Privacy Policy
1. Overview
GeneoRx ("we," "us," or "our") operates the GeneoRx website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and share information about you when you use our Service.
We take your privacy seriously especially because the Service involves health-related information. Please read this policy carefully. By using GeneoRx, you agree to the practices described here.
Important: GeneoRx is not a Covered Entity under HIPAA and does not provide clinical services. We do not store, process, or transmit Protected Health Information (PHI) as defined under HIPAA. The information you enter is used solely to personalise your experience within the Service.
2. Information we collect
Information you provide directly
- Account information: name, email address, and password (stored as a one-way hash) when you create an account.
- Health profile: medications, supplements, dosage schedules, allergy history, and symptoms you choose to enter. This is always voluntary.
- Communication: messages or support requests you send to us.
Information collected automatically
- Device information: device type, operating system version, and app version.
- Usage data: features you interact with, screens you visit, and actions you take within the app (e.g., running an interaction check). This is logged as anonymised events.
- Log data: IP address, timestamps, and error reports if the app crashes.
- Push notification token: if you grant permission, we store a device token to send you medication reminders. You can revoke this permission at any time in your device settings.
Information we do not collect
- We do not collect Social Security numbers, government ID numbers, or financial account numbers.
- We do not use advertising SDKs or sell your data to advertisers.
- We do not collect precise GPS location.
3. How we use your information
- Provide the Service: run interaction checks, surface nutrient depletion alerts, and personalise results based on the profile you build.
- Account management: authenticate you and verify your email address.
- Transactional email: send email verification codes, password reset links, and receipts. We never send marketing email without your explicit opt-in.
- Push notifications: send medication reminders you have configured, or important account notices. Notification permission is opt-in.
- Product improvement: aggregate, anonymised usage data helps us understand which features are useful and which need improvement.
- Security and fraud prevention: monitor for unusual account activity and protect the integrity of the Service.
- Legal compliance: meet applicable law, respond to lawful requests, and enforce our Terms of Service.
4. Sharing and disclosure
We do not sell your personal information. We share it only in the following limited circumstances:
Service providers
We engage trusted third-party vendors who process data on our behalf, under strict confidentiality obligations:
- Resend transactional email delivery
- Expo / Apple Push Notification service / Firebase Cloud Messaging push notification delivery
- Cloud hosting providers server infrastructure and database hosting
Legal requirements
We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to prevent fraud, harm, or protect our legal rights.
Business transfers
If GeneoRx is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data is subject to a materially different privacy policy.
With your consent
We share data for any other purpose only with your explicit prior consent.
5. Health and medication data
The medication profiles, symptom logs, and health notes you enter are treated with additional care:
- They are stored encrypted at rest in our database.
- They are used exclusively to power the features you request we do not sell, license, or share this data with pharmaceutical companies, insurers, or employers.
- Our team members access this data only when necessary to resolve a support issue you have raised, and only with your knowledge.
- All information you enter into GeneoRx is for educational reference purposes only. It does not constitute a medical record and should not be relied upon for clinical decision-making.
6. Data storage and security
Your data is stored on servers located in the United States. We implement industry-standard technical and organisational measures to protect it, including:
- HTTPS / TLS encryption in transit for all API and web traffic
- Encrypted storage at rest for sensitive fields (passwords hashed with bcrypt; health data fields encrypted)
- Access controls limiting who on our team can access production data
- Regular security reviews and dependency updates
No system is perfectly secure. If you believe your account has been compromised, please contact security@geneorx.com immediately.
7. Retention and deletion
We keep your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Active accounts: data retained indefinitely while your account exists.
- Account deletion: when you delete your account (via the app's Settings screen or by emailing us), we permanently delete your personal information and health data within 30 days.
- Aggregated analytics: anonymised, non-identifiable event data may be retained for up to 2 years for product analysis.
- Legal holds: we may retain data longer if required by law or to resolve an open dispute.
8. Your rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access: request a copy of the data we hold about you.
- Correction: request that we correct inaccurate or incomplete data.
- Deletion: request that we delete your account and associated data. You can initiate this directly from the app's Settings screen or by emailing us.
- Portability: request an export of your data in a machine-readable format.
- Opt-out of push notifications: revoke notification permissions in your device's system settings at any time.
- Opt-out of transactional email: note that certain emails (e.g., security alerts, email verification) cannot be disabled as they are essential to the Service.
To exercise any of these rights, contact us at privacy@geneorx.com. We will respond within 30 days.
9. Children's privacy
GeneoRx is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a prominent notice in the app at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.
Continued use of the Service after the effective date constitutes acceptance of the revised policy.
11. Contact us
If you have questions or concerns about this Privacy Policy or our data practices, please reach out:
- Email: privacy@geneorx.com
- General enquiries: info@geneorx.com
We take all privacy concerns seriously and will respond within 5 business days.