Privacy Policy

Tomly · Last updated: May 7, 2026 · Version 1.0

One-line summary Tomly does not collect, store, or transmit any personal data or health information. Your medications, schedules, and adherence history live only on your iPhone. The App is 100% free, with no In-App Purchases.

Wellness tool, not a medical device Tomly is not a medical device. It is not intended to diagnose, treat, cure, or prevent any disease. Always consult your healthcare provider for medical advice.

1. Who we are

Tomly (hereinafter, "the App") is developed and operated by Ingeniería.dev, led by Chris Flores (hereinafter, "we", "the Developer").

Contact: christian@irack.mx
Address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico

2. What data we collect

None. Tomly was built with privacy by default. The App:

Does not require registration or an account
Does not ask for your email, name, phone number, date of birth, or any personally identifiable information
Does not access your contacts, camera, photos, location, calendar, microphone, or Apple Health
Does not include any third-party SDKs for analytics, advertising, tracking, or crash reporting
Does not send telemetry, usage metrics, or error reports to any server we control
Does not transmit any Protected Health Information (PHI) to any backend, cloud service, or third party

3. What is stored on your device

The App stores locally (using SwiftData inside the iOS app sandbox) only what's needed to schedule your reminders and show your adherence history:

Data	Purpose	Location
Medication list (name, dose, color, icon, notes)	Display your meds and schedule the right reminders	Device (SwiftData)
Schedule rules (times of day, days of week, frequency)	Compute the next dose and fire local notifications at the correct time	Device (SwiftData)
Adherence history (dose taken, skipped, snoozed, with timestamps)	Show your progress and let you share a printable summary with your doctor	Device (SwiftData)
App preferences (language, appearance, sound preference, snooze duration)	Restore your settings between launches	Device (UserDefaults)
Pending and delivered local notifications	iOS schedules them on your behalf so reminders fire even when the App is closed	Device (iOS Notification Center)

This data is never sent to the Developer's servers. There is no backend, no database in the cloud, and no synchronization across devices. If you delete the App, all of this information is removed with it.

4. External services used

None. Tomly is fully offline. The App makes no network requests with your medication or adherence information, no telemetry calls, no analytics pings, and no third-party SDK calls. The only network activity Tomly relies on is the one-time App Store download handled by iOS itself — once installed, the App is fully self-contained.

5. System permissions

Tomly requests only one sensitive iOS permission, and only because the core feature requires it:

Notifications (UNUserNotificationCenter) — Required for the reminder feature. Tomly schedules local notifications via the iOS Notification Center, so reminders fire on time even if the App is closed and the device is offline. Notifications are scheduled and delivered by iOS itself, not by any external server. You can revoke this permission at any time in Settings → Tomly → Notifications.

The App does not request:

Location
Camera or microphone
Contacts, calendar, or reminders
Photos or media library
Bluetooth or local network
Apple Health (HealthKit) — currently not requested. A future version may offer optional HealthKit integration; if added, it will be opt-in and disclosed in this Policy.
App Tracking Transparency (no tracking, ever)

6. Marketing and advertising

The App displays no ads and contains no In-App Purchases. We do not collect data for remarketing, profiling, segmentation, behavioral analysis, or any promotional purpose. We do not participate in ad networks, and we do not sell information to third parties. We never email you about the App because we don't have your email.

7. Minors

The App is rated 4+ and is suitable for all ages. We do not knowingly collect information from minors. Because the App requires no registration and stores nothing externally, it complies with COPPA (US), LGPD Infantil (Brazil), and GDPR-K (EU) by design.

8. User rights (GDPR, CCPA, LFPDPPP, HIPAA context)

Even though we collect no data, the following rights are guaranteed by design:

Right to access: All your data lives on your device and is accessible from within the App.
Right to rectification: You can edit or delete any medication, schedule, or history entry at any time.
Right to erasure: Uninstalling the App deletes all associated data immediately and irreversibly.
Right to portability: Not applicable — no data exists on external servers. The App may offer a printable PDF summary of your adherence history (locally generated) that you can hand to your doctor.
Right not to be subject to automated decisions: The App does not use algorithmic profiling or AI inference on your health data.

Regarding HIPAA: Tomly is a personal wellness tool, not a Covered Entity, Business Associate, or healthcare provider. Even so, because no PHI ever leaves your device, the App is structurally aligned with the principle of minimum necessary use of protected information.

For any questions about your rights, please email christian@irack.mx.

9. Security

Local data is stored inside the iOS app sandbox, protected by the operating system and by device-level disk encryption (Apple's Data Protection API). Your medication list and adherence history are only readable while the device is unlocked. Tomly does not perform any network communication with your medical data.

10. Health and wellness context

Tomly is a wellness reminder tool, not a medical device, not a clinical decision support system, and not a substitute for medical advice. The App:

Does not interpret prescriptions or diagnose conditions
Does not check for drug-drug interactions
Does not validate dosages against body weight, age, or kidney function
Does not contact your pharmacy, doctor, or insurer

Tomly's job is to remind you, on time, to take what your doctor told you to take. Always follow your healthcare provider's instructions and consult them for any medical question.

11. International transfers

We do not perform international transfers of personal data because we do not store personal data on any server. All data is held on the user's device.

12. Changes to this policy

We may update this Privacy Policy to reflect changes to the App or to applicable law. The current version will always be published at this URL, along with the date of the last update. Material changes will also be announced inside the App.

13. Governing law

This Policy is governed by the laws of the United Mexican States, in particular the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Any dispute will be submitted to the competent courts of Mexico City.

14. Contact

Privacy Officer: Chris Flores
Email: christian@irack.mx
Postal address: Av. Javier Barros Sierra 495, Santa Fe Lomas de Santa Fe Zedec Santa Fé, Álvaro Obregón 01219, Mexico City, CDMX, Mexico