Doserly App Privacy Policy

Version: v1.0
Effective Date: April 9, 2026
Last Updated: April 9, 2026
Controller/Company: Doserly ("Doserly," "we," "us," "our")
Contact: privacy@doserly.com
Applies to: Doserly mobile application and related services (the "Services")

Summary (Plain Language)

Doserly helps you track medications, supplements, symptoms, and health information you choose to enter. We designed Doserly to be privacy-first:

Your data stays yours. Health data is stored encrypted on your device and synced to secure cloud infrastructure.
Cloud sync is required to use Doserly (for multi-device access and backup).
Optional features are off by default. Analytics and session replay only operate if you explicitly opt in.
We use aggregate insights responsibly. We may analyze de-identified, aggregate health data to identify trends and improve the Services for all users. This never includes your name, email, or other personally identifying information.
We minimize data sharing. We use service providers only as necessary to operate the app.
We do not sell your health data.

This summary does not replace the full policy below.

1. Information We Collect

A. Information You Provide

Category

Account Information

Examples: Email address, authentication credentials, account preferences

Category

Health & Wellness Data

Examples: Medications, supplements, compounds, dosing schedules, adherence logs, symptoms, lab results, measurements, notes, photos/attachments, inventory data, protocols/cycles

Category

Profile Information

Examples: Profile names, caregiver relationships (if you create multiple profiles)

Category

Support Communications

Examples: Messages, attachments, and metadata from support requests

Category

Feedback & Surveys

Examples: Responses to optional surveys or feedback requests

Category	Examples
Account Information	Email address, authentication credentials, account preferences
Health & Wellness Data	Medications, supplements, compounds, dosing schedules, adherence logs, symptoms, lab results, measurements, notes, photos/attachments, inventory data, protocols/cycles
Profile Information	Profile names, caregiver relationships (if you create multiple profiles)
Support Communications	Messages, attachments, and metadata from support requests
Feedback & Surveys	Responses to optional surveys or feedback requests

B. Information Collected Automatically

Category

Device Information

Examples: Device model, operating system version, app version, language, time zone
Purpose: App functionality, troubleshooting

Category

Security & Audit Logs

Examples: Authentication events, consent changes, export/deletion requests, security events
Purpose: Security, compliance, abuse prevention

Category

Crash & Performance Data

Examples: App stability metrics, error reports (configured to minimize sensitive content)
Purpose: Reliability, bug fixes

Category

Usage Data (if opted in)

Examples: Feature interactions, navigation patterns, session timing
Purpose: Product improvement

Category

Lookup Requests

Examples: Supplement search terms, barcode/product identifiers, selected nutrition/product matches
Purpose: Return nutrition and product lookup results

Category	Examples	Purpose
Device Information	Device model, operating system version, app version, language, time zone	App functionality, troubleshooting
Security & Audit Logs	Authentication events, consent changes, export/deletion requests, security events	Security, compliance, abuse prevention
Crash & Performance Data	App stability metrics, error reports (configured to minimize sensitive content)	Reliability, bug fixes
Usage Data (if opted in)	Feature interactions, navigation patterns, session timing	Product improvement
Lookup Requests	Supplement search terms, barcode/product identifiers, selected nutrition/product matches	Return nutrition and product lookup results

C. Optional Data (Only If You Opt In)

Category

Product Analytics

When Collected: If you enable analytics in Settings
Your Control: Toggle off anytime

Category

Session Replay

When Collected: If you enable session replay in Settings
Your Control: Toggle off anytime

Category	When Collected	Your Control
Product Analytics	If you enable analytics in Settings	Toggle off anytime
Session Replay	If you enable session replay in Settings	Toggle off anytime

D. AI Report Data (Only If You Use AI Features)

If you use AI-generated report features, we process a subset of your health data to generate reports. This includes:

Medications, adherence patterns, symptoms, labs, and related tracking data
Prompts, outputs, and generation metadata

AI features are optional. You control whether to use them.

2. How We Use Your Information

We use your information to:

Purpose

Provide core app functionality (tracking, reminders, sync, backup)

Purpose

Authenticate your account and maintain security

Purpose

Process subscriptions and enforce plan features

Purpose

Provide customer support

Purpose

Maintain reliability, prevent abuse, and troubleshoot issues

Purpose

Comply with legal obligations

Purpose

Improve the app (if you opt in to analytics)

Purpose

Debug user experience issues (if you opt in to session replay)

Purpose

Generate AI reports (if you use AI features)

Purpose

Generate aggregate statistical insights (see below)

