ctFamilyMinder

Privacy Policy

Effective date: May 24, 2026
Last updated: May 24, 2026

This Privacy Policy explains how Easy Pro Technologies (“we,” “us,” or “our”) collects, uses, discloses, stores, and protects information when you use the ctFamilyMinder mobile application, web application, and related services (collectively, the “Service”).

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who we are

Data controller: Easy Pro Technologies
Contact: csutton@easyprotech.com
App identifier (iOS / Android): com.ctfamilyminder.app

2. About the Service

ctFamilyMinder is a family care-coordination application that helps families keep everyone on the same page when caring for a loved one. Within a private “Family” workspace, members invited by the family owner can share appointments, medication schedules, allergies, notes, tasks, documents, contacts, and chat messages tied to one or more “Care Profiles” (the person being cared for).

The Service is not a medical device, electronic health record (EHR), telemedicine provider, pharmacy, or substitute for professional medical advice. It is a personal organization and communication tool.

3. Information we collect

3.1 Information you provide directly

Account information. Name, email address, password (stored only as a salted hash — never in plaintext), and optional phone number. Biometric/passkey credentials (Face ID, Touch ID, fingerprint, WebAuthn). The biometric data itself never leaves your device — we store only the public key portion of a device-bound credential.

Care Profile information about the person you are caring for (who may or may not be you): identifying details, insurance information, medical conditions, dietary restrictions, mobility and cognitive concerns, advanced directives, allergies, medications and intake logs, appointments and visit summaries, notes, tasks, uploaded documents (insurance cards, lab results, hospital discharge summaries, imaging, vaccination records, legal documents), and emergency contact information.

Family directory contacts. Names, addresses, phone numbers, email addresses, and notes for physicians, pharmacies, hospitals, caregivers, schools, insurance, emergency contacts, and others. When typing an address we use the Mapbox Search Box API (see Section 6) for type-ahead suggestions.

Communications. Chat messages you send to other members of your Family workspace, invitations you send, and email you send to our support address.

3.2 Information collected automatically

  • Authentication and session data: opaque session/refresh tokens, device platform identifier, device nickname.
  • Server logs: IP address, user agent, request timestamps, error traces. Kept no longer than 90 days.
  • Crash and diagnostic data from the mobile app, if you opt in at the OS level.

3.3 Information we do not collect

  • Precise device location in the background.
  • Advertising identifiers (IDFA / AAID).
  • Third-party analytics SDKs that track you across other apps or websites.
  • Contacts, photos, camera, microphone, or calendar data, except when you explicitly attach a file or photo through the OS share/file picker.

4. Protected Health Information (PHI) and sensitive data

Much of the information you store in a Care Profile is sensitive health information. We treat it accordingly:

  • Encryption at rest. Sensitive fields (medical conditions, allergies, medications, visit summaries, notes, documents, contact details, audit-log diffs, and similar columns) are encrypted in our database and on disk using AES-256-GCM envelope encryption. The data-encryption key is stored in a secrets vault separate from the database, so a database dump alone cannot be decrypted.
  • Encryption in transit. All connections between your device and our servers use TLS 1.2 or higher.
  • Document storage. Files you upload are encrypted before being written to disk and are streamed back only after we re-verify your authentication and Family membership for the relevant Care Profile.
  • Access control. Data is partitioned per Family. Members of one Family cannot access another Family's data. Within a Family, roles (Owner, Admin, Member, Read-Only, Caregiver) govern what each member can see and do.
  • Audit logging. Field-level changes to Care Profile data are recorded with the actor, timestamp, and an encrypted diff so the family can see who changed what.

Note on HIPAA. ctFamilyMinder is sold directly to families for personal use. When used in that capacity it is generally not subject to HIPAA. If you are a Covered Entity or Business Associate and need to use the Service in a HIPAA-regulated workflow, contact us before doing so — a Business Associate Agreement (BAA) is required.

5. How we use information

  • Create and operate your account and Family workspace.
  • Display Care Profile data, appointments, medications, tasks, notes, documents, and chat to authorized family members.
  • Send transactional email (invitations, password resets, security alerts) via our email provider.
  • Provide optional AI-assisted features (for example, parsing a medication list you paste in).
  • Protect the Service from fraud, abuse, and unauthorized access.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your Care Profile data, documents, or chat content for advertising, profiling, or training third-party AI models.

6. Third-party service providers (subprocessors)

We use a small number of carefully selected providers to operate the Service. Each receives only the data necessary for its function and is contractually required to protect it.

