Privacy Policy

Last Updated: 26th February 2026

1. Introduction

This Privacy Policy describes how Epilex ("we", "us", or "our") collects, uses, stores, and protects your information when you use the Epilex application ("App"), its website, and related services (collectively, the "Service"). We are committed to protecting your privacy, especially given the sensitive health-related nature of the data you may provide. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

We collect information necessary to provide and improve the Service. This includes:

• Account Information: When you register, we collect your email address, full name, profile picture (if you choose to upload one), and a securely hashed password. We may also store your preferred language, timezone, app version, and device type (e.g., iOS, Android) to support your experience.

• Health & Journal Data: When you use the journal features, we store entries you create, including seizure logs (date, time, duration, type, symptoms, notes), medication logs (medication name, timing), and sleep logs (duration, timing). This data is linked to your account and used to provide dashboard summaries, insights, and trends.

• Appointment Data: If you add appointments, we store the doctor name, scheduled date/time, and location you provide.

• Caregiver Information: If you add caregivers, we store the name, country code, and phone number you provide for each caregiver, so the Service can support caregiver-related functionality.

• Authentication & Security Data: We use tokens (e.g., JWT) to keep you logged in. For verification and password reset, we send one-time codes (OTPs) to your email and may temporarily store related codes and expiry times. We do not store your password in plain text.

• Device Tokens: If you enable push or in-app notifications, we may store device identifiers and push tokens (e.g., for medication reminders, appointment alerts, refill alerts). These are removed when you log out from that device.

• Technical & Usage Data: When you use our APIs, we may receive technical information such as timezone, app version, device type, and language preference from request headers to support functionality and troubleshooting.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account, authenticate you, and allow you to log in, update your profile, change your password, or delete your account.

• Store and display your journal entries, appointments, and caregiver information to you (and, where you have configured it, to your designated caregivers as per the app's features).

• Generate dashboard summaries, insights, and trend information (e.g., seizure frequency, average duration) based on your journal data within date ranges you select.

• Send you verification and password-reset emails (OTPs) via our email service.

• Support notification preferences (e.g., medication reminders, appointment alerts, refill alerts) using device tokens where applicable.

• Operate, maintain, and improve the Service, including troubleshooting and ensuring security.

4. Data Storage and Security

Your data is stored on our servers (or infrastructure we use). Passwords are hashed and not stored in plain text. We use industry-standard practices to protect your data, including encryption in transit where applicable. Profile pictures and other uploaded files are stored in our storage system. We retain your information for as long as your account is active and as needed to provide the Service and comply with legal obligations. When you delete your account, we take steps to remove or anonymise your personal and health-related data in line with our data retention practices.

5. Sharing and Disclosure

We do not sell your personal or health information. We may share or disclose information only in the following circumstances:

• Your Choices: Where you use features that share data with caregivers (e.g., linking caregivers to your account), the data you have chosen to make available through those features may be accessible as designed.

• Service Providers: We may use third-party services (e.g., email delivery, hosting, storage) that process data on our behalf under strict confidentiality and security obligations.

• Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of us, our users, or others.

6. Your Rights and Choices

You can access, update, or delete much of your information through the App:

• Update your profile (name, email, profile picture, notification preferences) via the account or profile settings.

• Create, edit, and delete journal entries, appointments, and caregiver information.

• Change your password or request a password reset via email.

• Delete your account; we will process account deletion in accordance with our systems and data retention policy. You may contact us to request deletion or a copy of your data if the app does not provide that option.

7. Children and Sensitive Data

The Service is not intended for children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. Health data you provide (e.g., seizure logs, medications) is sensitive. We treat it with care and use it only as described in this policy and in our Terms and Conditions.

8. International Data and Retention

Your data may be stored and processed in the country or region where our servers or service providers are located. By using the Service, you consent to such transfer. We retain your information for as long as necessary to provide the Service and as required by law; after account deletion, we aim to remove or anonymise your data within a reasonable period.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will indicate the "Last Updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy. For material changes, we may provide additional notice (e.g., via the App or email) where appropriate.

10. Contact Us

For questions about this Privacy Policy or our data practices, please contact us by email at epilexapp@gmail.com.