Privacy Policy
1. WHO WE ARE
2. WHAT WE COLLECT
When you sign in with Apple, we receive an anonymised identifier from Apple and, if you choose not to hide your email, your Apple email address. If you use Apple’s private relay, we receive a relay address only.
You may choose a nickname for the person you’re organising meds for (e.g. “Mom”, “Leo”). This is a display label you create – it is stored in your account.
Medication names you enter are stored so the app can function. These are publicly known product names, not linked to any identified individual.
We use PostHog for anonymous usage analytics. PostHog is configured to: discard client IP addresses before storage; use a one-way hashed identifier (never your real account ID); and operate in cookieless mode. No medication names, no patient data, and no personal identifiers are included in any analytics event.
If you contact us for support, your message may include an account reference (such as your anonymised user identifier) to help us locate your account and respond accurately. This information is used solely to provide support and is not stored beyond what is necessary to resolve your request.
All data is stored on Supabase infrastructure hosted in the EU (Ireland, eu-west-1).
TL;DR
We store your Apple sign-in so you can log back in. That’s it for identity.
The nickname you pick for your loved one – “Mom”, “Dad”, whatever feels right – is just a label. It’s not an identity record.
Medication names are stored so the app works. They’re not linked to a name, a face, or any person.
Our analytics tool (PostHog) genuinely doesn’t know who you are. Your IP is discarded. Your ID is scrambled. No med names ever leave the app as analytics data.
If you email us for help, we may ask for or receive a reference to your account so we can actually find it. We use it to help you – nothing else.
Everything lives in EU servers. Your data doesn’t go to the US.
3. WHAT WE DON’T COLLECT
We do not collect any of the following: the patient’s name, date of birth, photo, diagnosis, medical history, or any other identifying information about the person you care for. The patient exists in our database only as an anonymous internal identifier.
We do not collect location data, contacts, camera access, or biometric data. We do not run advertising or sell data of any kind.
TL;DR
We don’t know who you’re caring for. We can’t – we never ask.
No location. No camera. No ads. No selling your data. We collect what the app needs to work, and nothing else.
4. HOW WE USE YOUR DATA
Your data is used solely to provide the With service: authenticating your account, displaying your medication list, running fill session calculations, and delivering notifications if you choose to enable them, and providing customer support when you contact us.
Anonymous, aggregated analytics data is used to understand how the app is used and to improve it. This data cannot be traced back to any individual.
We do not use your data for advertising, profiling, or any purpose unrelated to operating With.
TL;DR
Your data powers With. That’s the whole list.
We look at anonymous stats – things like “how many people finished a fill session” – to make the app better. We never look at your individual data to do this.
5. WHO WE SHARE IT WITH
We use the following third-party service providers to operate With:
Supabase – database and authentication infrastructure, hosted in the EU (Ireland).
PostHog (EU cloud) – anonymous usage analytics, configured with IP discard and cookieless mode.
Apple – sign-in authentication via Apple Sign In.
RevenueCat – subscription management via Apple’s in-app purchase infrastructure. RevenueCat receives a hashed, anonymised user identifier – never your real account ID. RevenueCat processes and stores subscription data on servers in the United States. See RevenueCat’s privacy policy at revenuecat.com/privacy.
We do not sell, rent, or share your personal data with any other party. We do not use advertising networks or data brokers.
TL;DR
Four tools keep With running: Supabase (stores your data, in the EU), PostHog (anonymous stats), Apple (sign-in), and RevenueCat (handles your subscription through Apple).
RevenueCat is based in the US – that’s the one place your data touches outside the EU, and only for subscription management. They receive a scrambled ID, not your real one.
That’s the complete list. No one else. We don’t sell data. We don’t buy it either.
6. WHERE YOUR DATA IS STORED
Your data is stored on Supabase servers located in Ireland (eu-west-1). All data is encrypted at rest and in transit. This means your data remains within the European Economic Area at all times.
PostHog analytics data is processed on PostHog’s EU cloud infrastructure (eu.i.posthog.com). RevenueCat processes subscription data on servers in the United States, as noted in section 5.
TL;DR
Your data lives in Ireland. It’s encrypted. It stays in the EU.
Analytics are also EU-hosted. Subscription data touches the US via RevenueCat – but only a scrambled ID, not anything personally identifying.
7. HOW LONG WE KEEP IT
We retain your data for as long as your account is active. If you delete your account, all associated data – your account record, patient record, medication list, and all related data – is permanently deleted immediately. There is no grace period and no soft delete.
Anonymous analytics data, which cannot be linked to you, may be retained for longer periods for product improvement purposes.
TL;DR
We keep your data while you use With. The moment you delete your account, everything goes – permanently, immediately, no take-backs.
The anonymous stats we use to improve the app stick around longer, but they’re genuinely anonymous – they can’t be traced back to you.
8. YOUR RIGHTS (GDPR)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:
Right of access – you can request a copy of the data we hold about you.
Right to erasure – you can delete your account and all associated data directly from the app at any time, under Settings.
Right to portability – you can export your full medication list as a JSON or CSV file directly from the app at any time, under Settings.
Right to rectification – you can edit any data in the app at any time.
Right to object – you can contact us to object to any processing of your data.
To exercise any right not directly available in the app, contact us at .
TL;DR
GDPR gives you real control over your data, and we built the app around that from the start.
Want to delete everything? It’s in Settings – one flow, done immediately. Want a copy of your data? Also in Settings – export as JSON or CSV in seconds. Want to fix something? Edit it directly in the app.
9. CHILDREN
With is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe a child has provided personal data through the app, please contact us at and we will delete it promptly.
TL;DR
With is for adults managing medications. We don’t collect data from children under 13, and if we ever did by mistake, we’d delete it straight away – just let us know.
10. CHANGES TO THIS POLICY
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. If changes are material, we will notify you within the app.
Continued use of With after a policy update constitutes acceptance of the revised policy.
TL;DR
If this policy changes in a meaningful way, we’ll tell you in the app. The date at the top always reflects the latest version.