Privacy Policy

1. Who We Are

PillCaller ("we", "us", "our") operates the medication reminder platform at https://pillcaller.app. We are based in Bangladesh.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights as a user.

2. Data We Collect

Account data — your name, email address, password (hashed — never stored in plain text), and Bangladesh mobile number.

WhatsApp number — the number you provide to receive missed-dose alerts and daily summaries. This may be a shared family WhatsApp number.

Patient data — the name and phone number of each person in your care, along with their medication names, dosages, and reminder schedules. You provide this data to enable IVR call delivery.

Dose logs & call logs — records of when IVR calls were made, whether they were answered, and whether doses were marked taken or missed.

Session & device data — IP address, browser type, operating system, and session timestamps used to secure your account and detect unauthorised access.

Payment data — payment is processed entirely by ShurjoPay. We do not store card numbers or bank account details. We receive a transaction reference and status only.

3. How We Use Your Data

• Deliver IVR reminder calls to patients at scheduled times.
• Send WhatsApp missed-dose alerts and daily summaries to caretakers.
• Manage your subscription and process payments via ShurjoPay.
• Authenticate your sessions and protect your account from unauthorised access.
• Send transactional emails (email verification, password reset, trial expiry notices).
• Improve the reliability and performance of the Service.

We do not use your data for advertising or sell it to third parties.

4. Third-Party Services

We share data with the following third parties only as needed to operate the Service:

• ShurjoPay— payment processing. Your payment details are subject to ShurjoPay's Privacy Policy.
• WhatsApp Business API provider — delivery of WhatsApp notifications to your number. Only your WhatsApp number and the notification message content are shared.
• IVR telecommunications provider— delivery of outbound calls to patient phone numbers. Only the patient's number and the call schedule are shared.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data (name, email, phone, WhatsApp number) is anonymised within 30 days. Dose logs and call logs are retained in anonymised form for service improvement.

Patient phone numbers and medication schedules are deleted within 30 days of account deletion.

6. Data Security

Passwords are hashed using bcrypt. Sessions are protected by httpOnly cookies, CSRF tokens, and device fingerprinting. All data in transit is encrypted via TLS. Access to the production database is restricted to authorised personnel only.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data from your account settings.
• Delete your account and personal data at any time.
• Request a copy of your data in a portable format.
• Withdraw consent for WhatsApp notifications by removing your number from your profile.

To exercise any of these rights, email us at support@pillcaller.app.

8. Cookies

We use the following cookies strictly necessary for operation:

• refreshToken — httpOnly, secure cookie used to maintain your login session (30-day expiry).
• csrfToken — CSRF protection token for API requests (1-hour expiry).

We do not use advertising or analytics cookies.

9. Children

The Service is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account.

10. Changes to This Policy

We may update this Policy at any time. We will notify you by email before material changes take effect. Continued use after the effective date constitutes acceptance.

11. Contact

Privacy questions or data requests: support@pillcaller.app