ProviderPurposeWhat is shared
Cloud hosting (Linux VM, Postgres in Docker)Hosts the API, database, and uploaded files.All Service data, encrypted at rest.
PostmarkTransactional email (invitations, password resets).Recipient email, sender name, message body.
Mapbox (Search Box API)Address type-ahead suggestions for contacts.The partial address string you type. Proxied through our server so Mapbox does not receive your IP or account ID directly.
OpenAIOptional AI features (e.g., medication-list parsing). We have a BAA with OpenAI; inputs are not used to train OpenAI's models.Only the specific input you submit to an AI feature.
Apple App Store / Google Play StoreDistribution of the mobile app and, if applicable, in-app purchases and subscriptions.Governed by the respective store's privacy policy.
Expo (EAS)Mobile app build and over-the-air update delivery.App binary metadata; no Care Profile data.

7. When we disclose information

  • Within your Family. Information you add is visible to other members at the role permissions set by the Family Owner.
  • Service providers. As listed in Section 6.
  • Legal compliance. When required by law, court order, subpoena, or to protect rights, safety, or property.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets — with notice and the opportunity to delete your data first.
  • With your explicit consent.

8. Data retention

  • Active accounts: retained as long as your account is active.
  • Account deletion: personal data deleted or irreversibly anonymized within 30 days, except where retention is required by law.
  • Backups: encrypted backups retained up to 35 days and then rotated out.
  • Server logs: up to 90 days.

9. Children's privacy

The Service is not directed to children under 13 (under 16 where applicable). We do not knowingly create accounts for children. An adult Family member may include a child as the subject of a Care Profile; the adult account holder is responsible for the data entered and for any consents required. If you believe a child has created an account, contact us and we will delete it.

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and personal data.
  • Export a copy of your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with a supervisory authority (EEA / UK residents).

To exercise any of these rights, email csutton@easyprotech.com from the address associated with your account. We will respond within 30 days.

California residents (CCPA/CPRA): we do not sell or share personal information for cross-context behavioral advertising. You have the right to know, delete, correct, and limit the use of sensitive personal information.

EEA / UK residents (GDPR / UK GDPR): we process your data based on (i) performance of the contract to provide the Service, (ii) your consent for optional features, (iii) our legitimate interests in securing and improving the Service, and (iv) compliance with legal obligations.

11. Account deletion

You can delete your account at any time:

  • In the app: Settings → Account → Delete Account.
  • By email: send a request from your account email to csutton@easyprotech.com.

Deleting your account removes your profile, your authored chat messages, and any Families you own (along with their Care Profiles, documents, and history). If you are a member of a Family owned by someone else, deleting your account removes your membership and authored content from that Family but does not delete the Family itself. Deletion is permanent and cannot be undone after the 30-day retention window in Section 8.

12. Payments, subscriptions, and refunds

ctFamilyMinder offers paid subscription plans. Where you purchase a subscription through the Apple App Store or Google Play Store, the purchase, billing, renewal, cancellation, and refund of that subscription are handled entirely by the respective store under its terms — not by us.

  • Apple App Store: manage in Settings → [your name] → Subscriptions on your iOS device. Refunds are requested at reportaproblem.apple.com under Apple's Media Services Terms.
  • Google Play Store: manage in the Google Play Store app → Profile → Payments & subscriptions → Subscriptions. Refunds are requested through play.google.com/store/account/subscriptions or Google Play support, subject to Google Play's refund policy.

We do not receive your full payment card details for store-processed purchases — Apple and Google share only the limited transaction information needed to provision your subscription.

If you purchased directly from our website (not through an app store), our own refund policy applies; contact csutton@easyprotech.com.

Cancelling a subscription stops future renewals; access continues until the end of the paid period. Cancellation alone does not delete your account or data — use Section 11 for that.

13. International transfers

Our servers are located in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. Where required, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses).

14. Security

  • AES-256-GCM encryption at rest for sensitive fields and documents.
  • TLS 1.2+ for all data in transit.
  • Salted password hashing (bcrypt).
  • Optional biometric / passkey authentication where private keys never leave your device.
  • Role-based access control and per-Family data partitioning.
  • Field-level audit logging with encrypted change diffs.
  • Regular dependency updates and security review.

No system is perfectly secure. If we ever experience a data breach that affects your personal information, we will notify you and the appropriate regulators as required by applicable law.

15. Permissions requested by the mobile app

  • Face ID / Touch ID / Fingerprint / device passcode — to sign you in without re-typing your password. Biometric data never leaves your device.
  • Notifications — to deliver appointment, medication, and family-chat alerts.
  • Photos / Files — only when you attach a document or image.
  • Camera — only when you choose to scan a document or take a photo to attach.

We do not request location, contacts, microphone, or background location permissions.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced via in-app notice or email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact us

Easy Pro Technologies
Email: csutton@easyprotech.com
Subject line for privacy requests: “Privacy Request — ctFamilyMinder”

We will acknowledge your request within 7 days and respond substantively within 30 days.