Privacy Policy

Last updated: April 11, 2026 · Effective date: April 11, 2026

TinkyBink Inc. ("we", "us") built SyncMeds as a personal medication tracker for you, your family, and your caregivers. Your health information is among the most sensitive data you own, and we designed SyncMeds to protect it by default. This policy explains exactly what SyncMeds stores, where it goes, and what control you have.

1. What we collect, and where it goes

Stored only on your device (never sent to us)

These are encrypted with AES-256-GCM on your iPhone and stored inside iOS's secure app sandbox. The encryption key lives in the iOS Keychain and is never transmitted.

• Your medication list, doses, schedules, and taken/missed history
• Your health journal, feelings, meals, and notes
• Your profile: name, date of birth, address, phone, emergency contact
• Medical information: allergies, conditions, blood type, insurance
• Family member profiles (if you use multi-user tracking)
• Your pharmacies and doctors contact info
• Scan history, AI conversation transcripts, lesson progress, quiz results
• Audit log of every change you make to your medication data

None of this is uploaded to our servers or to any analytics provider. We don't have a database of user medical records. If your phone is lost or wiped, this data is gone.

Sent to third-party services only when you use a specific feature

Some SyncMeds features require external AI or telephony services to work. Each is optional and clearly disclosed in the app. Here is the complete list:

• Scan & Ask (document text to Google Gemini): When you scan a medication label or medical document, the extracted text (not the image) is sent to Google Gemini to structure it and answer your questions. Google processes this request per their Gemini API terms. We do not log or store what you send through Gemini.
• Teach Me Mode and Check What I Learned (Google Gemini): When you tap Teach Me on a scanned document, Gemini generates a lesson plan and quiz questions from your document text.
• Add Medication by Voice (Google Gemini fallback): If our on-device regex parser can't extract the medication name and dose from your voice input, the transcript is sent to Gemini to parse.
• AI Pharmacy Calls (Twilio + SyncMeds backend): When you request an AI pharmacy refill call, your patient name, date of birth, prescription number, and pharmacy phone number are sent to our SyncMeds backend. The backend uses Twilio to place a real phone call. Twilio may retain voicemail and call logs per their retention policy.
• AI Doctor Calls (Twilio + SyncMeds backend): Same as above, but for calls to a doctor's office for scheduling appointments or requesting prescription refills.
• Drug Interaction Check (OpenFDA): When you add a new medication, the medication name is sent to the public OpenFDA API to retrieve its FDA drug label. OpenFDA is a free public service operated by the U.S. Food and Drug Administration. We do not send any personal information — only the drug name.
• Voice Cloning (ElevenLabs, optional): If you enable voice cloning for AI calls, a voice sample is sent to ElevenLabs to generate a clone ID. This is entirely optional and off by default.
• Apple services: SyncMeds uses iOS-provided services like Speech Recognition (for voice input), Vision framework (for OCR, on-device), LocalAuthentication (for Face ID), WatchConnectivity (for Apple Watch sync), and StoreKit (for subscriptions). Apple's privacy policy governs these.

Every AI feature shows a notice the first time you use it. We never send your data to third parties in the background, and we never share data across users or with advertisers.

2. Protected Health Information (PHI)

SyncMeds handles information that qualifies as Protected Health Information under HIPAA when used by a Covered Entity (such as a healthcare provider). Individual consumers are not Covered Entities, and HIPAA does not directly apply to the consumer app. However, we designed SyncMeds to HIPAA standards:

• Encryption at rest: AES-256-GCM on every file storing medical info
• Encryption in transit: TLS 1.3 for all network requests
• Access controls: Optional Face ID / Touch ID / device passcode lock with configurable idle timeout
• Audit trail: Every medication add, edit, delete, and AI call is logged on your device, viewable at Settings → Access Log, and exportable as plain text
• Right of access: Settings → Export My Data downloads every piece of information SyncMeds has stored about you as a JSON file
• Right to erasure: Settings → Delete All Data permanently and irreversibly removes everything

If you are a healthcare organization and you wish to deploy SyncMeds for patient care, contact health@tinkybink.com. We will enter into a Business Associate Agreement (BAA) and help coordinate BAAs with Twilio, Google Cloud, and any other AI providers that may touch PHI.

3. Subscriptions and payments

SyncMeds offers a Free tier and an optional SyncMeds Pro subscription. Payment is handled by Apple via StoreKit. We never see your credit card number. Apple shares an anonymized receipt with the app to verify your subscription status. We do not collect or store any billing information.

4. Children's privacy

SyncMeds is not directed at children under 13. The app is a personal and family medication tracker intended for adults. If you use the app to track a child's medication as a parent or guardian, you are doing so in your capacity as their caregiver and remain responsible for the child's data.

5. Your choices

• Turn off AI features: You can use SyncMeds without ever touching an AI feature. The core reminder, tracking, and journal features work fully offline.
• Turn off pharmacy calls: If you never configure a SyncMeds backend URL or never grant consent for a pharmacy, no call is ever placed.
• Turn off family tracking: Multi-user profiles are optional and gated behind the Pro subscription.
• Lock your data: Enable App Lock in Settings → Privacy & Security to require Face ID or passcode on every launch.
• Export your data: Settings → Export My Data gives you a complete JSON dump of everything SyncMeds has stored.
• Delete your data: Settings → Delete All Data removes everything. There is no backup. There is no server copy.

6. Data retention

SyncMeds stores your data on your device for as long as the app is installed, or until you delete it manually. Uninstalling the app deletes the encrypted data files along with it. We do not keep shadow copies.

Third-party services have their own retention policies:

• Google Gemini: Per Google's Gemini API Terms of Service
• Twilio: Call records retained per Twilio's retention policy
• OpenFDA: Public API, queries are logged per FDA policy but contain no personal data
• ElevenLabs (if used): Per ElevenLabs' privacy policy

7. Security incidents

Because your medical data lives only on your device, a breach of our systems cannot expose your medications or profile. The main security risks are:

• Someone physically gaining access to an unlocked phone (mitigate with App Lock)
• A compromise of a third-party service you've authorized (Google, Twilio, etc.)

If we become aware of a security issue that affects SyncMeds users, we will post a notice at syncmeds.app and push an app update.

8. Changes to this policy

If we make material changes, we will update the date at the top of this page and, for significant changes that affect how your data is used, push an in-app notification when you next open the app.

9. Contact us

Questions about this policy, a data-access request, or an incident report:

• Email: privacy@tinkybink.com
• Healthcare & enterprise: health@tinkybink.com
• General support: support@tinkybink.com

TinkyBink Inc. · SyncMeds is a personal medication tracker. It is not a substitute for medical advice. Always consult your doctor or pharmacist for medical decisions.