Purpose
Provide core app functionality (tracking, reminders, sync, backup)
Authenticate your account and maintain security
Process subscriptions and enforce plan features
Provide customer support
Maintain reliability, prevent abuse, and troubleshoot issues
Comply with legal obligations
Improve the app (if you opt in to analytics)
Debug user experience issues (if you opt in to session replay)
Generate AI reports (if you use AI features)
Generate aggregate statistical insights (see below)

Aggregate Health Insights

We may analyze de-identified, aggregate data across our user base to identify health and wellness trends, such as common dosing patterns, adherence statistics, and general usage patterns across demographics. This analysis:

Uses only aggregate queries — we compute statistical summaries (averages, distributions, counts) across groups of users, never individual records
Strips all personal identifiers — user IDs, names, email addresses, dates of birth, device identifiers, IP addresses, and other personally identifying information are never included in aggregate analyses
Enforces minimum group sizes — we do not publish or act on statistics derived from groups smaller than a meaningful threshold, to prevent re-identification of individuals through small-cell analysis
Does not involve individual-level profiling — aggregate insights describe population-level trends, not individual users
May inform features for all users — for example, general adherence trend information or statistical context that helps users understand their own patterns relative to broader trends

This processing is conducted under a legitimate interests basis. If you prefer not to have your data included in aggregate analyses, you may delete your account (Settings > Account > Delete Account), which removes your data from future aggregate computations. Previously computed aggregate statistics that cannot be linked back to any individual may be retained.

We Share Information With:

Recipient Category

Infrastructure providers

Purpose: Cloud hosting, database, sync
Data Shared: Account data, health data (encrypted)

Recipient Category

Security & reliability providers

Purpose: Crash reporting, monitoring
Data Shared: Error logs, device info

Recipient Category

Communication providers

Purpose: Push notifications, transactional email
Data Shared: Device tokens, notification content

Recipient Category

Payment providers

Purpose: Subscription processing
Data Shared: Purchase data, entitlements

Recipient Category

Analytics providers (if opted in)

Purpose: Product improvement
Data Shared: Usage events

Recipient Category

AI providers (if used)

Purpose: Report generation
Data Shared: Health data subset

Recipient Category

Nutrition data providers (if used)

Purpose: Supplement lookup and product/nutrition matching
Data Shared: Lookup requests, product identifiers, and selected match metadata

Recipient Category

Law enforcement/authorities

Purpose: Legal compliance
Data Shared: As required by law

Recipient Category	Purpose	Data Shared
Infrastructure providers	Cloud hosting, database, sync	Account data, health data (encrypted)
Security & reliability providers	Crash reporting, monitoring	Error logs, device info
Communication providers	Push notifications, transactional email	Device tokens, notification content
Payment providers	Subscription processing	Purchase data, entitlements
Analytics providers (if opted in)	Product improvement	Usage events
AI providers (if used)	Report generation	Health data subset
Nutrition data providers (if used)	Supplement lookup and product/nutrition matching	Lookup requests, product identifiers, and selected match metadata
Law enforcement/authorities	Legal compliance	As required by law

We Do NOT:

Sell your personal information or health data
Share health data with advertisers
Use health data for targeted advertising
Share data with data brokers

User-Initiated Sharing

If you choose to export, share, or grant caregiver access to your data, you control that sharing. We facilitate your choices but are not responsible for data once it leaves the Services.

4. Service Providers

We use trusted third-party service providers to operate Doserly. All service providers that process personal information on our behalf are bound by data processing agreements requiring them to:

Process data only as we instruct
Implement appropriate security measures
Delete or return data upon termination
Not use your data for their own purposes

Categories of Service Providers

Category

Cloud Infrastructure

Purpose: Secure data storage, hosting, serverless functions

Category

Synchronization Services

Purpose: Real-time multi-device data sync

Category

Authentication Services

Purpose: Secure account login and verification

Category

Push Notification Services

Purpose: Reminder and notification delivery

Category

Subscription Management

Purpose: Payment processing, entitlement management

Category

Error Monitoring

Purpose: Crash reporting, performance monitoring

Category

Analytics (opt-in only)

Purpose: Product usage analysis

Category

Session Replay (opt-in only)

Purpose: User experience debugging

Category

AI/Machine Learning (if used)

Purpose: AI-generated report processing

Category

Nutrition Data Providers (if used)

Purpose: Supplement lookup and nutrition/product data retrieval

Category	Purpose
Cloud Infrastructure	Secure data storage, hosting, serverless functions
Synchronization Services	Real-time multi-device data sync
Authentication Services	Secure account login and verification
Push Notification Services	Reminder and notification delivery
Subscription Management	Payment processing, entitlement management
Error Monitoring	Crash reporting, performance monitoring
Analytics (opt-in only)	Product usage analysis
Session Replay (opt-in only)	User experience debugging
AI/Machine Learning (if used)	AI-generated report processing
Nutrition Data Providers (if used)	Supplement lookup and nutrition/product data retrieval

Supplement Lookup Providers

If you use supplement lookup features, Doserly may send lookup inputs such as supplement search terms, barcode or product identifiers, and limited request metadata to third-party nutrition data providers, including FatSecret and Open Food Facts, in order to return product and nutrition matches.

