Legal

Privacy Policy

Effective date: March 7, 2026 · Last updated: March 7, 2026

The short version: MedChart+ syncs your health data to our secure servers so you can access it across all your devices. Your data is encrypted in transit over HTTPS, your password is never stored in plaintext, and we never sell or share your personal information with third parties. This policy explains exactly what we collect, where it lives, and how we protect it.

Encrypted in transit (HTTPS/TLS) Passwords hashed, never stored plain No ads, no tracking Data never sold

1 Who We Are

MedChart+ is a personal health tracking application operated as an independent product and accessible at medchart.life. References to "we," "us," or "our" in this policy refer to the MedChart+ service.

For privacy questions, contact us at privacy@medchart.life.

2 What Information We Collect

Health data (synced to our servers for cross-device access):

Symptoms, events, and health notes you log
Vital sign readings — temperature, blood pressure, heart rate, blood sugar, weight, pain level
Medication names and dosing schedules
User profile names (to support multiple tracked individuals per account)

This data is stored in our PostgreSQL database linked to your account, enabling you to access your full history from any device where you are signed in.

Account credentials:

The email address you register with
A SHA-256 hash of your password — your plaintext password is never stored
A signed JWT session token (30-day expiry) to keep you signed in across sessions

Subscription information (handled by third parties):

If you subscribe to MedChart+ Premium, payment is processed by Apple, Google, or Stripe depending on your platform
We receive only an anonymized subscription status token — no payment card details, billing address, or purchase history

We do not collect: location data, contacts, device identifiers, usage analytics, crash reports, or advertising identifiers.

3 How Your Data Is Stored and Protected

We take the security of health data seriously. The following safeguards are in place:

Encryption in transit — all communication between your device and our servers uses HTTPS/TLS. Your data is never transmitted over an unencrypted connection
Password hashing — your password is hashed with SHA-256 before storage. We cannot recover or read your password
JWT session security — sessions use signed JSON Web Tokens with a 30-day expiry, stored securely in the app on your device
Biometric lock — optional Face ID / fingerprint authentication requires biometric verification each time the app is foregrounded
Privacy screen — an opaque overlay prevents your health data from appearing in the iOS/Android app switcher when the app is backgrounded
Auto-lock — a configurable inactivity timeout (5–30 minutes) automatically signs you out when the app is left unattended
Soft-delete — deleted entries are marked with a deletion timestamp rather than immediately purged, giving you a recovery window. They are not visible within the app

4 Third-Party Services

MedChart+ uses a minimal set of third-party services:

Replit — our servers and database are hosted on Replit's infrastructure. Replit operates under standard cloud security practices. See replit.com/privacy.

We do not use Google Analytics, Facebook SDKs, advertising networks, or any other tracking or analytics service.

5 Data Sharing

We do not sell, rent, trade, or share your personal or health information with any third party.

We may disclose information only if required by law, a valid court order, or to protect the rights and safety of our users — and only to the minimum extent legally required.

6 Your Rights and Data Control

Access — all your data is accessible at any time within the app and synced across your devices
Export — use the built-in export/share feature to export your full entry history at any time
Deletion — you can delete individual entries within the app. To permanently delete your account and all associated server-side data, contact privacy@medchart.life
Portability — exported data is provided in a standard format you can use elsewhere
Correction — if you believe data stored about you is inaccurate, contact us and we will assist in correcting it

If you are in the European Economic Area (EEA), you may also have rights under the GDPR including the right to restrict processing and the right to lodge a complaint with your local supervisory authority.

7 Data Security

PetChart+ implements security safeguards including encryption in transit, access controls via authenticated sessions, session timeouts, and biometric locks.

PetChart+ is a personal pet health tracking tool. It is not a covered healthcare entity and does not store human protected health information. Pet health data you record is used solely to provide the app's tracking features.

8 Data Retention

Your health data and account information are retained on our servers for as long as your account is active. Your session is cleared from the app when you sign out.

To permanently delete your account and all associated data, contact privacy@medchart.life and we will remove everything from our servers within 30 days.

9 Children's Privacy

MedChart+ is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at privacy@medchart.life and we will promptly remove the account.

10 Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes affecting how your data is handled, we will provide in-app notice. Continued use of MedChart+ after changes are posted constitutes acceptance of the updated policy.

11 Contact

For privacy questions, data requests, or concerns about this policy, contact us at:

Email: privacy@medchart.life
Website: medchart.life

MedChart+ is committed to keeping your health data private, secure, and in your control.