PharmacyAI - Your taper planner and dosing diary.

_Summary:_ PharmacyAI is a web application that helps users plan medication tapers, schedule single or repeating doses, and receive per-event reminders on a neon calendar. Users sign in with Google, may upgrade via Stripe, and can enable browser push notifications. This policy covers personal data such as Google account details (name, email), app content the user enters (drug names/colors, dosing/taper data), technical metadata (IP address, device/browser info), and payment/subscription records handled by Stripe. It explains how data is collected, used to provide the service, secured, retained, and shared with processors (e.g., Firebase, Stripe, hosting). The policy includes GDPR and CCPA rights and describes choices such as enabling/disabling notifications, exporting/deleting data, and closing an account. --- # Privacy Policy _Last updated: 26.08.2025_ ## 1) Who We Are **Controller:** **CloudVibes Empire** (“**PharmacyAI**,” “we,” “us,” or “our”). **Service:** A web app for planning medication taper schedules, logging doses (single or repeating), visualizing them on a calendar, and receiving optional browser push notifications. **Contact:** **support@pharmacyai.online** · **Hauptstr. 70, 75056 Sulzfeld, Germany** ## 2) Scope This policy explains how we collect, use, store, share, and protect information when you use PharmacyAI, visit our website, or interact with our services and support. By using the Service, you agree to this policy. ## 3) Information We Collect **A. Account & Identity (via Google Sign-In)** - Name, email address, Google user ID, profile photo (if provided by Google). - Authentication tokens necessary to keep you signed in. **B. App Content You Provide** - Drug entries (e.g., name, color). - Taper schedules and generated steps (e.g., dose values, intervals, start times). - Dosing events (single or repeating plans) and per-event notification preferences (e.g., “notify at time,” “notify X hours before”). - Calendar data and any notes you add. **C. Payments & Subscription (via Stripe)** - Customer ID, subscription status, plan type (Free/Pro), invoices and transaction metadata. - We do **not** store your full card numbers; Stripe processes payment details on our behalf. **D. Technical & Usage Data** - IP address, device and browser type, operating system, language, time zone, referral URLs. - App events (e.g., feature usage, error logs) to maintain reliability and improve UX. - Push messaging tokens (to deliver notifications to your devices). - Cookies and local storage for session management and preferences. **E. Support & Communications** - Messages you send us (e.g., email, forms, or in-app support), plus any contact details you provide. > **Note on Sensitive Data:** Your taper and dosing content may reveal health-related information because you choose what to store. Only add information you are comfortable saving to your account. ## 4) How We Use Your Information - **Provide the Service:** Authenticate users; save and display your drugs, schedules, and dosing events; generate calendar views; send per-event notifications if you enable them. - **Payments & Account Management:** Start trials/checkouts, verify subscription status, and manage billing via Stripe. - **Improve & Secure the Service:** Debugging, monitoring, and preventing fraud/abuse; performance tuning and UX improvements. - **Communications:** Service updates, transactional emails (e.g., receipts), and support responses. - **Legal Compliance:** Meeting record-keeping, tax, and regulatory obligations. ## 5) Lawful Bases (GDPR) We process personal data under these bases: - **Contract:** To deliver the Service you requested. - **Legitimate Interests:** Service reliability, security, and product improvement that do not override your rights. - **Consent:** Browser push notifications and certain cookies; you may withdraw consent at any time. - **Legal Obligation:** Tax, accounting, and compliance requirements. ## 6) Sharing & Disclosures We do **not** sell your personal information. We share data with service providers (processors) that help us operate the Service, under contracts that limit their use: - **Authentication/Database/Push:** Firebase/Google Cloud (e.g., Firebase Authentication, Firestore, Cloud Messaging). - **Payments:** Stripe (checkout, subscription, invoices). - **Hosting/Delivery:** OVH (e.g., app hosting, content delivery). - **Monitoring/Logs:** OVH, as applicable. We may also disclose information: (i) to comply with law or valid legal process; (ii) to protect rights, safety, and security; or (iii) in connection with a business transfer (e.g., merger or acquisition) with notice where required. ## 7) International Transfers Your data may be stored and processed in countries outside your own (including the U.S.). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) for cross-border transfers. You may contact us for copies of relevant safeguards. ## 8) Cookies & Local Storage We use: - **Essential cookies/local storage** for authentication, security, and core functionality. - **Functional storage** for theme and UI preferences. - **Push tokens** to deliver notifications to your registered devices (only after you grant permission). You can control cookies in your browser settings and revoke push permission at any time. ## 9) Data Retention - **Account & App Content:** Retained while your account is active. You may request deletion; we will remove or de-identify data unless we must retain it for legal obligations. - **Push Tokens:** Removed when you revoke permission, sign out, or when tokens expire. - **Payment Records:** Kept as required by tax and accounting laws (often 5–10 years depending on jurisdiction). - **Server Logs:** Typically retained for up to 90 days unless needed for security or investigations. ## 10) Security We use industry-standard measures to protect data, including TLS in transit, encryption at rest (via our cloud providers), access controls, least-privilege permissions, and monitoring. No system is 100% secure; we encourage strong device security and up-to-date browsers. ## 11) Your Rights & Choices Depending on your location, you may have rights to: - **Access** your data, or obtain a copy. - **Rectify** inaccurate or incomplete data. - **Delete** your data (“erasure”), subject to legal exceptions. - **Restrict** or **object** to certain processing. - **Portability** of certain data. - **Withdraw consent** at any time (e.g., for push notifications). To exercise rights, email **support@pharmacyai.online**. We may need to verify your identity. ### California (CCPA/CPRA) We do not “sell” or “share” personal information as defined by the CCPA/CPRA. California residents may request access, deletion, and correction; we will not discriminate for exercising these rights. ## 12) Children’s Privacy PharmacyAI is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided data, contact us and we will delete it where required. ## 13) Third-Party Links The Service may link to third-party sites. Their privacy practices are governed by their own policies; please review them separately. ## 14) Data Controller; How to Contact Us **Controller:** **CloudVibes Empire** **Email:** **support@pharmacyai.online** **Address:** **Hauptstr. 70, 75056 Sulzfeld, Germany** If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection authority. ## 15) Changes to This Policy We may update this policy from time to time. We will post changes here and update the “Last updated” date. Material changes may be communicated by email or in-app notice where legally required. --- **Additional Notes for Users** - **Medical Disclaimer:** PharmacyAI is an organizational/planning tool and does not provide medical advice. Consult a qualified professional before changing medication. - **Account Deletion:** You can request deletion and export of your data by contacting **support@pharmacyai.online** or using in-app options (where available). - **Push Notifications:** You control notifications per event in the app and via your browser’s permissions.