Patientic Privacy Policy
Last updated: May 28, 2026
Plain-English summary. Patientic helps you keep your health records in one place. We store the records you choose to add, and we don't sell or share your data with anyone for advertising. You can delete everything at any time from Settings → Delete Account. Sign-in uses Apple or Google so we never see your password.
This Privacy Policy explains what data Patientic ("we", "us", "the app") collects, why we collect it, where it lives, and what control you have over it. By using Patientic you agree to this policy.
1. Who we are
Patientic is an iOS app that helps you organize personal and family health records, find providers, and connect with communities of people managing the same conditions. Contact: privacy@patientic.app.
We are not a healthcare provider, insurer, or HIPAA-covered entity. We operate as a personal-health-record (PHR) tool — the data you put in Patientic belongs to you, not to a clinical institution. Where we process protected health information (PHI) on behalf of a covered entity in the future, we will sign a Business Associate Agreement (BAA) with them before doing so.
2. What data we collect
Account data
- Apple Sign-In or Google Sign-In identifier, name, and email — provided by Apple/Google when you sign in. Apple may relay a privacy-preserving email alias to us if you choose that option.
Health data you enter
- Records: titles, dates, categories, notes, attached files (PDFs, images), procedures, prescriptions, conditions, ICD-10 codes.
- Providers you save or pick from our directory.
- Dependents you manage health records for, including their name, relationship to you, and email if you choose to connect them.
- Conditions you tag and communities you join.
- Optional profile photo.
- Cost information you choose to report.
Forwarded emails
- Each Patientic account has a unique inbox address of the form
{long-random-id}@inbox.patientic.app. When you forward an email to that address — typically a lab result or appointment summary — we receive the message, store the raw email (subject, body, attachments) for 7 days, and create a pending entry in your Inbox tab for review. After 7 days the raw email is automatically deleted; the entry you reviewed and approved in-app stays in your health records under your normal retention. - We do this only when you initiate it by forwarding mail to your own address. We do not subscribe to, scrape, or otherwise pull from your external email accounts.
Technical data
- Crash logs, performance metrics, and diagnostic information — collected on-device by iOS. We do not currently send these to a third-party analytics service. If we add one in the future, we will update this policy first.
We do not collect: location data, contacts, advertising identifiers, web browsing history, microphone or camera input outside of explicit record uploads.
3. How we use it
We use the data above only to:
- Sign you in and keep your session.
- Display, organize, and search your records, providers, communities, and dependents.
- Sync your data across your own devices once cross-device sync ships.
- Diagnose crashes and improve the app.
We do not use your data for advertising, sell it, or share it with data brokers. We do not train AI models on your health data.
4. Where your data lives
- Authentication tokens are stored in your iOS Keychain, encrypted by the device's Secure Enclave.
- Reference catalog (providers, conditions, communities) lives in Supabase — a managed Postgres service. This data is public, non-personal information (e.g., the NPI Registry of US clinicians).
- Your records and dependents currently live only on your device. We have not yet enabled cross-device sync. When we do, those records will be stored in an AWS-hosted environment governed by a Business Associate Agreement, and encrypted at rest and in transit. We will update this policy and notify you in-app before that change takes effect.
- Profile photo is stored locally on your device.
- Raw forwarded emails (when you use the Inbox forwarding feature) are stored in a separate AWS S3 bucket under the same BAA, encrypted at rest with a dedicated AWS KMS key, and auto-expired after 7 days. Only our email-ingestion service can read this bucket; the rest of the Patientic backend cannot.
Data hosted by Supabase is processed in the United States. Data hosted by AWS, when enabled, will also be processed in the United States.
5. Who we share it with
- Apple Sign-In / Google Sign-In — for authentication only. Apple and Google receive the fact that you signed in to Patientic, but not your records.
- Supabase, Inc. — our backend provider. They process the reference catalog and, in the future, your records under a Data Processing Addendum.
- AWS — host for the PHI tier (Aurora, S3, KMS) and our transactional email infrastructure (Amazon SES). Governed by a BAA.
- Email recipients you choose. Patientic sends transactional, single-
recipient email only when you initiate it from the app:
- You — when you tap "Email Me a Copy" in Settings, we email a PDF of your data to the email address on your account. The recipient is pinned server-side to your own profile email; we will not send your export to anyone else.
- A healthcare provider you've already approved — when you tap "Request records" on a sender who is on your approved-senders list (i.e. someone who has already emailed you), we send a templated records-request email to that address. Your personal email never appears on the wire; the provider replies to your Patientic forwarding address, and the reply lands back in your Inbox tab. We do not send marketing, newsletters, bulk email, or to addresses you haven't explicitly added.
We may also disclose information when required by law, to enforce our Terms, to investigate fraud, or to protect users' safety.
5.1 Information about people who email you through Patientic
When a healthcare provider, lab, or other sender emails your Patientic forwarding address, or when you initiate a records request to a sender, we store the sender's email address and the message metadata (subject, sent-at, attachment filenames) to make the message available in your Inbox. We do not share that information with anyone else. A provider whose office wants their email removed from a Patientic user's approved- senders list can email privacy@patientic.app.
6. Security
- All network traffic uses TLS 1.2+.
- The Supabase publishable key in the app is restricted by Row-Level Security policies so it cannot read or write data outside its allowed scope.
- Sensitive credentials live in the iOS Keychain, not in plain files.
- We do not log your health record contents.
No system is perfectly secure. If you believe you've found a vulnerability, email security@patientic.app and we'll respond as quickly as we can.
7. Your rights
You can, at any time:
- Access your data — everything is visible in the app.
- Export your data — Settings → Export My Data downloads a PDF report covering every category we hold for you (profile, records, visits, providers, dependents, cost reports, inbox metadata, and the activity log). Email Me a Copy on the same screen sends the same PDF to the email address on your account.
- Correct your data — edit anything inside the app.
- Delete your data — Settings → Delete Account permanently removes your account and associated records within 30 days. This includes any raw forwarded emails still inside the 7-day retention window — they are purged immediately at account-delete time rather than waiting on the lifecycle policy.
If you are a California resident (CCPA), an EU/UK resident (GDPR), or a resident of another jurisdiction with similar rights, you may also have the right to object to or restrict certain processing, and to lodge a complaint with your local data protection authority. To exercise any of these rights, email privacy@patientic.app.
8. Children's privacy
Patientic is not intended for children under 13. If you are between 13 and 18, please use Patientic only with a parent or guardian's consent. Parents managing records for a minor child as a dependent are acting in their capacity as the child's legal representative.
9. Changes to this policy
If we make material changes, we will notify you in-app and update the date at the top of this page. Continued use after changes take effect constitutes acceptance of the updated policy.
10. Contact
- General: hello@patientic.app
- Privacy: privacy@patientic.app
- Security disclosures: security@patientic.app