Privacy Policy

Last updated: 30 January 2026

The Short Version

Your medical records are end-to-end encrypted. We cannot read them. We collect almost nothing - not even your email address. We don't sell your information to anyone.

What We Collect

Account Information

When you create a Sync account, we store:

  • Authentication credentials (stored using OPAQUE - we never see your password)

That's it. No email address. No name. No identifying information.

OPAQUE is a cryptographic protocol that means we have no way to know who has actually registered for the service. We store cryptographic material that lets you prove you know your password, but we cannot use it to identify you or verify that any particular person has an account. Even if compelled, we cannot confirm whether a specific individual is a user.

Server-Side Data

Our servers handle:

  • Encrypted blobs (your data, completely unreadable to us)
  • Technical error logs (server errors only - no content, no personal data)

The app does not send error logs or analytics to us unless you explicitly choose to share them.

What We Cannot See

Due to end-to-end encryption, we cannot see:

  • Any medical record contents
  • How many records you have
  • What types of records you store
  • Family member names
  • Attachment contents or filenames
  • Your encryption keys or password
  • What you share with whom (we can see that user A shares something with user B, but not what content)

How We Use Your Data

  • Provide the Sync service (store and transmit your encrypted data)
  • Fix server-side bugs using technical error logs

Data Sharing

We don't sell your data. Period.

We may share data with:

  • Infrastructure providers (cloud hosting, storage) - they only see encrypted blobs
  • Law enforcement - if legally required, but we can only provide encrypted data we cannot read, and we cannot confirm who owns any account

Data Retention

Your encrypted data is retained as long as you have an account. If you delete your account, we delete your data within 30 days.

Your Rights

You can:

  • Export your data at any time (in-app export feature)
  • Delete your account and all associated data

Children's Privacy

Recordwell is designed for families, including records for children. Parents and guardians manage their children's data within the app. We don't collect personal information on anyone - adults or children.

Changes to This Policy

Significant changes will be announced in-app and on our GitHub repository. Continued use after changes constitutes acceptance.

Questions

Questions about privacy? Open an issue on our GitHub repository.