InfusionLog Privacy Policy

Effective date: 2026-05-14 · Last updated: 2026-05-14

1. Who we are

InfusionLog is published by an independent iOS developer (Apple Developer Team ID ZM8LF8494F). For any privacy-related question, write to captainlongevity@gmail.com.

2. Information we do not collect

We do not collect, transmit to a server we control, store on a server we control, sell, share, or analyze:

• Your specialty pharmacy names, insurance plan names, account or member IDs, care coordinator names, or phone numbers
• Your medication names, drug values, quantities, refill request dates, expected or actual delivery dates, tracking numbers, or shipment statuses
• The text or attachments of any shipment confirmation, cold chain indicator photo, damaged packaging photo, provider documentation, ER discharge summary, hospital admission document, insurance plan document, or complaint receipt you store in the app
• The content of any SLA breach entry, customer service call summary, key quotes you heard, or missed-dose health impact
• The contents or file paths of any user-supplied call-recording file you attach
• Your name, email, phone number, or any account identifier
• Family member names, relationships, or caregiving status
• Device identifiers (IDFA, IDFV) for advertising or tracking purposes
• Location data
• Crash reports or analytics events sent to any third party

3. Information stored on your device

All records you enter are stored only on your iOS device using Apple's SwiftData framework. The app does not use Apple's CloudKit framework, does not sync records across your devices, and does not maintain any copy of your data on a server we operate.

Your data is included in your standard iOS device backup if you have device backup enabled (iCloud Backup, iTunes, or Finder). We do not have access to your device backups; only Apple does, under their published privacy terms. We recommend keeping device backup on so your archive survives a lost or replaced phone via the system Restore flow.

4. We do not log into your specialty pharmacy

InfusionLog does not request, store, or use your specialty pharmacy login credentials. The app does not connect to any specialty pharmacy API, portal, fulfillment system, claims system, or pharmacy benefit manager. All shipment, breach, call, and missed-dose information is entered by you (typed or photographed). This is by design — many of our users are mid-dispute with the pharmacy they would otherwise be asked to log into.

5. We do not use AI to read your records

The app does not run any artificial-intelligence or machine-learning model on your shipment receipts, cold chain photos, provider documentation, or call summaries. There is no OCR text extraction, no document parsing, no automatic categorization, and no complaint-letter generation. You read the documents; you enter the values; you write the complaint. We make no decisions about your case.

5a. On-device processing (Pro features)

Several Pro features process data locally on your device only:

• Document scanning uses Apple's VisionKit framework on-device. Scanned shipping confirmations, cold chain photos, damaged packaging photos, provider documentation, and complaint receipts are saved as PDFs to your device's app sandbox; they are stored only on your device.
• PDF report generation (State Commissioner Complaint Pack, ASHP / URAC Complaint Pack, Shipment History, Missed Dose Impact, Customer Service Audit) is performed entirely on-device using PDFKit. Record content is read from local storage and written to a PDF file in your device's local share sheet. No content is transmitted off-device during generation.
• Full archive backup (Pro) generates a single JSON file containing every record entirely on-device using JSONEncoder. The file is handed to the iOS Share Sheet under your control; you decide whether to save it to Files, email it, AirDrop it, or copy it to a USB drive. No content is transmitted off-device unless you choose a destination that transmits it.
• App Lock uses Apple's LocalAuthentication framework. Your Face ID or Touch ID biometric data never leaves Apple's Secure Enclave; the app only receives a success or failure signal.
• Deadline reminders are scheduled via Apple's UserNotifications framework and fire locally on your device. No remote push servers are involved. Notification text is neutral and contains no pharmacy names or breach types.

7. Subscriptions and StoreKit

InfusionLog offers an optional Pro subscription via Apple's StoreKit 2. When you subscribe, restore a purchase, or when the app verifies your entitlement, your device communicates directly with Apple's servers. InfusionLog receives only the entitlement status (active or inactive) and a purchase identifier. We do not see your Apple ID, payment method, billing address, or transaction history. Apple's handling of subscription information is governed by Apple's Privacy Policy.

8. Permissions the app requests

• Camera — only when you tap "Scan Document" in a record's attachment section, or photograph a cold chain indicator or damaged package.
• Photo Library — only when you tap "Import from Photos".
• Face ID / Touch ID — only after you enable App Lock in Settings.
• Notifications — only after you enable a deadline reminder.

You can revoke any of these permissions at any time in iOS Settings > InfusionLog.

9. Call recording

InfusionLog does not record phone calls. The Customer Service Call Log allows you to attach an audio file you recorded yourself; the app simply stores the file path. You are responsible for compliance with your state's call-recording laws. Some U.S. states require two-party consent for recording; the in-app field surfaces a notice to that effect.

10. Children's privacy

InfusionLog is designed to be used by adults — patients managing their own specialty medication regimens or family caregivers (for example, a parent managing a child's cystic fibrosis or hemophilia infusions). We do not knowingly collect any information from anyone, including children. The records you enter live on your device and (optionally) in your private iCloud account; we never receive them.

For United States users: HIPAA applies to "covered entities" (health plans, providers, clearinghouses) and their business associates — not to patients documenting their own records. InfusionLog facilitates that patient record-keeping; it is not a covered entity, business associate, or healthcare provider, and does not transmit records to any covered entity.

11. Data retention and deletion

Because data lives only on your device, you control retention completely. To delete all records, delete the app from your device. There is no copy on any server we operate for us to delete. If you have enabled standard iOS device backup, copies of your records may also exist in your device-backup snapshots under Apple's control; you can manage or delete those in iOS Settings > [your name] > iCloud > iCloud Backup (Apple's iCloud Backup, not InfusionLog).

12. International users

The app does not transfer your data internationally because it does not transfer your data anywhere we control. The app is published in English and is primarily marketed in North America.

13. Not legal, financial, medical, or insurance advice

InfusionLog is a personal documentation tool. The Specialty Pharmacy Catalog, the 11-category SLA breach library, complaint-pack templates, and any in-app text about state insurance commissioner procedures, ASHP / URAC accreditation processes, or call-recording state laws is general information only. It is not legal, financial, medical, or insurance advice. Consult a licensed advocate, attorney, or healthcare provider for your specific case.

14. Changes to this policy

If we ever change how the app handles data — for example, if a future version adds a feature that transmits data to a server we control — we will update this policy and surface the change in the app before you can use that feature. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact

Privacy questions: captainlongevity@gmail.com