Privacy Policy
Effective date: May 26, 2026
This policy explains what data Capsule Health (“we,” “us,” “the app”) collects when you use the iOS app, how we use it, and the choices you have. It applies to anyone who signs up for and uses Capsule Health.
We've tried to keep this short and plain-English. If something is unclear, email privacy@capsule.health and we'll fix it.
1. Who we are
Capsule Health is a medication-tracking app that lets you log your medications and share that activity with people you trust — family, friends, a partner, your doctor, a caregiver. It's published by an independent developer; contact details are in section 12.
Capsule Health is a wellness and adherence tracker, not a medical device. It does not provide medical advice, diagnosis, or treatment. Always follow your healthcare provider's instructions.
2. What we collect
We only collect what the app needs to work. We do not run ad networks, we do not embed third-party analytics SDKs, and we do not build advertising profiles on you.
Information you give us
| Data | Why |
|---|---|
| Phone number | To sign you in. Verification is handled by Firebase Authentication using an SMS one-time code. You don't set a password — there's nothing to forget or leak. |
| Name, birth year | Shown in your profile and in your circle members' feed when they see your activity. You can edit or remove either at any time. |
| Medications | Name, dose, schedule (times and weekdays), and which circle members are hidden from each medication. Stored under your account; we cannot see clinical details linked to other users by default. |
| Medication logs | Each time you tap "Took it," we record the medication ID, timestamp, and the scheduled slot. Used to compute your streaks, "next up" card, and weekly adherence numbers. |
| Circle relationships | The Capsule Health user IDs of people you've invited or accepted, plus the role you picked (family, friend, doctor, caregiver, other) and an optional display label (e.g. "Mom"). |
| Invitations | If you send an SMS invite, the recipient phone number is stored in our invites collection until they accept, decline, or the invite is deleted. |
| Notification preferences | Toggles for medication reminders and circle-activity push. |
Information generated by your use of the app
- Feed events. When you log a dose, miss a dose, react to someone's activity, send a gentle nudge, or hit a streak milestone, we write a feed event that's visible only to people you've put in its audience.
- Push notification token. When you allow notifications, the Firebase Cloud Messaging SDK generates a device-specific token we store on your profile so we can deliver pushes for the activity in your circle. The token has no personal information; it identifies your device.
- Crash diagnostics. If the app crashes, Firebase Crashlytics records a stack trace, device model, OS version, and a randomly-generated installation ID. This data is used solely to fix bugs.
What we don't collect
- We do not access your contacts.
- We do not access your location.
- We do not access your photo library or camera.
- We do not access HealthKit, Apple Health, or any system health data.
- We do not use third-party advertising or marketing SDKs.
- We do not sell your data. Ever.
3. How we use your data
- Authenticate you and keep you signed in.
- Show your medications, schedule, and adherence on your device.
- Send local reminder notifications for your scheduled doses.
- Show your activity to the circle members you've chosen, respecting per-medication privacy toggles.
- Deliver push notifications when your circle takes, misses, reacts, or cheers.
- Compute streaks and adherence numbers.
- Diagnose bugs (Crashlytics).
We never use your medication data to target you with ads, sell your information, or share it with third parties for their own purposes.
4. Who we share it with
We share data with a small set of service providers strictly needed to run the app:
| Provider | What they handle |
|---|---|
| Google Firebase | Authentication, Firestore database storage, Cloud Functions, Cloud Messaging (push), Hosting, and Crashlytics. Firebase processes data on Google Cloud infrastructure in the EU (eur3 multi-region) and, for some sub-services, the United States. Google acts as our data processor. |
| Apple Push Notification service | Delivers push notifications to your iPhone. Apple receives only the notification payload and device token, not your medication content beyond the visible alert text. |
| Your mobile carrier | If you send an SMS invite from inside the app, the message is sent via your phone's standard Messages app. We don't run our own SMS gateway, and we don't see the contents of the SMS. |
We share your activity inside the app with the specific people you've added to your circle — and only the medications you haven't hidden from them. Nobody outside your circle sees your medication data.
5. Device permissions
| Permission | Why we ask |
|---|---|
| Notifications | To deliver medication reminders and circle activity. You can revoke this anytime in iOS Settings. |
| Microphone & Speech Recognition | Used only when you choose "Add by voice." We prefer Apple's on-device Speech framework and request on-device transcription when your device supports it. On older devices or locales where on-device isn't available, iOS may transcribe through Apple's speech servers under Apple's privacy policy. In either case, we don't record, store, or upload your voice ourselves — we only receive the transcribed text from iOS. |
| Network access | Required to sync with Firebase and deliver pushes. |
6. How long we keep it
- Account data is kept for as long as your account exists. Deleting your account removes your profile, medications, medication logs, circle memberships you own, invitations you sent or received, and your feed events. The mirror rows on the other side of your circle (your friends' "I follow Ayşe" entries) are cleaned up by a server function the moment your account is deleted.
- Feed events visible to your circle remain in your circle members' history of your activity until you delete your account; at that point the events you authored are removed.
- Crash logs are kept for 90 days by Firebase Crashlytics, then deleted automatically.
- Backups Google maintains short-window operational backups of Firestore that are overwritten on a rolling basis. We do not control these schedules.
7. Your rights and controls
You have a few baked-in controls in the app, and you have legal rights on top of them.
In-app controls
- Edit your profile. Profile → Your details.
- Per-medication privacy. Tap a medication → "Who sees" → toggle each circle member.
- Notification preferences. Profile → Notifications → toggle Medication reminders and Circle activity.
- Remove a circle member. Circle → tap a member → Remove.
- Sign out. Profile → Sign out (your local data stays in your account; you can sign back in).
- Delete your account. Profile → Delete account. We re-verify your phone for security, then erase your account and trigger a server-side cleanup of related records. There's no waiting period.
Your legal rights (GDPR, UK GDPR, KVKK, CCPA, and similar)
Where the law gives you these rights, you can:
- Ask for a copy of the personal data we hold about you.
- Ask us to correct inaccurate data.
- Ask us to delete your data (the in-app "Delete account" flow is the fastest way).
- Withdraw consent or object to specific processing.
- Lodge a complaint with your local data-protection authority.
To exercise any of these, email privacy@capsule.health. We respond within 30 days.
8. International data transfers
Your data is stored primarily in Google Cloud's eur3 multi-region (Europe). Some Firebase sub-services may also process data in the United States. Where transfers leave your home jurisdiction, Google relies on Standard Contractual Clauses and equivalent transfer mechanisms; these are described in Google's Data Processing Addendum.
9. Children
Capsule Health is not directed to children under 13 (or 16 in jurisdictions where that's the minimum). We don't knowingly collect data from anyone under those ages. If you believe a minor has signed up, email privacy@capsule.health and we'll remove the account.
10. Security
- All traffic between the app and our servers is encrypted in transit (TLS).
- Firestore documents are encrypted at rest by Google.
- Access to your data is gated by Firebase Security Rules, which we audit and unit-test as part of every release.
- We do not store passwords (sign-in is phone-only).
No system is perfectly secure. If you spot a vulnerability, please email security@capsule.health.
11. Changes to this policy
If we change this policy in a material way, we'll update the "Effective date" at the top and, where required, notify you in-app before the change takes effect. The latest version always lives at this URL.
12. Contact us
For questions, requests, or complaints about this policy or your data:
- Privacy: privacy@capsule.health
- Security: security@capsule.health
- General: hello@capsule.health