Privacy Policy

Last updated: April 17, 2026 · Effective: April 17, 2026

1. Who We Are

CuraCircle ("we," "us," or "our") operates the CuraCircle Patient and CuraCircle Caregiver mobile applications and the website at www.curacircle.app. We provide medication management and caregiver coordination services.

For questions about this policy, contact us at: privacy@curacircle.app

2. Information We Collect

Information you provide directly

• Account information: Name, email address, and password when you create an account
• Health information: Medications, dosages, schedules, blood type, allergies, medical conditions, and doctor information you choose to enter
• Dose logs: Records of medications taken, missed, or skipped — including reasons you provide
• Appointments: Doctor appointment dates, times, locations, and notes
• Contact information: Phone numbers for caregivers and patients
• Messages: In-app messages between patients and caregivers

Information collected automatically

• Device tokens: Push notification tokens to send medication reminders and alerts
• Usage data: App interactions, feature usage, and session data to improve the service
• Device information: Device type (iOS or Android) for push notification delivery

Information we do not collect

• We do not collect location data
• We do not access your contacts or address book
• We do not collect biometric data
• We do not track you across other apps or websites

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the CuraCircle service
• Send medication reminders to patients at scheduled times
• Alert caregivers when a patient misses a dose
• Generate weekly adherence reports for caregivers
• Enable communication between patients and caregivers
• Send invitation emails when patients add new caregivers
• Check for drug interactions using the OpenFDA database
• Improve and maintain the service
• Respond to support requests

We do not sell your personal information or health data to third parties. We do not use your health information for advertising purposes.

4. How We Share Your Information

With caregivers you connect

When you (as a patient) add a caregiver, that caregiver can see your medication schedule, dose history, adherence statistics, appointments, and any information you choose to share. You control who is added to your care circle and can remove caregivers at any time.

With patients you care for

As a caregiver, your name, email, and contact information is visible to patients whose care circle you join.

With service providers

We share data with the following service providers who help operate our platform:

• Supabase: Database and authentication infrastructure (data stored in the US)
• Resend: Email delivery for invitation and report emails
• Expo / EAS: Push notification delivery via Apple APNs and Google FCM
• OpenFDA: Drug interaction checking (medication names only, no personal data sent)
• RxNorm / NIH: Medication autocomplete (medication names only, no personal data sent)

All service providers are contractually required to handle data securely and only for the purposes we specify.

Legal requirements

We may disclose information if required by law, court order, or government authority, or to protect the safety of our users or others.

5. Data Security

We implement the following security measures:

• All data is encrypted in transit using HTTPS/TLS
• Database access is controlled through Row Level Security (RLS) policies — users can only access their own data
• Passwords are hashed and never stored in plain text
• Authentication is managed through Supabase Auth with industry-standard JWT tokens
• Caregiver access requires explicit patient invitation and acceptance

No system is completely secure. If you believe your account has been compromised, contact us immediately at security@curacircle.app.

6. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account and profile data: Retained until you delete your account
• Dose logs: Retained for 2 years for adherence reporting
• Messages: Retained for 1 year
• Push notification tokens: Deleted when you log out or uninstall the app
• Expired invitations: Deleted after 30 days

When you delete your account, we permanently delete all associated personal and health data within 30 days.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information through the app settings
• Deletion: Delete your account and all associated data
• Portability: Request your data in a portable format
• Opt-out: Disable push notifications through your device settings at any time
• Caregiver removal: Remove any caregiver from your care circle at any time

To exercise any of these rights, email us at privacy@curacircle.app. We will respond within 30 days.

8. Children's Privacy

CuraCircle is designed for adults (18 and older) and their caregivers. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us and we will delete it.

9. International Users

CuraCircle is operated from the United States. If you use our service from outside the US, your information will be transferred to and processed in the US. By using CuraCircle, you consent to this transfer.

10. Third-Party Links

Our app may contain links to third-party services (such as pharmacy websites). We are not responsible for the privacy practices of those services and encourage you to review their privacy policies.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by sending an email to your registered address or displaying a notice in the app. Continued use of CuraCircle after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy questions, data requests, or to report a concern:

• Email: privacy@curacircle.app
• Support: support@curacircle.app
• Website: www.curacircle.app