Privacy Policy

Your Privacy Matters

Tended is a private family care planner for the loved ones in your life. We take the privacy of your family's health and care data seriously. This policy explains what data we collect, how we use it, and your rights.

What we don't do: Tended contains no analytics, no crash reporting services, no advertising networks, and no third-party tracking SDKs of any kind. We do not measure how you use the app, we do not track which screens you visit, and we do not sell or share your data. If you turn off your internet connection, the app continues to work — the only network traffic is to Google Firebase (to sync your family's care data and attest your app with App Check), to Google (if you choose to sign in with Google), and to Apple (for Sign in with Apple and to verify your Premium subscription).

What We Collect

• Account information: Your name, email address, and profile photo (if provided by Apple or Google) when you sign in.
• Care data: Medications, appointments, care notes, tasks, and vault documents you and your care circle members create within the app.
• Vault data: Personal identification (IDs, passports, certificates), medical records, insurance policies, legal documents, financial information, and free-form notes stored in your care vault. Emergency contacts for each care recipient are also stored securely alongside care data.
• Photos and documents: Images and files you upload (medication photos, document scans, profile photos) are stored securely in Firebase Storage.
• Subscription information: If you subscribe to Tended Premium, Apple handles all payment processing. We receive confirmation of your subscription status but never see your payment details.

How We Use Your Data

• To provide and maintain the Tended app and its features.
• To sync your care data across your care circle members in real time.
• To send you medication, appointment, and task reminders you've configured.
• To verify your Premium subscription status.

We do not sell your data. We do not show ads. We do not share your data with third parties for marketing purposes. We do not run analytics on your behavior within the app.

Device Permissions

Tended asks for access to a few device features only when you use the feature that needs them. You can grant or deny each one, and revoke access later in your iPhone Settings:

• Camera: used to scan documents into your vault and to take photos of medications. Access is only requested the first time you tap the scanner or camera button.
• Photo Library: used to pick existing photos for profile pictures, medication photos, and document uploads. Tended uses Apple's modern PhotosPicker, which runs out-of-process — we never receive full library access, only the specific photos you choose.
• Face ID / Touch ID: used as an optional lock on the Vault tab, where your medical records, legal documents, insurance, and financial information are kept. You choose whether to turn the lock on. The Vault re-locks automatically whenever you leave the app. Face ID, Touch ID, Optic ID, and device passcode are all accepted. Biometric data is handled by iOS and never leaves your device.
• Calendar: used only when you export an appointment to your system calendar. Access is requested the first time you tap "Add to Calendar".
• Notifications: used to send you medication, appointment, and task reminders. These are scheduled on your device and never leave it — even we can't see what reminders you have set.

Data Storage

Your data is stored in Google Cloud Firestore and Firebase Storage, both operated by Google. Data is encrypted in transit and at rest. Access is enforced by security rules at the database layer — only members of your care circle can read or write your data, even if someone obtained your app's public API keys. Tended also uses Firebase App Check with Apple App Attest to cryptographically verify that requests come from a genuine copy of the app running on a real Apple device, blocking tampered clients and automated abuse. The Vault can additionally be protected with Face ID, Touch ID, or your device passcode, and re-locks automatically when you leave the app.

Data Sharing Within Your Circle

When you create or join a care circle, all members of that circle can view and edit shared care data (medications, appointments, notes, tasks). Vault data (medical records, legal documents, financial information) is visible to all circle members. You control who is in your circle by managing invites.

Your Rights

• Access: You can view all your data within the app at any time.
• Export: Circle owners can export all care data directly from the app — as PDF care binders, medical summaries, or a full data export. No need to contact us.
• Deletion: Circle owners can delete their entire circle's data, account, and all associated records directly from Settings within the app. This action is immediate and permanent. Family members who were invited will lose access immediately.
• Portability: Your care data is yours. You can export it at any time from within the app.

Children's Privacy

Tended is designed for adult users aged 13 and over. Adults may use Tended to track care for children in their family (medications, appointments, medical records, etc.) — this information is entered by the adult caregiver, not the child. We do not knowingly allow users under 13 to create their own accounts, and we do not knowingly collect personal information directly from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify you of any material changes through the app or by email.

Contact

Questions about this policy? Reach us at tendedapp@protonmail.com.