These requests are feature-driven and are distinct from optional analytics. They are used to fulfill your lookup request, not to provide targeted advertising.

Depending on the lookup path, those providers may receive:

the search term you typed
a barcode, product identifier, or source identifier
limited technical request metadata such as IP-address-derived network metadata that normally accompanies API traffic

We do not send your full medication history, notes, symptoms, or lab data to these nutrition lookup providers merely because you use supplement search.

On-Device Processing

Some features use on-device processing that does not transmit data to external servers:

Document scanning and text recognition
Biometric authentication
Local encryption key management

International Transfers

Our service providers process data in the United States. Where required by law, we use appropriate legal mechanisms for cross-border transfers (such as data processing agreements, standard contractual clauses, or applicable adequacy frameworks). Data stored in the United States may be subject to lawful access requests by US authorities under applicable law.

Provider Information Requests

For a current list of specific service providers, contact privacy@doserly.com. We will respond within 30 days.

5. Your Choices and Controls

Consent-Based Features

Feature

Product Analytics

Default: OFF
Your Control: Settings > Privacy

Feature

Session Replay

Default: OFF
Your Control: Settings > Privacy

Feature

AI Features

Default: User-initiated
Your Control: Choose whether to use

Feature

Push Notifications

Default: You choose during setup
Your Control: Settings > Notifications

Feature	Default	Your Control
Product Analytics	OFF	Settings > Privacy
Session Replay	OFF	Settings > Privacy
AI Features	User-initiated	Choose whether to use
Push Notifications	You choose during setup	Settings > Notifications

Withdrawing consent stops future data collection as soon as practicable.

Aggregate Analysis: De-identified aggregate analysis (described in Section 2) is conducted under legitimate interests and does not require a separate opt-in. You may request exclusion from future aggregate analyses by deleting your account.

Data Rights

Depending on your location and applicable law, you may have rights to:

Right

Access your data

How to Exercise: In-app export (Settings > Privacy > Export My Data)

Right

Delete your data

How to Exercise: In-app deletion (Settings > Account > Delete Account)

Right

Correct inaccurate data

How to Exercise: Edit directly in app or contact support

Right

Restrict processing

How to Exercise: Contact privacy@doserly.com

Right

Object to processing

How to Exercise: Contact privacy@doserly.com

Right

Data portability

How to Exercise: In-app export provides machine-readable format

Right

Withdraw consent

How to Exercise: Toggle off in Settings or contact us

Right	How to Exercise
Access your data	In-app export (Settings > Privacy > Export My Data)
Delete your data	In-app deletion (Settings > Account > Delete Account)
Correct inaccurate data	Edit directly in app or contact support
Restrict processing	Contact privacy@doserly.com
Object to processing	Contact privacy@doserly.com
Data portability	In-app export provides machine-readable format
Withdraw consent	Toggle off in Settings or contact us

Identity Verification: We may verify your identity before fulfilling data requests to protect your information.

Automated Decision-Making

If you use AI-generated report features, your health tracking data (including medications, adherence patterns, symptoms, and lab results) is processed by automated systems to generate informational summaries. These reports:

Are generated by third-party AI services using a subset of your self-reported data
Are for informational purposes only and are not medical advice
Do not produce decisions with legal or similarly significant effects on you

You are not required to use AI features. If you have concerns about automated processing of your data, contact privacy@doserly.com.

6. Data Retention

We retain information only as long as needed to:

Purpose

Provide Services

Retention Period: While your account is active

Purpose

Security and audit logs

Retention Period: 2 years after relevant event

Purpose

Legal compliance

Retention Period: As required by applicable law

Purpose

Support records

Retention Period: 1 year after resolution

Purpose

Dispute resolution

Retention Period: As needed to resolve or defend claims

Purpose	Retention Period
Provide Services	While your account is active
Security and audit logs	2 years after relevant event
Legal compliance	As required by applicable law
Support records	1 year after resolution
Dispute resolution	As needed to resolve or defend claims

After Account Deletion:

User-linked data is deleted or anonymized within 30 days
Previously computed aggregate statistics that cannot be linked to any individual may be retained (these contain no personal identifiers)
Some records may be retained as required by law or for legitimate business purposes (fraud prevention, legal claims)

7. Data Security

We implement administrative, technical, and physical safeguards to protect your information:

Layer

In Transit

Measures: TLS/HTTPS encryption

Layer

At Rest

Measures: Encrypted database storage

Layer

On Device

Measures: Encrypted local database, secure key storage

Layer

Access Control

Measures: Role-based access, authentication requirements

Layer

Monitoring

Measures: Security event logging and alerting

Layer	Measures
In Transit	TLS/HTTPS encryption
At Rest	Encrypted database storage
On Device	Encrypted local database, secure key storage
Access Control	Role-based access, authentication requirements
Monitoring	Security event logging and alerting

No system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and device.

