privacy

Privacy Policy — MediSync

Last updated: October 11, 2025

This Privacy Policy explains how NoordWell BV (“we”, “us”, “our”) collects, uses, and shares information when you use the MediSync mobile application (the “App”), our optional MediSync Pill-Box hardware (the “Device”), and our website and store hosted on Shopify (the “Site”). If you do not agree with this Policy, please do not use the App, Device, or Site.

Quick Summary

  • We use your data to provide medication reminders, sync your data, and (if you choose) connect to the Device via Bluetooth.

  • We do not sell your data and we do not show third-party ads.

  • We do not collect precise location.

  • You can export or delete your data and your account at any time (see Your Rights & Choices).

  • The App is not a medical device and does not provide diagnosis or treatment.

Who We Are (Controller)

NoordWell BV
Eerste Jan Steenstraat 72, 1072 NN Amsterdam, Netherlands
Email: privacy@noordwell.com

Scope

This Policy covers:

  • the App (iOS/Android)

  • the Device (Bluetooth-enabled accessory, optional)

  • the Site (Shopify-hosted marketing/store pages)

It does not cover third-party sites or services that link to/from ours.

Information We Collect

1) You Provide

  • Account information: email, display name (if you create an account or sign in).

  • Medication data: names you enter, schedules, dose times, notes, “taken/snoozed/missed” logs.

  • Support messages: emails or in-app feedback you send to us.

2) Collected Automatically

  • App diagnostics: crash logs, performance events, and general usage (e.g., screens opened), typically aggregated and de-identified where possible.

  • Device identifiers: a random app instance ID; push notification token; (if you pair a Device) a device UUID used by iOS for reconnection.

  • Basic device data: app version, OS version, device model.

We do not collect precise location. We do not access your contacts, photos, microphone, or camera.

3) From the Optional MediSync Device (if you pair)

  • Connection data: pairing status, device name, firmware version, battery level.

  • Event data: lid open/close events used to auto-log dose openings if you enable it.

Bluetooth scanning is used solely to discover and connect to your Device; we do not use Bluetooth for location tracking.

4) From the Site (Shopify)

  • Shopping/visit info: pages viewed, items added to cart, orders, payment status (processed by Shopify/your payment provider), IP address, browser type, cookies and similar technologies.

  • You can control cookies via the Site’s cookie banner/preferences.

Why We Use Your Information (Purposes & Legal Bases)

Purpose Examples Legal Basis (EEA/UK)
Core App functions Create meds, schedule and deliver reminders/notifications, log doses, export history Performance of a contract (Terms)
Optional Device pairing Discover/connect via Bluetooth, show battery, auto-log events Performance of a contract; Legitimate interests
Sync & backup Sync across devices, restore data after reinstall Performance of a contract
Support & troubleshooting Respond to tickets, investigate crashes, improve reliability Legitimate interests
Security & abuse prevention Detect misuse, protect accounts Legitimate interests; Legal obligations
Marketing for our own products Non-intrusive product updates (email, in-app), where allowed Consent or Legitimate interests
Compliance Tax, accounting, responding to lawful requests Legal obligations

Where we rely on consent (e.g., notifications in iOS, optional emails where required), you can withdraw it at any time via system or in-app settings.

How We Share Information

We share data only as needed to operate, improve, and protect the service:

  • Service providers (processors), such as:

    • Hosting & database (e.g., Google Firebase/Cloud Firestore)

    • Authentication (e.g., Firebase Auth, Sign in with Apple/Google if enabled)

    • Push notifications (e.g., Apple Push Notification service / Firebase Cloud Messaging)

    • Crash/analytics (e.g., Firebase Crashlytics/Analytics, configured with privacy-respecting defaults)

    • Email/support tools (ticketing, mailing)
      These providers process data under our instructions and contractual safeguards.

  • Shopify (Site only): processes e-commerce data for store operations, payments (through your chosen gateway), order management, and fraud prevention.

  • Legal & safety: if required to comply with law, enforce our terms, or protect rights, safety, and security.

We do not sell personal information, and we do not allow third-party ad networks to track you in the App.

Data Retention

  • Account & medication data: kept while your account is active. If you delete your account, we delete or de-identify associated personal data within 30 days, subject to legal retention needs.

  • Device pairing data: retained while the Device remains linked to your account or until you remove it.

  • Crash/analytics logs: retained for 90 days (aggregate stats may be kept longer without identifying you).

  • Orders (Shopify): retained as required for accounting, tax, and regulatory compliance.

Encrypted backups may persist for an additional 30–90 days before rolling off.

Your Rights & Choices

Depending on your location, you may have rights to:

  • Access the data we hold about you

  • Correct inaccurate data

  • Delete your data (“right to be forgotten”)

  • Port your data to another service

  • Object to or restrict certain processing

  • Withdraw consent at any time (e.g., notifications, marketing)

How to exercise rights:

  • In-App: Settings → Account → Export / Delete (if available)

  • Or email us at privacy@noordwell.com with your request. We may need to verify your identity.

Notifications: iOS Settings → Notifications → MediSync.
Bluetooth: iOS Settings → Privacy & Security → Bluetooth → MediSync.
Cookies (Site): Use the cookie banner/preferences on our Shopify Site.

Children’s Privacy

The App and Site are not directed to children. Do not use the App if you are under the age applicable to your region without parental consent (13 in the U.S.; 16 in parts of the EEA/UK unless local law sets a different age). If you believe a child has provided personal data, contact us to request deletion.

International Transfers

We may process and store information in countries outside your own. Where required (e.g., EEA/UK), we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs) for transfers to providers in countries without an adequacy decision.

Security

We use administrative, technical, and organizational measures to protect your data, including encryption in transit and at rest where supported by our providers, access controls, and regular monitoring. No system is 100% secure; please use strong passwords and keep your device updated.

Third-Party Services

Our App/Site may link to or integrate with third-party services (e.g., Sign in with Apple/Google, Shopify, Firebase). Your use of those services is governed by their own terms and privacy policies. Where feasible, we minimize data shared and configure privacy-preserving defaults.

No Medical Advice

The App is a reminder and tracking tool only. It does not provide medical advice, diagnosis, or treatment and should not be used as a substitute for professional care. Always follow your healthcare provider’s instructions.

Changes to This Policy

We may update this Policy from time to time. The “Last updated” date at the top indicates the effective date. Material changes will be highlighted in-app or on the Site where appropriate.

Contact Us

Questions or requests about privacy?
NoordWell BV
Eerste Jan Steenstraat 72, 1072 NN Amsterdam, Netherlands
Email: privacy@noordwell.com

California Privacy Notice (CPRA/CCPA)

If you are a California resident, this section applies in addition to the information above.

Categories collected: identifiers (e.g., email, app/device IDs), commercial information (orders on the Site), internet/electronic activity (App/Site usage, crash logs), and in-app content you provide (medication names/schedules). We collect these from you, your device, the App/Site, and our service providers.
Purposes: to provide the App/Site/Device, support, security, debugging, internal research, and service improvement.
Disclosures: to service providers and as legally required; no sale and no “sharing” for cross-context behavioral advertising.
Retention: as described in Data Retention.
Your rights: access, delete, correct, portability, and limit use of sensitive information (where applicable). Exercise rights via privacy@noordwell.com. We will not discriminate against you for exercising your rights.

App-Specific Permissions (iOS/Android)

  • Notifications: to alert you at scheduled times with “Taken/Snooze” actions.

  • Bluetooth: to discover and connect to the optional MediSync Device for auto-logging and battery checks. Not used for location.