Privacy Policy

Welcome to Transplant Care Companion ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1.1 Personal Information

When you create an account, we collect:

• Account Information: Email address, name, password (encrypted)
• Profile Information: Language preference, timezone

1.2 Health Information

You may voluntarily provide:

• Medication Data: Medication names, dosages, schedules, intake logs
• Vital Signs: Blood pressure, weight, temperature, glucose readings
• Food Information: Photos and data from food safety scans
• Chat Messages: Questions and conversations with our AI assistant
• Budget Data: Medical expense tracking information

1.3 Technical Information

We automatically collect:

• Device Information: Browser type, operating system, device type
• Usage Data: Pages viewed, features used, interaction patterns
• Performance Data: App performance metrics, error logs

We use your information to:

• Provide Services: Enable medication tracking, food safety analysis, vitals monitoring, and AI chat assistance
• Improve Experience: Personalize your app experience based on your preferences and language
• Send Reminders: Notify you about medication schedules (if enabled)
• Maintain Security: Authenticate your identity and protect against unauthorized access
• Improve App: Analyze usage patterns to enhance features and fix bugs
• Provide Support: Respond to your questions and technical issues

3.1 Data Storage

• Database: Cloudflare D1 (global edge database)
• File Storage: Cloudflare R2 (for food scan images)
• Location: Data is stored on Cloudflare's global network with automatic replication

3.2 Data Security

• Encryption in Transit: All data transmitted using HTTPS/TLS 1.3
• Password Security: Passwords are hashed using SHA-256 with email salting
• Authentication: JWT tokens with HMAC-SHA256 signatures (30-day expiration)
• Access Control: Strict user data isolation - you can only access your own data
• SQL Injection Protection: Prepared statements prevent database attacks

3.3 Data Retention

• Active Accounts: Data retained as long as your account is active
• Deleted Accounts: Data deleted within 30 days of account deletion request
• Logs: Technical logs retained for 90 days for security purposes

4.1 We DO NOT Share Your Health Data

We do NOT sell, rent, or share your personal or health information with third parties for marketing purposes.

4.2 Service Providers

We use trusted service providers who help us operate our app:

• Cloudflare: Hosting, database, storage, and CDN services
• These providers are contractually obligated to protect your data and use it only for providing services to us

4.3 Legal Requirements

We may disclose information if required by law, such as:

• Complying with legal processes (subpoenas, court orders)
• Protecting our rights and property
• Preventing fraud or security issues
• Protecting the safety of users or the public

You have the following rights regarding your personal information:

5.1 Access and Portability

• View Your Data: Access all your data through the app's Settings page
• Export Data: Contact us to request a copy of your data in a portable format

5.2 Correction and Update

• Edit Profile: Update your name, language, and timezone anytime
• Modify Records: Edit or delete medication, vitals, and budget entries

5.3 Deletion

• Delete Account: Request account deletion by contacting us
• Delete Specific Data: Remove individual medications, vitals, or chat messages

5.4 Opt-Out

• Notifications: Disable medication reminders in Settings
• Analytics: We do not use third-party analytics, so no opt-out needed

Our app is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete it.

Your information may be transferred to and stored on servers located in different countries as part of Cloudflare's global network. By using our app, you consent to these transfers. We ensure appropriate safeguards are in place to protect your data regardless of location.

We use minimal tracking technologies:

• Authentication Token: Stored in browser localStorage to keep you logged in
• Language Preference: Stored locally to remember your language choice
• Service Worker: Enables offline functionality and app installation
• No Third-Party Cookies: We do not use advertising or analytics cookies

IMPORTANT: Transplant Care Companion is a health management tool, NOT a medical device. It does not diagnose, treat, cure, or prevent any disease. Always consult your healthcare provider before making medical decisions. Never disregard professional medical advice because of information from our app.

In the unlikely event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours
• Inform you of what data was compromised
• Explain the steps we're taking to secure your data
• Provide guidance on protecting yourself

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy in the app
• Updating the "Last Updated" date
• Sending an in-app notification (for major changes)

Your continued use of the app after changes indicates acceptance of the updated policy.

By using Transplant Care Companion, you consent to this Privacy Policy and agree to its terms. If you do not agree, please do not use our app.

Compliance: This Privacy Policy is designed to comply with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and HIPAA-aware best practices for health applications.

Jurisdiction: This policy is governed by the laws of [Your Jurisdiction - to be specified].