Who we are
Gentle Remark LLC ("we," "us," "our") is a California limited liability company that develops mobile applications to help individuals understand and reduce their healthcare spending. This policy describes how our applications handle your information.
Our core commitment
We do not collect, store, or transmit your personal health information to any server. Our applications use a local-first architecture: all health data is processed and stored exclusively on your device. This is a deliberate architectural decision, not a policy promise — there is no server-side infrastructure capable of receiving your health data.
Information we access
When you connect your health insurance account, our application accesses the following data through your insurer's Patient Access API (FHIR R4), as mandated by the Centers for Medicare & Medicaid Services (CMS):
- Pharmacy claims — medications filled, quantities, dates, amounts paid
- Coverage information — plan type, benefit period, formulary tier structure
This data is fetched directly from your insurer's API to your device. Our servers are not involved in this request and do not see the data at any point.
How data is stored on your device
- Health data is stored in an encrypted local database (SQLite) on your phone.
- Authentication tokens are stored in your device's hardware-backed secure enclave (iOS Keychain or Android Keystore). They are never written to disk unencrypted.
- Drug pricing data (publicly available formulary information) is cached locally for offline use.
No health data is synced to any cloud service, backup system, or external database operated by us.
Information we do collect
Our applications collect a small amount of non-health information for basic functionality:
- Account information — if you create an app account (email address, preferences). This is stored on a third-party authentication service (Supabase) and contains zero health data.
- Analytics events — anonymized usage events such as "user completed onboarding" or "user viewed savings screen." These events contain no drug names, amounts, diagnoses, or any information that could identify your health status.
- Crash reports — technical error data sent to our error tracking service (Sentry). We strip all health-related information from crash reports before transmission.
What we do not do
- We do not sell your personal information or health data.
- We do not share health data with third parties.
- We do not use health data for advertising or marketing purposes.
- We do not build profiles based on your health information.
- We do not retain health data on any system we operate.
Third-party services
Our applications interact with the following third-party services:
- Your health insurer's API — accessed directly from your device with your explicit authorization. Governed by your insurer's privacy practices.
- Supabase — user account authentication only. Receives email address and preferences. No health data.
- Sentry — crash reporting. Receives technical error data only. Health information is stripped before transmission.
- PostHog — anonymized product analytics. No health data or personally identifiable information.
Your rights and control
You have full control over your data at all times:
- Disconnect your insurance account at any time, which revokes API access tokens.
- Delete all local data from within the app. This permanently removes all health information from your device.
- Request deletion of your app account and any associated non-health data by contacting us.
Because health data exists only on your device, deleting it from the app is a complete and irreversible deletion. There are no server-side copies for us to retain.
Security
We protect your information through:
- Hardware-backed encryption for authentication credentials
- On-device encrypted storage for health data
- HTTPS for all network communications
- PKCE (Proof Key for Code Exchange) for OAuth authorization flows
- Optional biometric authentication (Face ID / Touch ID) to access the application
Children's privacy
Our applications are not directed to individuals under the age of 18. We do not knowingly collect information from children.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the application. The "last updated" date at the top of this page reflects the most recent revision.
Contact
For questions about this privacy policy or our data practices:
- Entity: Gentle Remark LLC
- Email: hello@gentleremark.com
- Jurisdiction: California, United States