Version: v1.0
Effective Date: March 14, 2026
Applies to: "Consumer health data" as defined by applicable US state laws (including Washington My Health My Data Act and similar laws)
This notice supplements our Privacy Policy and provides additional information required by certain US state consumer health data laws.
1. What Is "Consumer Health Data"?
Under applicable laws, "consumer health data" may include personal information linked or reasonably linkable to you that identifies your health status. In Doserly, this includes:
Category
Medication Information
- Examples
- Medications, supplements, compounds, dosages, schedules
Category
Adherence Data
- Examples
- Dose logs, adherence patterns, missed doses
Category
Symptom Data
- Examples
- Symptoms you track, severity ratings, notes
Category
Lab & Measurement Data
- Examples
- Lab results, vital signs, measurements you enter
Category
Health Insights
- Examples
- Patterns, correlations, or AI-generated observations based on your entries
Category
Health-Related Photos
- Examples
- Images you upload related to health tracking
2. Why We Collect Consumer Health Data
Purpose
Provide medication tracking and reminder features
- Necessary for Service?
- Yes
Purpose
Synchronize data across your devices
- Necessary for Service?
- Yes
Purpose
Generate adherence reports and insights
- Necessary for Service?
- Yes
Purpose
Provide export and data portability tools
- Necessary for Service?
- Yes
Purpose
Maintain security and prevent fraud/abuse
- Necessary for Service?
- Yes
Purpose
Generate AI reports (if you use this feature)
- Necessary for Service?
- Optional (user-initiated)
Purpose
Product analytics (if you opt in)
- Necessary for Service?
- Optional
Purpose
Generate aggregate statistical insights
- Necessary for Service?
- Yes (de-identified only)
3. Categories of Sources
We collect consumer health data from:
Source
You (direct entry)
- Examples
- Information you type, select, or upload
Source
Your device
- Examples
- Automatic timestamps, device identifiers for sync
Source
Service providers
- Examples
- Data returned from sync, notification, or AI services
4. Sharing and Disclosure
We disclose consumer health data only:
Recipient
Service providers
- Purpose
- Operating the app (infrastructure, sync, notifications)
- Your Control
- Required for service
Recipient
AI providers
- Purpose
- Generating AI reports
- Your Control
- Only when you use AI features
Recipient
Your designees
- Purpose
- Caregivers or others you share with
- Your Control
- You control sharing
Recipient
Legal authorities
- Purpose
- When required by law
- Your Control
- N/A
We do NOT sell consumer health data.
5. Your Rights
Depending on your state of residence, you may have the right to:
Right
Confirm
- Description
- Confirm whether we process your consumer health data
Right
Access
- Description
- Obtain a copy of your consumer health data
Right
Delete
- Description
- Request deletion of your consumer health data
Right
Withdraw Consent
- Description
- Withdraw consent for processing beyond what's necessary for the service
Right
Appeal
- Description
- Appeal a decision regarding your request
How to Exercise Rights:
- In-app: Settings > Privacy > Export My Data / Delete Account
- Email: privacy@doserly.com
We will respond within the timeframe required by applicable law (typically 45 days, with possible extension).
6. Aggregate Health Insights & De-Identification
We may use consumer health data in de-identified, aggregate form to generate statistical insights about health and wellness trends (such as dosing patterns, adherence rates, and demographic distributions). Our de-identification practices include:
- Identifier removal: All personal identifiers (user IDs, names, email addresses, dates of birth, device identifiers, IP addresses) are excluded from aggregate analyses
- Minimum group thresholds: We do not compute or report statistics for groups smaller than a meaningful minimum size, to prevent re-identification through small populations
- Aggregate-only queries: We use statistical functions (counts, averages, distributions) across user groups — individual records are never extracted, exported, or reviewed
- No re-identification attempts: We do not attempt to re-identify individuals from aggregate data, and we contractually prohibit any downstream recipient from doing so
These aggregate insights may be used to improve the Services, provide contextual information to users (such as how their adherence compares to general trends), and inform product development. Aggregate insights never contain information that identifies or could reasonably be used to identify you.
7. Consent
Where required by law:
- We obtain consent before collecting consumer health data for purposes beyond providing the Services
- We obtain separate consent before sharing consumer health data with third parties for purposes other than operating the Services
- You may withdraw consent at any time; withdrawal applies to future processing
- De-identified aggregate analysis (described in Section 6) does not constitute collection or sharing of consumer health data under applicable law, as it contains no information that identifies or is reasonably linkable to any individual
AI Report Features — Separate Consent for Sharing
AI-generated report features involve sharing a subset of your consumer health data (including medications, adherence patterns, symptoms, and lab results) with third-party AI and large language model (LLM) providers, including OpenAI, on servers in the United States. This sharing is separate from the collection of your consumer health data for core app functionality.
By choosing to use AI report features, you provide your separate, specific consent for this sharing. AI report features are entirely optional and user-initiated �� your data is shared with AI providers only when you actively request a report. If you do not wish to share your consumer health data with AI providers, do not use AI report features. All other features of the Services remain fully available without AI data sharing.
You may withdraw this consent at any time by ceasing use of AI report features. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
8. Geofencing
We do not use geofencing technology to identify or track consumers seeking health care services, nor do we collect consumer health data within a geofenced area around health care facilities for purposes prohibited by law.
9. Contact
For questions about this notice or to exercise your rights:
Email: privacy@doserly.com