Last updated: June 27, 2026
WHO WE ARE
EchoCare (“we”, “us”, “our”) is a medication management application developed and operated by JPN Ltd, a registered company in New Zealand. We are committed to protecting your personal information and your right to privacy.
For questions about this policy, visit our [Contact page] and send us a message.
WHAT THIS POLICY COVERS
This Privacy Policy explains how EchoCare collects, uses, stores, and protects your personal information when you use our Android application. It applies to all users of EchoCare worldwide.
This policy complies with:
- The New Zealand Privacy Act 2020
- The General Data Protection Regulation (GDPR) for users in the European Economic Area
- The Australian Privacy Act 1988 for users in Australia
INFORMATION WE COLLECT
ACCOUNT INFORMATION
- Your name and email address when you create an account
- Authentication data when you sign in with email or Google
MEDICATION AND HEALTH DATA
- Medication names, dosages, frequencies and schedules you enter
- Dose history — which doses you took, skipped or missed
- Appointment details including dates, times, locations and doctor names
- Health metric readings you record, such as blood pressure and weight
- Notes you attach to medications or appointments
EMERGENCY CONTACT INFORMATION
- Names and phone numbers of emergency contacts you add for the I Am OK feature
- History of I Am OK signals you have sent
AI SCANNER DATA
- Photos of medication labels you capture using the AI scanner feature
- The text extracted from those photos by our AI processing partner
- The extracted medication information saved to your medication record
TECHNICAL INFORMATION
- Your device timezone and notification preferences
- Device push notification token (used to deliver medication reminders to your device)
- IP address (collected automatically by our authentication provider as part of standard security logging)
- Anonymous crash and error data (collected by our build platform to help us fix technical issues)
HOW WE USE YOUR INFORMATION
We use your information only to provide and improve EchoCare:
- To create and manage your account
- To store and display your medications, doses, appointments and health records
- To send medication and appointment reminders to your device
- To process medication label photos through our AI scanner feature
- To send I Am OK messages to your emergency contacts via your phone’s messaging app
- To calculate your medication adherence history
- To diagnose and fix technical problems in the app
- To comply with our legal obligations
We do not use your health data for advertising.
We do not sell your personal information to anyone.
We do not use your data to train AI models.
AI SCANNER AND THIRD PARTY PROCESSING
When you use the AI scanner feature, a photo of your medication label is sent to OpenAI (openai.com) for processing. OpenAI extracts the text from the image and returns it to EchoCare.
Important facts about this processing:
- Images are sent to OpenAI’s API only — not stored by OpenAI or used to train their AI models, in accordance with OpenAI’s API data usage policy
- The extracted medication information is saved securely to your EchoCare account to pre-fill your medication details
- The original photo is only stored if you explicitly save it to your medication record
- You can choose not to use the scanner at any time — all medication details can be entered manually
- Free tier users receive 3 AI scans per month
WHERE YOUR DATA IS STORED
Your EchoCare data is stored securely using Supabase, a trusted database platform. Your data is stored on servers located in the Tokyo, Japan region.
All data is encrypted in transit using industry-standard TLS encryption. All data is encrypted at rest.
HOW LONG WE KEEP YOUR DATA
We keep your personal information for as long as your account is active.
If you delete your account:
- We begin a 30-day grace period during which your account and all data remain intact
- You can cancel the deletion at any time during this 30-day period
- After 30 days, your account and all associated personal data are permanently deleted from our systems
- Medication dose history is anonymised rather than deleted, to preserve the integrity of your adherence records — all identifying information is removed
YOUR RIGHTS
ALL USERS
- Access: you can request a copy of the personal data we hold about you
- Correction: you can correct inaccurate information directly in the app or by contacting us
- Deletion: you can delete your account and all associated data at any time from the Settings screen
- Portability: you can request your data in a portable format
USERS IN THE EUROPEAN ECONOMIC AREA (GDPR)
In addition to the above, you have the right to:
- Object to processing of your personal data
- Restrict processing in certain circumstances
- Lodge a complaint with your local data protection authority
NEW ZEALAND USERS
You have rights under the New Zealand Privacy Act 2020 including the right to access and correct your personal information. Complaints can be directed to the Office of the Privacy Commissioner at privacy.org.nz
AUSTRALIAN USERS
You have rights under the Australian Privacy Act 1988. Complaints can be directed to the Office of the Australian Information Commissioner at oaic.gov.au
To exercise any of these rights, visit our Contact page.
CHILDREN
EchoCare is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us via our Contact page and we will delete it promptly.
DATA SHARING
We do not sell your personal information.
We share your data only in the following limited circumstances:
SERVICE PROVIDERS
We use the following trusted service providers to operate EchoCare:
- Supabase (database and authentication) — supabase.com/privacy
- OpenAI (AI scanner processing) — openai.com/policies/api-data-usage-policies
- Expo/EAS (app build and crash reporting) — expo.dev/privacy
- Resend (transactional email delivery) — resend.com/privacy
Each provider is contractually required to protect your data and use it only to provide their service to us.
LEGAL REQUIREMENTS
We may disclose your information if required by law, court order, or to protect the rights and safety of our users or the public.
PERMISSIONS WE REQUEST
EchoCare requests the following device permissions:
- CAMERA — required for the AI medication label scanner feature
- CONTACTS — required to select emergency contacts for the I Am OK feature
- NOTIFICATIONS — required to send medication and appointment reminders
All permissions are optional except notifications, which are needed for reminders to work. You can manage permissions at any time in your phone’s Settings.
SECURITY
We take the security of your health data seriously. We use the following measures to protect your information:
- All data encrypted in transit (TLS) and at rest
- Authentication required to access any personal data
- Row-level security — you can only access your own data, never another user’s
- Session management with automatic token refresh
No method of electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately via our [Contact page].
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify you through the app.
Continued use of EchoCare after changes are posted means you accept the updated policy.
CONTACT US
For any privacy questions, requests, or concerns, please visit our Contact page. We aim to respond within 5 business days.
EchoCare — Simple. Caring. Yours.
Built in New Zealand, designed for the world.
