Privacy Policy
Last updated: June 2026
We take the protection of your personal data seriously. This policy explains in plain language what data Meditag processes and why.
What this means for you
- Your health data stays on your phone — it never leaves it.
- Meditag does not sell data and shows no advertising.
- The optional backup is encrypted — we cannot read its contents.
- No account or email address is required.
- We will delete your data completely on request.
1. Data controller
Robomoe Genossenschaft
Sägagass 23
9490 Vaduz, Liechtenstein
Email: privacy@meditag.ch
2. What data is processed?
2.1 Data on your device (always, locally)
Meditag stores the following data exclusively on your device:
- Medication plan (name, dosage, intake times)
- Dose log (when you marked a medication as taken or skipped)
- Vital signs (blood pressure, pulse, weight, etc.), if you record them
- Reminder settings and personal schedule settings
This data does not leave your device unless you enable the optional encrypted backup (see below).
2.2 If you use encrypted backup (optional)
If you enable backup, your data is encrypted on your device using AES-256-GCM before transmission. The server stores:
- An anonymous patient hash (SHA-256 of a random device identifier — no link to your identity, name, or date of birth is possible)
- An encrypted data blob (decryptable only with your personal backup password — we have no access to the contents)
The server does not know your name, your date of birth, or your medications.
2.3 If you use trusted contact access (optional)
If you grant a trusted contact access, a separate encrypted blob is stored on the server. This blob is also unreadable server-side — the key exists only on your device and your trusted contact's device.
2.4 Anonymous technical data
The server logs technical operational data (number of connections, error rate). This contains no health data and cannot be used to identify individuals.
2.5 Google Health Connect data (optional, Android only)
If you use the sync feature on the Vitals screen, Meditag requests read access to the following data types in Google Health Connect:
- Blood pressure
- Heart rate
- Body weight
- Blood glucose
- Oxygen saturation
- Body temperature
Purpose: The data is used solely to display your readings on the Vitals screen and, if you choose, to include them in the doctor PDF. Meditag does not analyse this data, does not provide clinical recommendations, and does not make any medical decisions based on these values.
Storage: The data remains exclusively on your device, encrypted in the app's local database (SQLCipher with AES-256). It is not transmitted to Meditag's servers, not shared with third parties, not used for advertising or analytics, and not used for profiling individuals.
Deletion: You can revoke access at any time in Android Settings under Connected apps. Readings already stored in the app can be deleted from within the app. You can delete all app data at any time by uninstalling the app or via Clear app data in Android Settings.
3. Third-party services
Meditag does not use analytics services, advertising networks, or social media integrations. No personal health data is shared with third parties.
Firebase Cloud Messaging (FCM): If you grant trusted contact access, your device registers with Firebase Cloud Messaging (a service operated by Google LLC, USA) to receive push notifications. Only a device-specific token — no name, health data, or personal information — is transmitted to Google. Google's Firebase Privacy Policy applies. FCM is used exclusively for notification delivery and not for analytics or advertising.
Apple HealthKit / Google Health Connect (optional): For full details on how Health Connect data is handled, see section 2.5.
4. Server location
The server is located in Switzerland and is subject to the Swiss Federal Act on Data Protection (FADP/nFADP).
5. Retention
- Local data: Remains on your device until you uninstall the app or delete data within the app.
- Backup data: Remains on the server until you disable backup or request deletion.
- Health Connect data: Remains on your device until you delete it in the app or uninstall the app. Meditag does not store this data on the server.
6. Your rights
Under the GDPR (applicable in Liechtenstein as an EEA member), you have the right to:
- Access the data held about you
- Correct inaccurate data
- Request deletion of your data
- Restrict processing
- Data portability
To request deletion of your data, use our data deletion page or write to privacy@meditag.ch.
7. Data security
All connections between the app and server are TLS-encrypted. Backup data is encrypted with AES-256-GCM before it leaves your device. Locally stored data — including Health Connect readings — is encrypted with SQLCipher (AES-256). We have no access to the contents of your backup data.
8. Minors
Meditag is not intended for persons under 18. We do not knowingly collect data from minors.
9. Changes to this policy
If we make material changes to this policy, registered users (with active backup) will be notified via the app. The date of the last change is shown at the top of this page.
Legal notice
Robomoe Genossenschaft
Sägagass 23
9490 Vaduz, Liechtenstein
Email: privacy@meditag.ch
Web: meditag.ch
Register number FL-0002.680.327-7
Meditag is not a medical device and does not replace advice from your doctor or pharmacist.