Privacy Policy — MiruKin

Last updated: 21 May 2026
Effective date: 21 May 2026
Developer: MiruKin
Contact: mirukin.app@gmail.com

1. Introduction

MiruKin (“the app”, “we”, “our”) is a medication adherence app designed to help individuals and their caregivers track medications, schedules, and dose history. We take your health data seriously. This policy explains exactly what data we collect, where it is stored, how it is protected, and what your rights are.

2. Data We Collect

2.1 Data You Enter Directly

Data	Purpose	Stored where
Medication names, dosages, instructions, form	Reminder scheduling and display	Local device (encrypted)
Medication schedules (time, frequency, days)	Alarm generation	Local device (encrypted)
Dose logs (taken, missed, snoozed, timestamp)	Adherence tracking and caregiver alerts	Local device (encrypted); cloud for Pro users
Symptom logs (type, severity, notes)	Personal health journal	Local device (encrypted)
Doctor appointments (date, time, doctor name, notes)	Appointment reminders	Local device (encrypted)
Profile names and relationships (e.g. “Amma — Parent”)	Multi-profile management	Local device (encrypted)
Pill counts and refill dates	Refill reminders	Local device (encrypted)
PIN (stored as a one-way SHA-256 hash)	App lock	Local device (encrypted)

2.2 Data Generated by the App

Notification delivery timestamps — stored locally to detect missed doses.
Behaviour events — anonymised records of user actions (dose taken, snoozed, dismissed) used only to generate personalised reminder time suggestions on the same device. Never transmitted.
Firebase Cloud Messaging (FCM) token — a device identifier issued by Google, used to deliver caregiver missed-dose alerts. Stored in Firestore for Pro users only. See Section 4.

2.3 Data We Do NOT Collect

We do not collect your name, email address, or phone number unless you sign up for a Pro account (see Section 4).
We do not collect location data.
We do not use advertising SDKs or third-party analytics.
We do not share any health data with advertisers or data brokers. Ever.

3. How Data Is Protected on Your Device

All health data is stored in a SQLCipher AES-256 encrypted database. The encryption key is generated randomly on first launch and stored in the Android Keystore — a hardware-backed secure enclave on your device. No one, including us, can read your local data without physical access to your unlocked device.

Additional protections:

App lock — biometric (fingerprint/face) or PIN lock with configurable auto-lock timeout.
Backup exclusion — all health data is excluded from Android’s automatic system backup (data_extraction_rules.xml). Your data never leaves your device through Google’s backup service.
No cleartext network traffic — the app blocks cleartext HTTP connections by default.

4. Pro Features and Cloud Storage

If you subscribe to MiruKin Pro, you can optionally enable cloud backup and caregiver monitoring. These features require a Google account (Firebase Authentication).

4.1 What Is Synced to the Cloud

When cloud sync is enabled, the following data is uploaded to Google Cloud Firestore:

All profiles, medications, schedules, and dose logs (last 90 days)
Tombstone records for deleted medications (so deletions propagate to other devices)

What is NOT synced: symptom logs, appointment notes, your PIN hash, biometric data.

4.2 Cloud Encryption

Your cloud data is encrypted in transit (TLS 1.2+) and encrypted at rest by Google using AES-256. This is not end-to-end encryption. Google holds the Firestore decryption keys. We chose this approach because true end-to-end encryption (where only your device holds the key) would make account recovery impossible if you lose your device.

The Firestore persistent cache stored on your device is protected by Android’s file-based encryption (FBE), not by SQLCipher.

4.3 Caregiver Alerts (FCM)

If you invite a caregiver to monitor your doses, the following data is sent to their device via Google’s Firebase Cloud Messaging when a dose is missed:

Your first name (from your profile)
The name of the missed medication
The scheduled time of the missed dose

No dosage, instructions, notes, or other health details are included in the alert. The data passes through Google’s FCM infrastructure. Google’s Privacy Policy applies to FCM data in transit.

4.4 Firebase Crashlytics

Crash reports are collected automatically for Pro users to help us fix bugs. Crash reports may include device model, Android version, app version, and a stack trace. No health data (medication names, dose logs, profiles) is included in crash reports. Crashlytics data is governed by Google’s Privacy Policy.

4.5 Data Retention in Firestore

Your Firestore data is retained as long as your Pro account is active.
You can delete all cloud data from Settings → Account → Delete Account or by contacting us at mirukin.app@gmail.com.
Cancelling your subscription does not automatically delete your Firestore data — it stops new data from syncing but preserves what is already there for restore purposes.

5. Third-Party Services

Service	Purpose	Data sent	Policy
OpenFDA API (`api.fda.gov`)	Drug autocomplete and interaction checking	Medication name (no PII)	U.S. FDA open data — public API
Google Firebase (Auth, Firestore, Crashlytics, FCM)	Pro account, cloud sync, crash reporting, caregiver alerts	See Section 4	Google Privacy Policy
Google Play Billing	Pro subscription processing	Handled entirely by Google Play; we never see your payment details	Google Play Terms

No other third-party SDKs are included in the app.

6. Drug Interaction Checker

The drug interaction feature queries the U.S. FDA public API (api.fda.gov) with the names of your medications. This query is made over HTTPS. The FDA API is a public open-data service; no personal identifiers are included in the query. The FDA’s data use policy applies.

7. Children’s Privacy

MiruKin is not directed at children under the age of 13 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at mirukin.app@gmail.com and we will delete it.

8. Your Rights

You have the right to:

Access your data at any time — it is stored on your device and readable within the app.
Export your data — use Settings → Export Data to download a JSON file.
Delete all local data — use Settings → Delete All Data or uninstall the app.
Delete cloud data — use Settings → Account → Delete Account or email us.
Revoke caregiver access — use Settings → Family Monitoring → Revoke at any time.
Correct data — all entered data can be edited directly within the app.

If you are in India, you may also exercise rights under the Digital Personal Data Protection Act, 2023 (DPDP Act) by contacting us at mirukin.app@gmail.com.

9. Data Transfers

If you use Pro features, your data is stored on Google Cloud Firestore servers. Google operates data centres globally. By enabling cloud sync, you consent to your data being processed on Google’s infrastructure, which may be located outside India. Google maintains appropriate safeguards for international data transfers.

10. Changes to This Policy

We will notify you of material changes to this policy by updating the “Last updated” date at the top of this document and, where required, through an in-app notice. Continued use of the app after a policy update constitutes acceptance.

11. Contact

For privacy questions, data deletion requests, or to exercise your rights under the DPDP Act or any other applicable law:

Email: mirukin.app@gmail.com
Developer: MiruKin
Address: 410, Ayyappa Nagar, Vijayawada, India

This privacy policy applies to MiruKin for Android, version 1.0.0 and later.