Last updated: April 22, 2026
📋 Overview
FASDassist ("the App") is a caregiver support application designed to help families supporting individuals with Fetal Alcohol Spectrum Disorder (FASD). This policy explains what data we collect, how we use it, and your rights.
We do not sell, share, or monetize your personal data in any way.
📦 Data We Collect
We collect only what is necessary to provide the App's features:
- Account information: Email address and encrypted password for login.
- Youth profile: Name, date of birth, photo (optional), and location/province.
- Health information: Medications, allergies, medical triggers, and health card numbers (stored encrypted on your device).
- Care team contacts: Names, phone numbers, roles, and appointment details you enter.
- Financial records: Expense amounts, mileage, and funding applications you log.
- Journal entries: Notes and shared entries between caregiver and youth.
- Appointment and routine data: Schedules and checklists you create.
🔒 How We Store & Protect Your Data
- All data is transmitted over HTTPS (TLS encryption).
- Sensitive credentials (auth tokens, health card numbers) are stored in your device's secure keychain — not in plain storage.
- Data is stored on a secured MongoDB database hosted on Railway.app in Canada/North America.
- We use JWT-based authentication with short-lived access tokens.
- The App prevents screenshots and Recent Apps previews to protect sensitive information on your screen.
🌐 Data Sharing
We do not share your personal data with third parties, advertisers, or analytics services.
The only external service your data touches is our backend API hosted on Railway.app. No data is sent to social networks, ad networks, or analytics platforms.
👶 Children's Privacy
FASDassist is designed for use by adult caregivers. Youth profiles within the App are managed exclusively by the caregiver account holder. We do not knowingly collect data directly from children under 13.
🗑️ Data Deletion
You can request deletion of your account and all associated data at any time by contacting us at the email below. We will process deletion requests within 30 days.
Individual records (journal entries, expenses, contacts) can be deleted directly within the App.
📱 Permissions Used
- INTERNET: Required to sync data with our backend.
- READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE: Used only when you choose to attach a photo to a youth profile.
- WRITE_EXTERNAL_STORAGE: Used only when you export a report or document.
- RECORD_AUDIO: Used for voice note features in the journal and routines.
- POST_NOTIFICATIONS: Used to deliver appointment reminders and routine alarms you schedule.
🔄 Changes to This Policy
We may update this policy as the App evolves. We will notify users of significant changes through the App or by email. Continued use of the App after changes constitutes acceptance of the updated policy.