Dozly Privacy Policy

Last updated: February 2026

WHAT DATA WE COLLECT & HOW

We collect the following information when you use Dozly: • Account information (email, name) — provided by you at sign-up • Medication schedules and logs — entered by you or scanned from prescription labels • Symptom tracking data — entered by you via the symptom logger • AI conversation history — generated when you use the AI assistant • Device tokens for push notifications — automatically collected with your permission • Subscription and payment status — provided by Apple App Store / Google Play via RevenueCat • Prescription label images — captured by your device camera when you use the scanner (processed immediately, not stored) We do NOT collect location data, contacts, or any data beyond what is needed for the app to function.

HOW WE USE YOUR DATA

Your data is used exclusively to: • Provide medication reminders and tracking • Generate AI-powered health insights • Create reports for your doctor visits • Send push notifications for medication reminders • Process subscription payments We do NOT use your data for advertising, profiling, or any purpose other than providing the Dozly service.

AI-POWERED FEATURES & THIRD-PARTY DATA SHARING

Dozly uses Anthropic's Claude AI to power features including the AI health companion, symptom analysis, drug interaction checking, doctor report generation, weekly insights, and prescription scanning. Data sent to Anthropic: • Your messages to the AI assistant • Medication names, dosages, and frequencies • Symptom data when using symptom analysis • Conversation history for context Data NOT sent to Anthropic: • Your email address or user ID • Pharmacy information or prescription numbers • Full medication logs or adherence history Data retention: Anthropic retains API data for up to 30 days for service operation, then permanently deletes it. Anthropic does NOT use API data to train AI models. Your consent: You must explicitly consent before any data is sent to Anthropic. All AI-powered features — including the AI assistant, drug interaction checks, prescription scanning, doctor reports, symptom analysis, and weekly insights — are gated behind this consent. You can manage this in Settings > AI Data Sharing. Anthropic's privacy practices are governed by their privacy policy at https://www.anthropic.com/privacy

WHO WE SHARE DATA WITH

We do NOT sell, rent, or share your personal or health data with third parties. The only services that process your data are: • Supabase (database hosting, encrypted at rest) • Anthropic/Claude (AI features, with your explicit consent only) • RevenueCat (subscription management only) • Apple App Store / Google Play (payment processing) • Firebase (push notification delivery only) • Sentry (anonymous crash reporting, no health data) • Mixpanel (anonymous usage analytics, no health data) All third-party services are contractually required to provide the same or equivalent level of data protection as described in this policy. Each provider maintains industry-standard security measures including encryption at rest and in transit, and is bound by their respective privacy policies and data processing agreements.

DATA ENCRYPTION

Your health data is protected with industry-standard encryption: • All data is encrypted in transit using TLS/SSL • All data is encrypted at rest in our database • Sensitive tokens are stored in encrypted device storage • Row-level security ensures you can only access your own data

YOUR RIGHTS (GDPR/CCPA)

You have the following rights regarding your data: • Right to Access: Export all your data at any time from Settings > Privacy & Security > Export My Data • Right to Deletion: Delete your account and all associated data from Settings > Privacy & Security > Delete Account • Right to Rectification: Update your profile information at any time • Right to Portability: Your data export is provided in standard JSON format

DATA RETENTION

Your data is retained for as long as your account is active. When you delete your account, all your data is permanently removed from our servers within 30 days. Backups containing your data are purged within 90 days.

COOKIES AND TRACKING

Dozly does not use cookies or tracking pixels. We use Sentry for anonymous crash reporting to improve app stability. No personal health data is included in crash reports.

CHILDREN'S PRIVACY

Dozly is not intended for use by children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

BREACH NOTIFICATION

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours as required by GDPR.

CONTACT US

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: support@dozly.app