Your data stays yours.

• Account basics — email, name (if provided), hashed password or OAuth identifier.
• Medication data — names, schedules, doses you log. This is the whole point of the service.
• Device metadata — browser, OS, timezone. Used so reminders fire at the right local time.
• Push subscription — only if you enable reminders, and only the tokens needed to deliver them.

To render your dashboard, fire dose reminders, compute adherence, generate PDF exports, and keep your sessions signed in. We do not run ad targeting, behavioral profiling, or third-party tracking SDKs.

We don’t. No pharmaceutical companies, no advertisers, no data brokers. Medication data is deeply personal and the whole point of PillTrack is that you can trust it.

Only these categories of subprocessors:

• Hosting & database — Vercel (app) and Neon (Postgres).
• Authentication — Google OAuth, if you choose to sign in that way.
• Drug reference lookups — RxNorm and openFDA public APIs. We send drug names to resolve brand/strength/side effects; we do not send your name, email, or any identifying information.

We do not give these providers bulk data. They only see what’s required to render a page or deliver a reminder.

Open Settings → Data → Delete account. Your medications, schedules, dose logs, profiles, and push subscriptions are cascade-deleted immediately. Backups roll off within 30 days.

Data is encrypted in transit (TLS) and at rest (Neon’s managed storage). Passwords are stored only as bcrypt hashes — we can never see them. Push subscription endpoints are scoped per device and revoked on sign-out.

PillTrack is intended for adults. Caregivers can track medications for minors by creating a named profile under their own account. We do not knowingly collect data directly from children under 13.

For data export, correction, or deletion requests beyond the self-serve flow — or for anything you’re not sure about — email us. We’ll respond within 7 days.