Privacy Policy

Last updated: June 24, 2026

The short version

Your medical data is encrypted on your device. We cannot read it. We do not sell it. We do not share it. Period.

What we collect

  • Email address If you join our waitlist, we store your email to notify you at launch. Nothing else.
  • Encrypted medical data If you use cloud backup, we store an opaque encrypted blob. We cannot decrypt it without your key, which we never have.
  • Audit logs We log access events (who accessed what, when) for your security. These logs are visible to you.
  • Basic analytics Page views and anonymized usage metrics to improve the product. No personal health information is included.

What we never do

  • Sell your data to anyone, ever
  • Share your medical information with advertisers
  • Read your medical records (we technically cannot)
  • Retain data from expired share sessions
  • Track you across other websites

Encryption

All medical data is encrypted using AES-256-GCM on your device before transmission. Your encryption key is derived from your biometrics and stored in your device's secure enclave (Keychain on iOS, Keystore on Android). The server stores only opaque ciphertext.

Sharing

When you share your passport via QR code, a temporary session is created that expires after 3 minutes. The receiving party sees a read-only clinical view. After expiration, the data is no longer accessible. We log the access event for your records.

AI features

AI summary generation is entirely opt-in and requires your explicit consent. When enabled, your medical data is sent to an AI provider to generate a plain-language summary. The AI provider does not retain your data after processing. You can revoke AI consent at any time.

Data deletion

Your medical data lives on your device. Delete the app, and it's gone. If you used cloud backup, you can request deletion of your encrypted blob at any time. We will confirm deletion within 48 hours.

Children

Jillybean may be used by caregivers managing a dependent's medical information. We do not knowingly collect personal information from children without parental consent.

Changes

We'll notify you of material changes to this policy via email (if you're on our waitlist) or in-app notification. The "last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Email us at [email protected]

← Back to home