Privacy Policy

Last updated: March 5, 2026

1. Introduction

SnapRx ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using SnapRx, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and password (hashed with Argon2id; we never store plaintext passwords).
  • Medication Data: Prescription details you enter manually or via bottle scanning, including drug names, dosages, prescribers, and pharmacy information.
  • Health Metrics: Blood pressure, blood sugar, weight, and other health data you choose to log.
  • Profile Information: Optional details like date of birth, allergies, or insurance information.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, and mobile network information.
  • Usage Data: Features used, timestamps, and interaction patterns (aggregated and anonymized).
  • Camera Data: Images captured for bottle scanning are processed in memory and are not stored on our servers after OCR processing is complete.

2.3 Information from Third Parties

  • Drug Information: We query the FDA's openFDA API and NIH's RxNorm service to provide accurate medication data.
  • Pricing Data: We aggregate pharmacy pricing from NADAC databases, Cost Plus Drugs, and pharmacy chain APIs.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Display medication information, pricing comparisons, and interaction warnings
  • Send medication reminders and health notifications you've configured
  • Detect and prevent fraud, abuse, and security incidents
  • Generate anonymized, aggregate analytics to improve our product
  • Respond to customer support requests

We do not sell your personal information to third parties. We do not use your health data for advertising purposes.

4. Data Security

We implement industry-leading security measures to protect your data:

  • Encryption in Transit: All data is transmitted over TLS 1.3.
  • Encryption at Rest: Sensitive data is encrypted using AES-256 in our database.
  • Password Hashing: Argon2id with per-user salts (the current gold standard recommended by OWASP).
  • Authentication: JWT-based with short-lived access tokens (30 minutes) and revocable refresh tokens.
  • Zero PII Logging: Our application logs contain no personally identifiable information. All logging uses structured JSON via structlog.
  • Rate Limiting: Redis-backed sliding window rate limiting protects against brute force attacks.
  • Infrastructure: Deployed on Google Cloud Run with managed PostgreSQL and Redis instances.

5. Data Retention

We retain your account and medication data for as long as your account is active. If you delete your account, we will permanently delete all personal data within 30 days, except where retention is required by law.

Anonymized, aggregate data (e.g., medication usage statistics) may be retained indefinitely for research and product improvement.

6. Data Sharing

We do not sell your data. We may share information only in these limited circumstances:

  • Service Providers: Google Cloud (hosting), Google Cloud Vision (OCR processing). All providers are bound by data processing agreements.
  • Legal Requirements: If required by law, subpoena, or court order.
  • Safety: To protect the rights, safety, or property of SnapRx, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Export your data in a portable format
  • Opt out of non-essential data collection
  • Withdraw consent at any time
  • Lodge a complaint with a data protection authority

To exercise any of these rights, contact us at privacy@snaprx.app.

8. Children's Privacy

SnapRx is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via in-app notification or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices:

  • Email: privacy@snaprx.app
  • Mail: SnapRx, Inc., Attn: Privacy Team