OcuPath Privacy Policy

Effective date: 2026-05-27
Last updated: 2026-05-27

OcuPath ("we", "the app") helps you keep your own eye-health records:
intraocular pressure (IOP) readings, prescriptions, contact-lens specs, eye
drops and dose history, symptoms, clinic visits, and scanned documents. This
policy explains what we collect, why, who we share it with, and your choices.

OcuPath is not a diagnostic tool. It shows and organizes your data and may
suggest you review something with a professional. It never diagnoses, prescribes,
or replaces medical care.

What we collect

We only store data you enter or import yourself. There is no tracking SDK, no
advertising identifier, and no analytics on your health data.

Health & fitness data (the core of the app):

IOP measurements (value, eye, date/time, source, optional context tags and notes)
Prescriptions (sphere, cylinder, axis, add, PD, visual acuity, clinic)
Contact-lens specifications (base curve, diameter, brand)
Eye drops and dose history (taken / skipped / late)
Symptoms (type, severity, eye, time)
Clinic visits (clinic, doctor, date, summary, next-review date)
Scanned documents you upload (PDF/image files, the text we read from them via
on-device and server OCR, and the structured data extracted from them)

Identifiers:

Your Apple account identifier (the Sign in with Apple sub claim) is used as
your user ID so your records sync across your devices.
Your email address, only if you choose to share it during Sign in with Apple.

Diagnostics: none. v1.0 ships no crash reporter or usage analytics.

How we use it

To store your records and sync them across your signed-in devices.
To run reminders for your eye drops (scheduled locally on your device).
To read and structure documents you scan (OCR + AI extraction), so the data
lands in the right fields for you to confirm.
To authenticate you (Sign in with Apple).

We do not sell your data, use it for advertising, or use it to train any
third party's models.

Your data is processed only by the services needed to run the app:

Provider	Purpose	Data involved
Apple	Sign in with Apple identity verification	Apple `sub`, optional email
Anthropic	AI extraction of scanned documents (Claude Sonnet)	OCR text from scans you choose to extract
Cloudflare (R2)	Storage of scanned document files	Scan blobs
Hetzner	Application server + database hosting	All records above

Document text is sent to Anthropic only when you trigger extraction on a scan.
Per Anthropic's API terms, API inputs/outputs are not used to train their models.

Where it is stored

Records are stored in a PostgreSQL database and scan files in Cloudflare R2,
both under our control on servers in the EU (Hetzner, Finland/Germany). A local
copy is cached on your device for offline use.

Retention and deletion

We keep your data until you delete it. You can delete individual records in the
app. To delete your entire account and all associated data, contact us at the
address below; we remove it from the database and object storage within 30 days.

Security

Traffic between the app and our server is encrypted in transit (HTTPS/TLS).
The server is bound to loopback behind a TLS reverse proxy; the database is
not exposed publicly.
We never log raw Apple identity tokens or your email address.

HealthKit

v1.0 does not read from or write to Apple HealthKit. (A future version may
sync vision prescriptions to HealthKit, with a separate opt-in. There is no
HealthKit type for IOP, so IOP always stays in our own database.)

Children

OcuPath is not directed at children under 13 and we do not knowingly collect
their data.

Your rights

Depending on where you live (e.g. GDPR/EEA, UK, California), you may have rights
to access, correct, export, or delete your data, and to withdraw consent. Most
are self-serve in the app; for the rest, contact us.

Changes to this policy

We will update this page and the "Last updated" date when the policy changes.
Material changes will be surfaced in the app.

Contact

Privacy questions or deletion requests: privacy@smartycode.com