Privacy Policy
MedKeep is a personal health record wallet that lets users carry their complete medical history and share it with any doctor instantly.
Introduction
This policy describes what information the app handles, how it is stored, and your rights as a user.
What data MedKeep stores
Health records users create
- Consultations
- Diagnoses
- Medications
- Allergies
- Immunizations
- Lab results and imaging records
- Surgical history
- Free-form health notes
Profile information users provide
- Full name, date of birth, sex, blood type
- Chronic conditions, known allergies, lifestyle flags
- Family medical history
File attachments
- Documents, photos, and PDFs uploaded or captured with the camera
Sign-in credentials, cloud users only
- Google email, used solely for authentication via Supabase Auth
- Phone number, used solely for OTP authentication via Supabase Auth
- Local-only users do not provide cloud credentials; identity is a device-generated UUID stored on-device only
Push notification tokens, opt-in
- FCM device token used only for share-event alerts
- Never used for advertising or tracking
Audit log entries
- Anonymised action records for security and share-access visibility
MedKeep has no analytics SDK, no crash-reporting SDK, and no advertising SDK. No usage telemetry or behavioural data is collected.
How data is stored — local-first by default
All health records are written to an encrypted SQLite database on your device first. Nothing leaves your device unless you explicitly opt in.
Three sync consent states exist:
Local only (default)
No data ever leaves your device. No Supabase connection is made for your records.
Encrypted backup
You opt in to cloud backup. Records are encrypted in transit (HTTPS/TLS) and stored in Supabase Postgres and Supabase Storage, both operated by Supabase Inc. Note: device-level database encryption (SQLCipher) is currently being implemented (see P0-4) — file-level attachments are already encrypted with AES-GCM.
Share-upload only
Records needed for an active share link are uploaded to Supabase so doctors can view them via the web portal; no continuous background sync occurs.
Third-party services used
| Service | Purpose | Data sent |
|---|---|---|
| Supabase | Auth, database, file storage, Edge Functions | Records and files only when backup or sharing is enabled; auth credentials for sign-in |
| Firebase Cloud Messaging | Push notification delivery | FCM device token only; no health data |
| Google Sign-In | Authentication only | Google account email for sign-in; no health data |
No other third-party services receive user data.
How data is used
- Displaying and managing records in the app
- Doctor access through user-generated share links
- Push notifications about share link events when permission is granted
- No selling, renting, sharing, licensing, advertising, marketing, or analytics use
Data retention and deletion
- Users can delete their account and all cloud data from Profile → Danger zone → Delete account
- Users can request deletion at https://medkeep.pages.dev/account-deletion
- After cloud account deletion, health records, attachments, share tokens, notification tokens, and the Supabase Auth account are deleted
- Anonymised security audit entries are purged within 90 days
- Local-only users can erase on-device data from Profile → Danger zone → Erase all local data
Your rights
- Access and export records in the app
- Delete all data
- Revoke active share links
- Contact mob.dev@dqp.ph for requests that cannot be completed in-app
Security measures
- HTTPS/TLS in transit
- AES-GCM encryption for uploaded file attachments
- PBKDF2-HMAC-SHA256 for PIN storage
- SHA-256 hashed share tokens server-side
- Supabase RLS
Contact
Questions or deletion requests: mob.dev@dqp.ph
Effective date
Effective date: May 12, 2026