/TLS
Database access is controlled through Row Level Security (RLS) policies — users can only access their own data
Passwords are hashed and never stored in plain text
Authentication is managed through Supabase Auth with industry-standard JWT tokens
Caregiver access requires explicit patient invitation and acceptance

No system is completely secure. If you believe your account has been compromised, contact us immediately at security@curacircle.app.

6. Data Retention

We retain your data for as long as your account is active. Specifically:

Account and profile data: Retained until you delete your account
Dose logs: Retained for 2 years for adherence reporting
Messages: Retained for 1 year
Push notification tokens: Deleted when you log out or uninstall the app
Expired invitations: Deleted after 30 days

When you delete your account, we permanently delete all associated personal and health data within 30 days.

7. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information through the app settings
Deletion: Delete your account and all associated data
Portability: Request your data in a portable format
Opt-out: Disable push notifications through your device settings at any time
Caregiver removal: Remove any caregiver from your care circle at any time

To exercise any of these rights, email us at privacy@curacircle.app. We will respond within 30 days.

8. Children's Privacy

CuraCircle is designed for adults (18 and older) and their caregivers. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us and we will delete it.

9. International Users

CuraCircle is operated from the United States. If you use our service from outside the US, your information will be transferred to and processed in the US. By using CuraCircle, you consent to this transfer.

10. Third-Party Links

Our app may contain links to third-party services (such as pharmacy websites). We are not responsible for the privacy practices of those services and encourage you to review their privacy policies.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by sending an email to your registered address or displaying a notice in the app. Continued use of CuraCircle after changes take effect constitutes acceptance of the updated policy.

12. Important Medical & HIPAA Disclaimer

⚕️ CuraCircle is a personal medication reminder and caregiver coordination tool. It is NOT a HIPAA-covered service and is not intended for clinical or institutional use.

CuraCircle is designed for personal use by patients and their family caregivers. It is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA).

CuraCircle is not intended to store Protected Health Information (PHI) as defined by HIPAA. If you are a healthcare provider, clinic, or covered entity, you should not use CuraCircle as a substitute for HIPAA-compliant systems.

The information you store in CuraCircle is for your own personal reference. It does not constitute a medical record and should not be used as a substitute for professional medical advice, diagnosis, or treatment.

For enterprise or clinical use inquiries including Business Associate Agreements, contact us at: privacy@curacircle.app

13. Contact Us

For privacy questions, data requests, or to report a concern: