Back to home
Legal

Privacy Policy

Last updated:  ·  Effective: April 5, 2026  ·  Applies to: MyDailyCaps Android app & this website

⚠️
Placeholder Content — Not Yet Legally Reviewed This Privacy Policy is a structured draft placeholder written to reflect Google Play's data safety requirements. It has not been reviewed by a legal professional. Replace all placeholder blocks and the contact details with your actual, lawyer-approved content before publishing.

1 Overview

MyDailyCaps ("we", "our", or "us") respects your privacy. This Privacy Policy explains what personal information we collect when you use the MyDailyCaps mobile application (the "App") and this website (the "Site"), why we collect it, how we use it, and the rights you have over it.

This policy applies specifically to the MyDailyCaps App and Site. By using our App or Site you agree to the collection and use of information described in this policy.

Short version: We collect only what is necessary to run the App. We do not sell your personal data. We do not show you ads. Your supplement data stays private.

2 Data We Collect

We collect the minimum data required to provide the App's features. Below is a complete description of each data type, why it is collected, and whether it is required or optional.

2.1 Account Information

Data type Required? Purpose
Email address Required Account creation, login, and password reset
Password (hashed) Required Authentication — stored as a secure hash, never in plain text
Authentication tokens (JWT) Required Maintaining a secure login session on your device

2.2 Supplement & Health Tracking Data

Data type Required? Purpose
Supplement names & descriptions Required Core app functionality — displaying your supplement list
Dose amounts & units Required Displaying dosage information in your daily schedule
Schedules & reminder times Required Sending reminders and building your daily schedule
Intake log (taken / missed / skipped) Required Tracking your adherence history and streaks

2.3 App Usage & Technical Data

Data type Required? Purpose
Crash reports & error logs Required Diagnosing and fixing app errors to ensure stability
App version & OS version Required Compatibility support and debugging
Placeholder — verify and expand

Review this table against your actual backend implementation. Add any additional data types collected (e.g. push notification tokens, device identifiers, analytics events). If you integrate any third-party SDKs (analytics, crash reporting, push notifications), list all data those SDKs collect here as well — Google Play requires full disclosure of SDK-collected data as if it were your own.

2.4 Data We Do NOT Collect

  • Precise or approximate device location
  • Contacts or phone book
  • Microphone, camera, or media files
  • Financial or payment information
  • Biometric data
  • Browsing history or activity outside the App
  • SMS messages or call logs

3 How We Use Your Data

We use the data we collect for the following purposes:

  • App functionality: Storing your supplement schedules and intake history so they are available across sessions and devices.
  • Authentication & security: Verifying your identity, maintaining your login session, and protecting your account from unauthorised access.
  • Notifications & reminders: Sending you timely reminders to take your supplements at the times you have configured.
  • App stability: Detecting and resolving crashes and errors to improve the reliability of the App.
  • Customer support: Responding to questions or requests you send us.
  • Legal compliance: Meeting obligations under applicable laws and regulations.

We do not use your data for advertising, marketing to third parties, user profiling for commercial purposes, or any purpose not listed above.

Placeholder — add or remove purposes

Update this list to accurately reflect all actual uses of user data in your backend and any integrated SDKs.

4 Data Sharing & Third Parties

We do not sell, rent, or trade your personal information to any third party. We may share data only in the following limited circumstances:

4.1 Service Providers

We may engage trusted third-party companies to perform services on our behalf (e.g. hosting infrastructure, email delivery). These providers have access to personal data only to perform those tasks and are contractually prohibited from using it for any other purpose.

Placeholder — list your service providers

List every third-party service provider here by name, the data they receive, and their role. Examples: cloud hosting provider (e.g. Fly.io, AWS), email service (e.g. SendGrid), crash reporting (e.g. Sentry), push notifications (e.g. Firebase Cloud Messaging). Google Play's Data Safety form requires you to identify these parties.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal request (such as a court order or government authority), or to protect the rights, property, or safety of MyDailyCaps, our users, or the public.

4.3 Business Transfers

If MyDailyCaps is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

4.4 Third-Party SDKs

Placeholder — disclose all SDKs

List every third-party SDK integrated in the App. For each, state: the SDK name, the company providing it, what data it collects, and a link to that company's own privacy policy. Google Play treats any data collected by an SDK as data collected by your app and requires full disclosure. If you currently use no third-party SDKs, state that explicitly here.

5 Data Retention

We retain your personal data for as long as your account is active or as needed to provide the App's features. Specifically:

  • Account data (email, hashed password): retained until you delete your account, after which it is permanently deleted within 30 days.
  • Supplement & intake data: retained for the lifetime of your account and deleted within 30 days of account deletion.
  • Error logs and crash reports: retained for up to 90 days for debugging purposes, then automatically purged.

We may retain certain data for longer periods if required by law or for legitimate fraud-prevention or security purposes. In such cases we will retain only the minimum data necessary and for no longer than legally required.

Placeholder — confirm retention periods

Verify the above retention periods against your actual backend implementation and any legal obligations in your jurisdiction. Update the timelines (e.g. "30 days") to match your real deletion pipeline.

6 Security

We take the security of your personal data seriously and implement industry-standard measures to protect it:

  • Encryption in transit: All communication between the App and our servers is encrypted using HTTPS / TLS.
  • Encryption at rest: Personal data stored on our servers is encrypted at rest.
  • Password hashing: Passwords are never stored in plain text — they are stored as secure hashes using industry-standard algorithms.
  • Authentication tokens: Session tokens (JWTs) are stored securely on your device and transmitted only over encrypted connections.
  • Access controls: Access to personal data on our infrastructure is restricted to authorised personnel only.

