Privacy Policy

Your privacy is fundamental to our mission. We're committed to protecting your family's health information with the highest standards of security and confidentiality.

Last updated: May 2, 2026 | Effective date: May 2, 2026

Enterprise Security

TrackDose maintains enterprise-grade security. We use strict security measures to protect your health information and ensure all data handling meets or exceeds industry privacy standards.

Information We Collect

We collect information you provide directly (account details, child profiles, health records), information collected automatically (usage data, device information), and information from healthcare providers with your consent.

How We Protect Your Data

All data is encrypted using 256-bit AES encryption at rest and TLS 1.3 in transit. We use secure data centers with enterprise-grade certification, regular security audits, and strict access controls.

How We Use Information

Your data is used solely to provide and improve our services, facilitate healthcare provider collaboration, generate insights and reports, and communicate important updates. We never sell your data.

Your Rights

You have the right to access, correct, or delete your personal information, export your data, opt-out of non-essential communications, and request restrictions on data processing.

Third-Party Services

We work with trusted partners for hosting and database (Supabase, on AWS infrastructure), payments (Stripe), and AI features you choose to use (OpenAI, Anthropic). When you use AI-powered features, the relevant data is sent to these providers under their terms and is not used to train their models.

Complete Privacy Policy

1. Introduction

TrackDose ("we," "our," or "us") is committed to protecting your privacy and complying with all applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information Collection

We collect the following types of information:

  • Account Information: Name, email, phone number, password
  • Health Information: Child profiles, allergy details, reaction logs, treatment plans
  • Usage Data: App interactions, feature usage, device information
  • Communications: Support requests, feedback, provider notes

3. Use of Information

Your information is used to:

  • Provide and maintain our services
  • Track and manage allergy treatments
  • Generate reports for healthcare providers
  • Send critical alerts and reminders
  • Improve our platform through aggregated analytics
  • Comply with legal obligations

4. Data Sharing

We never sell your personal or health information. We share information only:

  • With healthcare providers you explicitly authorize
  • With service providers under strict confidentiality agreements
  • With AI service providers (OpenAI, Anthropic) when you use AI-powered features such as chat, document OCR, or semantic search. Data sent to these providers is governed by their commercial terms and is not used to train their models.
  • When required by law or to protect safety
  • With your explicit consent

4a. AI Features and Your Data

TrackDose offers optional AI-powered features that send relevant information to third-party AI providers. These features are not required to use the core app:

  • Document OCR — uploaded images and extracted text are sent to AI providers for transcription and parsing.
  • AI chat assistant — your message and a relevant slice of your child's records are sent to AI providers to generate the response.
  • Semantic search — search queries and embeddings of your records are sent to AI providers; embeddings are stored in our database to enable search.
  • Pattern analysis and insights — aggregated record summaries are sent to AI providers to surface trends.

We use OpenAI and Anthropic under their standard API terms, which prohibit training on customer data. We do not sign Business Associate Agreements (BAAs) with these providers, so AI features should not be used with information you would not be comfortable processing through a commercial AI service. You can use the core app without using any AI feature.

5. Data Security

We implement industry-leading security measures:

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Strict access controls and monitoring
  • Secure data backup and disaster recovery

6. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your account
  • Export your data in standard formats
  • Opt-out of non-essential communications
  • File a complaint with regulatory authorities

7. Children's Privacy and Parent-Operated Use

TrackDose is operated exclusively by parents and legal guardians on behalf of the children in their care. We do not provide accounts to children, do not direct our services to children under 13, and do not knowingly collect information directly from children.

All accounts must be created by an adult (18 or older) who attests at signup that they are the parent or legal guardian of any child whose information they enter. Child profiles, food logs, reactions, and treatment data are entered by the parent on the child's behalf — the child does not log in, receive an account, or interact with the service directly.

If you believe a child has created an account without parental involvement, contact us at hello@trackdose.app and we will remove the account and any associated data.

8. Data Retention and Deletion

We retain your account and health information while your account is active. You may request deletion at any time from the settings page or by emailing hello@trackdose.app.

When you delete your account, your account and associated health records (child profiles, food logs, reactions, schedules, dosing records, uploaded documents) are permanently removed within 30 days. Backups containing your data are rotated out within an additional 30 days.

Audit logs of access to protected health information are retained separately for up to 6 years to align with HIPAA-aligned audit retention practices. These logs record access events but do not contain the underlying health data once your account is deleted.

9. International Users

Our services are primarily intended for use in the United States. If you access our services from outside the US, please be aware that your information may be transferred to and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via email or through the app. Continued use after changes constitutes acceptance of the updated policy.

Questions About Privacy?

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@trackdose.app

Support: trackdose.app/support

Security Notice

We maintain enterprise-grade security practices to protect your health information. Our security standards and data handling procedures exceed industry requirements and are regularly audited by third-party security firms.