The short version. PillTime is built privacy-first. We do not operate a server that collects or stores your health data. We do not run analytics SDKs. We do not run advertising trackers. We do not sell, share, or rent anything to anyone. We do not collect Protected Health Information (PHI).
1. No PHI by design
PillTime is engineered to never collect, store, transmit, or process Protected Health Information as defined under HIPAA. Specifically:
- The AI scanner is instructed not to extract your patient name, your prescribing clinician's name, your prescription number, or your insurance/plan/member-ID information.
- If any of those fields are returned anyway, we strip them on your device before they are written to storage.
- There is no Insurance feature in PillTime.
- You agree NOT to enter PHI into free-text fields (Notes, etc.). If you do, that data lives on your device only and is your responsibility.
2. What stays on your device
- The list of medications you add (name, strength, schedule, pill count, notes you type).
- Your dose-taking history.
- Your AI provider API key (encrypted in your device's secure keychain).
- App preferences.
3. What leaves your device — and when
- When you scan a bottle, the image is sent from your device directly to your chosen AI provider (Google Gemini or OpenAI) using your API key. PillTime does not see, proxy, log, or retain the image. Your AI provider receives the image under its own privacy policy.
- When you fetch drug information, your device queries the U.S. FDA openFDA API and the NIH RxNorm API. Those public APIs receive only the drug-name string you are looking up.
- When you tap an external link (PubMed, MedlinePlus, Drugs.com, GoodRx, the PillTime website, etc.), your device opens that URL in your browser, and that destination's privacy policy applies.
- When you call your pharmacy or open Directions, your device's phone/maps app handles it. PillTime is not in the loop.
- When you tap "Share with my doctor," the medication summary leaves your device only through the destination you pick in the OS share sheet (AirDrop, Mail, Notes, Print, etc.). PillTime does not transmit it.
4. What we do not collect
- We do not have analytics SDKs.
- We do not have advertising trackers.
- We do not have user accounts.
- We do not have a backend server.
- We do not sell, share, or rent any data to any third party.
- We do not collect crash reports unless required by the App Store and you opt in.
5. Children
PillTime is not directed to children under 13 and does not knowingly collect data from them.
6. Your rights
Because your data lives on your device, you can delete all of it at any time by deleting the App, or by removing individual medications and clearing history inside the App.
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you rights to know, delete, correct, and limit the use of your personal information. Because PillTime does not collect or hold any of your personal information on our servers, those rights are exercised by simply uninstalling or modifying the App on your device. To raise any other CCPA/CPRA concern, write to privacy@pilltime.app.
7. Security
We use the security primitives provided by your device's operating system (Apple iOS sandboxing + Keychain, Android sandboxing + encrypted shared preferences). We make no warranty that those primitives are unbreachable; you accept the security model of your device when you use the App.
8. Changes
We may update this Privacy Policy. The "Last updated" date above will change when we do. Continued use of the App after the update means you accept the revised Policy.
9. Contact
privacy@pilltime.app
Founders: Dr. Molina and Dr. Javadi