While we implement these safeguards, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you of any breach that may materially affect your data as required by applicable law.

Placeholder — verify security measures

Confirm that each security measure listed above actually reflects your backend implementation. Add any additional measures in place (e.g. rate limiting, two-factor authentication support, penetration testing cadence, SOC 2 compliance, etc.).

7 Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us using the details in Section 13.

7.1 All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data (see Section 8).
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to the processing of your data for any purpose.

7.2 European Economic Area (EEA) & UK — GDPR Rights

If you are located in the EEA or UK, the General Data Protection Regulation (GDPR) grants you additional rights:

  • The right to restrict processing of your personal data.
  • The right to withdraw consent at any time (where processing is based on consent).
  • The right to lodge a complaint with your local supervisory authority.

Our lawful basis for processing your data is contract performance (to provide the App's features you have requested) and legitimate interests (security and fraud prevention). Where we rely on consent, you may withdraw it at any time.

7.3 California — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following additional rights:

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to opt out of the sale or sharing of personal information (note: we do not sell or share personal information for commercial purposes).
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.
  • The right to limit the use of sensitive personal information.
Placeholder — jurisdiction review required

Have a legal professional review the jurisdiction-specific rights sections above and add any additional regions where your app is available (e.g. Brazil LGPD, Australia Privacy Act, Canada PIPEDA). Confirm the lawful basis for processing under GDPR with your lawyer.

8 Account & Data Deletion

Google Play requires that apps offering in-app account creation also offer an easy way to delete that account and all associated data. MyDailyCaps honours this requirement:

8.1 How to Delete Your Account

You can delete your account directly from within the App:

  1. Open the App and go to the Settings tab.
  2. Tap Account.
  3. Tap Delete Account and confirm your choice.

Your account and all associated data (supplement list, intake history, schedules) will be permanently deleted within 30 days of your request. You will receive a confirmation email once deletion is complete.

Placeholder — verify deletion flow

Confirm that this account-deletion flow is implemented in the app's Settings screen. If account deletion is not yet available in-app, provide an alternative mechanism (e.g. a web form or email address) and implement the in-app flow before publishing to Google Play. Google Play mandates that the deletion option is "readily discoverable" and users must not need to reinstall the app to access it.

8.2 Data Deletion Without Account Deletion

You may also request deletion of specific data (such as your intake history) without deleting your account. Contact us at the address in Section 13 and we will respond within 30 days.

8.3 Data Retained After Deletion

After an account is deleted, we may retain the following data for the periods specified, for the reasons noted:

  • Anonymised, aggregated statistics (no personal identifiers): retained indefinitely for product improvement.
  • Transaction / billing records (if applicable): retained as required by applicable financial regulations.
Placeholder — list actual retention exceptions

List any specific data categories retained post-deletion and the legal or operational reason for each. Be precise — Google Play requires you to disclose retention timelines and reasons.

9 Children's Privacy

MyDailyCaps is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 13 and we will delete that information promptly.

If you are between the ages of 13 and 18, please review this Privacy Policy with a parent or guardian before using the App.

Placeholder — review minimum age and COPPA

If your app targets or is accessible to users under 13 in the United States, you must comply with COPPA and obtain verifiable parental consent before collecting any data from minors. Consult a lawyer to determine whether COPPA or equivalent children's privacy laws apply to your app and implement the required consent mechanisms.

10 Health & Supplement Data

MyDailyCaps is a personal tracking tool only. It is not a medical device and does not provide medical advice, diagnosis, or treatment recommendations. The supplement names, doses, and schedules you enter are treated as personal notes.

We handle your supplement tracking data with particular care:

  • Your supplement data is associated only with your account and is never shared with third parties for commercial purposes.
  • We do not access or integrate with Android Health Connect or any other health platform.
  • Supplement data is encrypted in transit and at rest.
  • We do not use your supplement data to infer health conditions or for any profiling purpose.
Placeholder — update if Health Connect is added

If you ever integrate with Android Health Connect, Google Play requires that only apps with an approved health, fitness, medical care, or health research use case may access that data. You must obtain explicit user consent before any Health Connect data is shared with third parties and update this section accordingly.

11 International Users

MyDailyCaps is operated from [Country — placeholder] . If you are accessing the App from outside that country, please be aware that your information may be transferred to, stored, and processed in a country with different data protection laws than your country of residence.

For users in the European Economic Area or United Kingdom, any transfer of personal data outside the EEA/UK will be subject to appropriate safeguards as required by applicable data protection law (e.g. Standard Contractual Clauses).

Placeholder — specify country and transfer mechanisms

State the country or region where your servers are located and the legal mechanism used to transfer data internationally (e.g. Standard Contractual Clauses, adequacy decision, Binding Corporate Rules). Your lawyer should advise on this section.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we do, we will update the "Last updated" date at the top of this page.

For material changes — those that significantly affect how we handle your personal data — we will provide advance notice via an in-app notification or email at least 14 days before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

13 Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Placeholder — add contact details (required by Google Play)

Google Play requires every app's privacy policy to include a clear point of contact or mechanism for privacy inquiries. Replace this block with your actual contact information, for example:

MyDailyCaps
[Legal entity name]
[Registered address]
[City, Country, Postal code]
Email: privacy@mydailycaps.com
Response time: within 30 days

Privacy questions?

We're committed to being transparent about how we handle your data. If anything is unclear, reach out — we'll respond promptly.

Contact Privacy Team