Privacy Policy

Last updated: April 07, 2026
Company: Elite Solutions Hub Ltd, 16 Parrotts Field, United Kingdom
Contact: legal@elitesolutionshub.com

This Privacy Policy describes how Heritage Med ("we", "us", or "our") collects, uses, and discloses your information when you use our mobile application, and tells you about your privacy rights and how the law protects you.

1. Information We Collect

We collect the following categories of personal information:

• Identifiers: Email address, full name
• Health Information: Medical conditions, medications, allergies, and family health history that you voluntarily enter (see Section 2)
• Photos and Media: Photos and documents you upload from your device camera or library (medical records, documents)
• Device Information: Device identifiers, operating system, and app usage data
• Transaction Records: In-app purchase history processed via RevenueCat

2. Health Information

Heritage Med's core function is to help families record and share medical history. As part of this, you may enter:

• Medical conditions, diagnoses, and diagnosis dates
• Medications and dosages
• Allergies and reactions
• Family health history for relatives you add to your tree
• Medical documents (photos, PDFs)

Your health data is:

• Never sold to any third party
• Never used for advertising — we run no ad networks
• Stored securely using AES-256 encryption via Supabase
• Encrypted on your device before transmission for sensitive free-text notes
• Controlled entirely by you — you choose the visibility of each record (Private, Immediate Family, All Family, or Custom)

You may delete any health record or your entire account at any time from within the app.

3. Biometric Data

Heritage Med offers optional biometric authentication (fingerprint or Face ID) to unlock the app. Biometric data is processed entirely on your device by your operating system. We never transmit, store, or have access to your biometric data.

4. How We Use Your Information

• To provide and maintain the Heritage Med service
• To manage your account and authenticate your identity
• To enable family sharing features (invitations, shared health records)
• To process in-app purchases via RevenueCat
• To comply with legal obligations (e.g., tax records)
• To respond to your support requests

We do not use your health data for any purpose other than operating the app's core features.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following service providers who process it on our behalf:

• Supabase — secure cloud database and file storage
• RevenueCat — in-app subscription and purchase management

Both providers are contractually bound to protect your data and may not use it for their own purposes.

We may disclose your information if required by law or to protect the rights and safety of our users.

6. International Data Transfers

Your data may be processed outside your country of residence. Where required, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Data Retention

• Account and health data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Support records: 24 months from last contact
• Transaction records: 10 years (tax and legal compliance)

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Access — request a copy of your personal data
• Correction — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request that we limit processing of your data
• Portability — request your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, contact us at legal@elitesolutionshub.com.

9. Your Rights (California — CCPA/CPRA)

California residents have the right to:

• Know what personal information is collected and how it is used
• Delete personal information we hold about you
• Opt out of the sale of personal information (we do not sell data)
• Correct inaccurate personal information
• Non-discrimination for exercising your rights

10. Children's Privacy

Heritage Med is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us immediately.

11. Security

We take the security of your health data seriously. Our security measures include:

• AES-256 encryption for data at rest
• TLS 1.3 for all data in transit
• Client-side encryption for sensitive health notes
• Row-level security — every record is locked to its owner at the database level
• Full audit logging of all data access and changes
• Optional biometric lock
• Session timeout after inactivity

No system is 100% secure. If you have concerns about the security of your data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Medical Disclaimer

Heritage Med is not a medical device and is not intended to provide medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider or genetic counselor for medical decisions. Information in the app is for organizational and informational purposes only.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Elite Solutions Hub Ltd
16 Parrotts Field, United Kingdom
Email: legal@elitesolutionshub.com