Privacy Policy for ShroudID

Effective Date: January 1, 2025
Last Updated: January 11, 2025

1. Introduction

Welcome to ShroudID (the "App"), operated by ShroudID LLC ("we," "us," or "our").

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application. We are committed to protecting your privacy and handling your data with care and transparency.

By using ShroudID, you agree to this Privacy Policy. If you do not agree, please do not use the App.

1.5 Medical Disclaimer

ShroudID is a personal lifestyle and wellness tracking application designed for informational and educational purposes only.

IMPORTANT:

This app is NOT a medical device
This app does NOT provide medical advice, diagnosis, or treatment
This app is NOT a substitute for professional medical advice
Always consult with a qualified healthcare provider before making medical decisions
Never disregard professional medical advice or delay seeking it because of information in this app
If you have a medical emergency, call 911 or your local emergency number immediately

The medication identification feature is for informational purposes only and should always be verified with your healthcare provider or pharmacist.

2. Information We Collect

2.1 Information You Provide Directly

When you use ShroudID, you may provide:

Account Information: Email address, password (encrypted)
Personal Wellness Data (Lifestyle Tracking):
- Medication information (for personal organization and tracking)
- Daily wellness journal entries (mood, energy, sleep, pain levels)
- Symptoms and notes (personal notes and observations)
- Medication purchase history (for personal spending tracking)
Photos: Medication images you upload for AI identification
Subscription Information: Managed by RevenueCat (see Section 4.3)

2.2 Information Collected Automatically

We automatically collect:

Device Information: Device type, operating system, unique device identifiers
Usage Data: App features used, screen views, interaction timestamps
Error Logs: Technical diagnostics and crash reports (when you experience app issues)

2.3 Information We Do NOT Collect

❌ We do NOT collect your location data
❌ We do NOT access your contacts
❌ We do NOT track you across other apps or websites
❌ We do NOT sell your data to third parties

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

✅ Provide personal medication organization and tracking
✅ Generate AI-powered medication identification (informational purposes only)
✅ Create personalized lifestyle insights and monthly reports
✅ Sync your data across your devices
✅ Process your subscription through RevenueCat
✅ Send you app notifications (medication reminders, wellness check-ins)
✅ Improve app performance and fix bugs

3.2 Legal Basis (For International Users)

We process your data based on:

Your Consent: You explicitly agree when creating an account
Contractual Necessity: To provide the services you signed up for
Legitimate Interests: To improve the app and ensure security

4. Third-Party Services

We use trusted third-party services to operate the App:

4.1 AWS (Amazon Web Services)

What they do: Host our backend, store your data
Data shared: All data you provide (encrypted in transit and at rest)
Privacy Policy: aws.amazon.com/privacy

Services used:

AWS Amplify (authentication, API)
Amazon S3 (photo storage)
Amazon DynamoDB (database)

4.2 AI Service Providers

What they do: AI-powered medication identification
Data shared: Medication images you submit for identification

Important: Our AI service providers process images for medication identification but do NOT store your images permanently or train models on your data.

4.3 RevenueCat

What they do: Manage subscriptions and in-app purchases
Data shared: User ID (anonymized), subscription status, purchase history
Privacy Policy: revenuecat.com/privacy

Note: Payment information (credit card details) is handled by Apple App Store or Google Play Store, NOT by us or RevenueCat.

4.4 Analytics and Error Tracking

PostHog (Product Analytics):

What they do: Track app usage, feature adoption, and user behavior analytics
Data shared: Anonymized usage events (screen views, feature usage), device type, app version
Privacy Policy: posthog.com/privacy

Note: We do NOT share personally identifiable information (PII) with PostHog. User IDs are anonymized.

Sentry (Error Tracking):

What they do: Track app crashes, errors, and performance issues
Data shared: Error logs, crash reports, device information, app version
Privacy Policy: sentry.io/privacy

Note: Error logs may contain technical information but we scrub sensitive data before sending.

4.5 Future Analytics Partners (Optional)

We may add additional analytics or tracking tools in the future to improve the app. If we do, we will:

Update this policy immediately
Notify you via email or in-app notification
Only share anonymized, aggregated data
Never sell your personal information

5. Data Storage and Security

5.1 Where Your Data is Stored

Servers: AWS data centers in the United States
Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
Data Type: Personal lifestyle and wellness tracking data (not medical records)

5.2 How Long We Keep Your Data

Active Accounts: As long as your account is active
Deleted Accounts: 30 days after deletion request (for backup recovery)
Backup Retention: 90 days in encrypted backups

5.3 Security Measures

We implement industry-standard security practices:

✅ End-to-end encryption for sensitive personal data
✅ Secure authentication (AWS Cognito with MFA support)
✅ Regular security audits
✅ Access controls (only authorized personnel can access servers)

However, no system is 100% secure. We cannot guarantee absolute security, but we take all reasonable precautions.