8. Children and Minors

Doserly is not intended for children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under this age.

If you believe a child has provided personal information to us, contact privacy@doserly.com. We will delete the information promptly.

9. Regional Privacy Rights

A. United States

Depending on your state, you may have rights under laws such as CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), and others. These may include:

Right to know what personal information we collect and how it's used
Right to delete personal information
Right to correct inaccurate information
Right to opt out of "sales" (we do not sell personal information)
Right to limit use of sensitive personal information
Right to non-discrimination for exercising rights

Consumer Health Data: See our Consumer Health Data Notice for additional information required by certain state laws.

B. Canada

Under PIPEDA and applicable provincial privacy laws (including Quebec's Act Respecting the Protection of Personal Information in the Private Sector), you may have rights to:

Access your personal information
Correct inaccurate information
Withdraw consent (subject to legal or contractual restrictions)
Be informed when automated decision-making (including AI-generated reports) is used to process your personal information
Request data portability in a structured format

Your data is stored on servers in the United States and may be accessible to US authorities under applicable law, including the US CLOUD Act. Our service providers are bound by data processing agreements requiring them to protect your information.

Privacy Officer: For privacy inquiries or to exercise your rights, contact our Privacy Officer at privacy@doserly.com.

Complaints: You may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

C. Australia

Under the Privacy Act 1988 and the Australian Privacy Principles, you may have rights to:

Access your personal information
Request correction of inaccurate information
Be informed about cross-border disclosures of your personal information
Be notified of eligible data breaches likely to result in serious harm

Your personal information is disclosed to service providers in the United States, including cloud infrastructure, synchronization, and AI report generation providers. We have binding contractual arrangements with these providers requiring them to handle your information in accordance with the Australian Privacy Principles.

If you are an Australian consumer, certain rights and guarantees under the Australian Consumer Law and the Privacy Act 1988 cannot be excluded by contract, and nothing in our Terms of Service or this Privacy Policy is intended to limit those rights.

Complaints: You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

For material changes:

We will provide prominent notice (in-app notification, email, or both)
Where required by law, we will request renewed consent or acceptance
We will indicate the effective date of changes

Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

11. Contact Us

Privacy Questions or Requests:
Email: privacy@doserly.com

Summary (Plain Language)

1. Information We Collect

A. Information You Provide

Account Information

Health & Wellness Data

Profile Information

Support Communications

Feedback & Surveys

B. Information Collected Automatically

Device Information

Security & Audit Logs

Crash & Performance Data

Usage Data (if opted in)

Lookup Requests

C. Optional Data (Only If You Opt In)

Product Analytics

Session Replay

D. AI Report Data (Only If You Use AI Features)

2. How We Use Your Information

Provide core app functionality (tracking, reminders, sync, backup)

Authenticate your account and maintain security

Process subscriptions and enforce plan features

Provide customer support

Maintain reliability, prevent abuse, and troubleshoot issues

Comply with legal obligations

Improve the app (if you opt in to analytics)

Debug user experience issues (if you opt in to session replay)

Generate AI reports (if you use AI features)

Generate aggregate statistical insights (see below)

Aggregate Health Insights

3. How We Share Your Information

We Share Information With:

Infrastructure providers

Security & reliability providers

Communication providers

Payment providers

Analytics providers (if opted in)

AI providers (if used)

Nutrition data providers (if used)

Law enforcement/authorities

We Do NOT:

User-Initiated Sharing

4. Service Providers

Categories of Service Providers

Cloud Infrastructure

Synchronization Services

Authentication Services

Push Notification Services

Subscription Management

Error Monitoring

Analytics (opt-in only)

Session Replay (opt-in only)

AI/Machine Learning (if used)

Nutrition Data Providers (if used)

Supplement Lookup Providers

On-Device Processing

International Transfers

Provider Information Requests

5. Your Choices and Controls

Consent-Based Features

Product Analytics

Session Replay

AI Features

Push Notifications

Data Rights

Access your data

Delete your data

Correct inaccurate data

Restrict processing

Object to processing

Data portability

Withdraw consent

Automated Decision-Making

6. Data Retention

Provide Services

Security and audit logs

Legal compliance

Support records

Dispute resolution

7. Data Security