Privacy Policy
Last updated: March 23, 2026
This Privacy Policy describes how Pilldor (“we”, “us”, or “our”) collects, uses, and protects personal data. The main focus of this policy is the Pilldor mobile application on iOS.
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Italian privacy law (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).
1. Scope
This policy covers:
- The Pilldor mobile app (primary scope)
- The public Pilldor website as a lightweight technical notice scope
2. Age Requirement
Pilldor is intended for users who are 16 years of age or older. By using the App, you confirm that you meet this age requirement. We do not knowingly collect personal data from children under 16. If you become aware that a child under 16 has provided us with personal data, please contact us at support@pilldor.com so we can take appropriate action.
3. What Data We Collect and Why
3.1 Account Data
When you sign in with Google or Apple, or continue using the app with anonymous authentication, the following account data may be processed:
- Email address: if provided by Google or Apple, to identify your account and allow you to sign in
- Display name: if provided by Google or Apple, to personalize your experience
- Firebase User ID (UID): a unique identifier for your account
If you use the app with anonymous authentication (guest mode), no email or display name is collected. An anonymous Firebase UID is assigned temporarily to your session.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR). Necessary to provide the service.
3.2 Medication and Schedule Data
When you explicitly consent in-app and save medications, schedules, or intake records, we store:
- Medication name, notes, dose amount and unit, display color
- Schedule times, days of the week, start and end dates
- Intake records: when a medication was taken or skipped, optional personal notes
Before the first real save of this data, the App asks for your explicit consent in-app. This processing covers the health-related data you enter in Pilldor, together with the related account-linked data needed to save, sync, and provide the core medication reminder and tracking features of the App.
Legal basis: Your explicit consent (Art. 6(1)(a) GDPR and, where applicable, Art. 9(2)(a) GDPR), provided in-app before the first real save of this data.
You can withdraw this consent at any time in Settings > Privacy & Legal. Because Pilldor cannot provide its core medication tracking service without this processing, withdrawing consent ends the service and triggers deletion of your account and related health data.
3.3 App Preferences and Settings
We store your preferences, including:
- Effective timezone derived from your device settings, plus language settings
- Notification preferences (enabled/disabled per schedule)
- Theme preference (light/dark mode)
- Notification sound preference
The App uses your device timezone to schedule reminders correctly and to display day-based features such as medication history, schedule visibility, and skipped dates consistently. If your device timezone changes, the App may update the saved timezone accordingly.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3.4 Feedback Submissions
If you submit feedback through the App, we collect:
- Your feedback message (10–2,000 characters)
- Whether you want a response
- Your contact email (optional, only if you request a response)
- App platform (iOS), locale, and account status
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). Improving the App based on user feedback.
3.5 Subscription and Device Data
If you subscribe to Pilldor Plus or use the app on a linked account, we store:
- Subscription status: whether your Plus subscription is active or expired, and the subscription tier
- Subscription expiration date: to determine when your current billing period ends
- Active device identifier: a randomly generated UUID stored on your device, used to enforce single-device access for free-tier linked accounts
Subscription purchase receipts are processed by Apple and verified through RevenueCat (see Section 6). We do not receive or store credit card numbers, billing addresses, or payment method details.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for subscription management; Legitimate interest (Art. 6(1)(f) GDPR) for device-seat enforcement.
3.6 Device-Local Data
The App stores a small amount of data locally on your device using system preferences:
- Your last active medication selection
- A flag indicating whether you have explicitly logged out
- A stable device identifier (UUID) for device-seat validation
- A cached device-seat validation result for offline access
- A cached consent state and consent-version reference used to determine whether health-data processing has been accepted
This data remains on your device and is not transmitted to our servers.
4. Data Controller and Contact
Data controller: Manuel Arrabito.
Privacy contact email: support@pilldor.com.
Full mandatory legal identity details (trader status, address, and direct contacts) are published in the Legal Notice.
5. Data We Do NOT Collect
Pilldor does not collect:
- Location / GPS data
- Camera or microphone data
- Health data from HealthKit (Apple)
- Payment or financial information. All transactions are processed by Apple through the App Store
- Advertising identifiers for ad profiling
6. Third-Party Services (App)
We use the following providers for specific app features:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Google LLC | User sign-in and account management |
| Cloud Firestore | Google LLC | Storage of medications, schedules, and intake records |
| Google Sign-In | Google LLC | Optional sign-in method |
| Sign in with Apple | Apple Inc. | Optional sign-in method |
| RevenueCat | RevenueCat Inc. | Subscription management and entitlement verification. Receives your anonymized app user ID and purchase receipts from Apple to manage subscription status. Privacy policy. |
7. International Data Transfers
Some providers may process data outside your country or outside the EEA. Where required, transfers are protected through appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or equivalent lawful transfer mechanisms made available by providers.
For more information, see provider privacy documentation, including Google’s Privacy Policy.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account or withdraw the consent required for core medication tracking |
| Medication, schedule, and intake data | Until you delete your account or withdraw that consent; items deleted in the app may remain soft-deleted for up to 30 days before permanent removal |
| Feedback submissions | Up to 2 years for support and quality improvement, or earlier if you delete your account |
| Subscription and device-seat data | Retained while your account is active; deleted on account deletion, consent withdrawal, or logout |
| Local device data | Until you uninstall the App or clear app data |
Note on soft-deletion: Deleted medication, schedule, or intake items may remain temporarily soft-deleted for up to 30 days before automatic permanent removal.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent where processing is consent-based
To withdraw the in-app consent used for medication tracking and related health-data processing, go to Settings > Privacy & Legal. Withdrawing consent ends the service and deletes your account and related health data because the App cannot function without that processing.
To exercise your other rights, contact support@pilldor.com. We will respond within 30 days where applicable.
You may also lodge a complaint with the Italian Data Protection Authority:
Garante per la Protezione dei Dati Personali
Website: www.garanteprivacy.it
Email: garante@gpdp.it
10. Notifications
The App uses local notifications only. Notifications are generated on your device and do not require external push notification servers. You can enable or disable notifications at any time within App settings or your device settings.
11. Data Security
We implement appropriate technical and organizational measures, including:
- Encryption in transit for data sent to backend providers
- Encryption at rest on managed backend infrastructure
- Access controls to limit user data access to authorized users only
- Anonymous authentication as a privacy-friendly default option
12. Website Technical Notice
The public website is informational and does not provide account registration or medication tracking. Hosting providers may process technical connection logs (for example, IP address, user-agent, and request timestamps) for security and service delivery.
The website serves typography from self-hosted font files on the Pilldor domain. It does not load Google Fonts or other remote font providers for text rendering.
The website does not use advertising, profiling, or analytics cookies. It does not use other consent-based tracking tools. Hosting, CDN, or security providers may use strictly necessary technical cookies or equivalent identifiers for security, traffic routing, and delivery of the website. If analytics or other tracking tools are introduced in the future, we will update this Privacy Policy and, where required, implement an appropriate consent mechanism before those tools are activated.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this policy.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at:
Email: support@pilldor.com
Website: https://www.pilldor.com
Legal provider details: Legal Notice