6. Your Privacy Rights

6.1 All Users (Worldwide)

You have the right to:

Access: Request a copy of your data
Correction: Update incorrect information via app settings
Deletion: Delete your entire account and all data (via Settings > Data & Privacy)
Export: Download your data in CSV or PDF format (Premium feature)
Opt-Out: Disable notifications, emails, or specific features

6.2 California Residents (CCPA)

Under the California Consumer Privacy Act, you have additional rights:

Right to Know: What personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do NOT sell your data, so no opt-out needed
Non-Discrimination: We won't discriminate if you exercise your rights

To exercise your rights: Go to Settings > Data & Privacy or email [email protected]

6.3 European Residents (GDPR)

If we expand internationally, GDPR rights will include:

Right to data portability
Right to restrict processing
Right to object to processing
Right to withdraw consent

6.4 Account Deletion

How to Delete Your Account and All Associated Data:

Method 1: Via the App (Recommended)

Open the ShroudID app on your device
Navigate to Settings > Data & Privacy
Tap "Delete All Data"
Read the confirmation message carefully
Enter your confirmation text to proceed
Tap "Delete All Data" to confirm
Your account and all associated data will be permanently deleted

Method 2: Via Email (If you cannot access the app)

Email us at [email protected] with:

Subject: "Account Deletion Request"
Your account email address
Confirmation that you want to delete your account

What Gets Deleted:

Your account information (email, display name, profile picture)
All medication data and tracking information
All wellness journal entries (mood, sleep, symptoms, vital signs)
All community posts, stories, comments, and messages
All medication identifications and AI chat history
All uploaded photos and images
All subscription information and payment history
All app preferences and settings

Data Retention Period:

Deleted accounts are permanently removed from our active database within 30 days
Encrypted backup data is retained for 90 days for recovery purposes, then permanently deleted
Some anonymized, aggregated data may be retained for analytics purposes (no personal identifiers included)

Important Notes:

Account deletion is permanent and cannot be undone
You will lose access to all your data immediately upon deletion
If you have an active subscription, it will be cancelled (no refunds for unused time)
You can create a new account anytime, but your previous data cannot be recovered

7. Children's Privacy (Age Restriction)

Minimum Age: 13 years old

Users under 13 are NOT permitted to use ShroudID
Users aged 13-17 must have parental/guardian consent
We do not knowingly collect data from children under 13

If we discover a user under 13: We will immediately delete their account and all associated data.

Parents: If you believe your child under 13 has created an account, contact us at [email protected]

8. Cookies and Tracking

ShroudID does NOT use cookies or tracking technologies because it is a native mobile app (not a website).

We may use:

Session Tokens: To keep you logged in (stored locally on your device)
Device Identifiers: To sync your data across devices

9. Data Sharing and Disclosure

9.1 We Do NOT Sell Your Data

We will NEVER sell, rent, or trade your personal information to third parties for marketing purposes.

9.2 When We May Share Data

We may share your data only in these limited circumstances:

With Your Consent: When you explicitly authorize sharing
Service Providers: AWS, AI service providers, RevenueCat (as described in Section 4)
Legal Compliance:
- To comply with court orders or legal obligations
- To protect our rights or defend against legal claims
- To prevent fraud or illegal activity
Business Transfers: If ShroudID is acquired or merged, your data may transfer (you'll be notified)

9.3 Crisis Hotline Information

We provide crisis hotline numbers (988 Suicide & Crisis Lifeline, SAMHSA, etc.) for your safety. We do NOT share your data with these organizations unless you contact them directly.

10. International Users

ShroudID is currently available to U.S. residents only.

If you access the App from outside the United States:

Your data will be transferred to and stored in the U.S.
U.S. privacy laws will apply
We comply with international data protection standards where possible

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

We'll update the "Last Updated" date at the top
We'll notify you via email or in-app notification
Continued use of the App means you accept the updated policy

Major changes (like new data collection practices) will require your explicit consent.

12. Medical Disclaimer and Data Classification

ShroudID is a personal lifestyle and wellness tracking application, NOT a medical device or healthcare provider.

Important Disclaimers:

This app is for informational and educational purposes only
We do NOT provide medical advice, diagnosis, or treatment
Your data in ShroudID is NOT part of your official medical record
We do NOT share your data with healthcare providers or medical professionals
Always consult with a qualified healthcare provider for medical decisions
This app is NOT a substitute for professional medical advice

Data Classification: The information you store in ShroudID is personal lifestyle data for your own organization and tracking purposes, not protected health information (PHI) under HIPAA.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights:

Email: [email protected]
Company: ShroudID LLC
Response Time: We aim to respond within 30 days

For urgent account issues: Use the in-app support feature (Settings > Contact Support)

14. Effective Date and Acceptance

This Privacy Policy is effective as of January 1, 2025.

By creating an account and using ShroudID, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Last Reviewed: January 11, 2025

Summary (TL;DR)

What we collect: Email, personal medication organization data, lifestyle journal entries, photos for AI identification (informational purposes only)

Why we collect it: To provide medication tracking, AI identification, and personalized insights

Who we share with: AWS (hosting), AI service providers, RevenueCat (subscriptions), PostHog (analytics), Sentry (error tracking) — We NEVER sell your data

Your rights: Access, delete, export your data anytime via app settings

Security: Encrypted data, secure servers, GDPR/CCPA compliant

Questions? Email [email protected]

This Privacy Policy was last updated on January 11, 2025.
Thank you for trusting ShroudID with your wellness journey.