Privacy Policy - CareRing

Effective date: March 22, 2026
Last updated: March 22, 2026

CareRing ("the App") is published by Vasil Nonchev, an independent developer based in Bulgaria, EU. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the CareRing Android application and related services at carering.app.

        Our commitment: We do not sell your data. We do not show ads. We do not share your personal information with third parties beyond the service providers listed in this policy. Your health data belongs to you.
    

1. Data Controller

The data controller responsible for your personal data is:

Vasil Nonchev
Bulgaria, European Union
Email: privacy@carering.app

2. Data We Collect

Category	Specific Data	Purpose
Account information	Name, email address (via Google Sign-In)	Authentication, account identification
Health & medical data Sensitive	Medications (names, dosages, schedules), medical conditions, allergies, emergency contacts	Medication tracking, care coordination
Care circle data	Circle membership, roles, care recipient profiles	Coordinating caregiving among family members
Check-in data	Mood ratings, pain scores, notes, timestamps	Daily wellness tracking
Activity data	Tasks, appointments, care notes, activity logs	Task assignment, appointment management, care history
Device data	Device model, OS version, crash logs	Bug fixing, app stability (via Crashlytics)
Subscription data	Subscription tier, purchase tokens	Subscription management (via RevenueCat / Google Play)

3. Legal Basis for Processing (GDPR Art. 6 & Art. 9)

Consent (Art. 6(1)(a) & Art. 9(2)(a)): You explicitly consent to the processing of your health data when you enter it into the App. You may withdraw consent at any time by deleting your data or account.
Contract performance (Art. 6(1)(b)): Processing your account and activity data is necessary to provide the CareRing service.
Legitimate interest (Art. 6(1)(f)): We process device and crash data to maintain app security and stability.

4. How We Use Your Data

Provide and operate the CareRing caregiving coordination features
Authenticate your identity and manage your account
Synchronize data across your care circle members
Send push notifications about medication reminders, task updates, and care circle activity
Process and manage your subscription
Diagnose crashes and improve app stability

We never use your data for advertising, profiling, automated decision-making, or any purpose beyond providing the CareRing service.

5. Third-Party Service Providers

We share data only with the following service providers, each acting as a data processor under appropriate agreements:

Provider	Service	Data Shared	Privacy Policy
Google (Firebase Auth)	User authentication	Email, name, auth tokens	Firebase Privacy
Google (Firebase Cloud Messaging)	Push notifications	Device tokens, notification content	Firebase Privacy
Google (Firebase Crashlytics)	Crash reporting	Device info, crash stack traces	Firebase Privacy
Google Cloud Platform	Server hosting (Cloud Run)	All server-side data (encrypted at rest)	GCP Privacy
RevenueCat	Subscription management	Anonymous user ID, purchase tokens	RevenueCat Privacy

We do not sell, rent, or share your personal data with any other third parties.

6. Data Storage & Security

Server-side

Data is stored on Google Cloud Platform in the europe-west1 (Belgium) region, within the EU.
All data is encrypted at rest using AES-256-GCM (GCP default encryption).
Database backups are encrypted at rest using the same standard.
All data in transit is protected by TLS 1.2+ (HTTPS only).

On-device

Local data is stored in a SQLCipher-encrypted database (256-bit AES) on your Android device.
Sensitive preferences are stored in Android's encrypted DataStore.
Authentication tokens are stored securely using Android Keystore-backed encryption.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

All your personal data, health records, and activity history are permanently deleted from our servers within 30 days.
Crash logs and anonymized analytics are retained for up to 90 days for stability analysis.
Backup copies are purged within 30 days of account deletion.

8. Your Rights Under GDPR

As an EU resident or user of an EU-based service, you have the following rights under the General Data Protection Regulation:

Right	GDPR Article	Description
Access	Art. 15	Request a copy of all personal data we hold about you.
Rectification	Art. 16	Request correction of inaccurate personal data.
Erasure	Art. 17	Request deletion of your personal data ("right to be forgotten").
Restriction	Art. 18	Request restriction of processing in certain circumstances.
Portability	Art. 20	Receive your data in a structured, machine-readable format (JSON export).
Objection	Art. 21	Object to processing based on legitimate interest.
Withdraw consent	Art. 7(3)	Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@carering.app. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with the supervisory authority in your EU member state of residence. As we are based in Bulgaria, the lead supervisory authority is:

Commission for Personal Data Protection (CPDP)
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: www.cpdp.bg
Email: kzld@cpdp.bg

9. International Data Transfers

Your data is processed and stored within the European Union (GCP europe-west1, Belgium). We do not transfer your personal data outside the EU/EEA. Third-party services (Firebase, RevenueCat) may process limited data in the US under appropriate safeguards, including Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework as approved by the European Commission.

10. Children's Privacy

CareRing is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@carering.app and we will promptly delete it.

Account holders must be at least 18 years of age. Care recipients (the person receiving care) may be of any age, but the account holder managing their care must be 18 or older. Health data entered about a care recipient is managed under the account holder's responsibility and consent.

11. Push Notifications

CareRing sends push notifications for medication reminders, task updates, and care circle activity via Firebase Cloud Messaging. You can disable notifications at any time through your Android device settings or within the App's notification preferences.

12. Cookies & Tracking

The CareRing Android app does not use cookies. We do not use any advertising trackers or analytics SDKs beyond Firebase Crashlytics for crash reporting.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you via in-app notification or email for significant changes.
Obtain renewed consent where required by law.

14. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact:

Vasil Nonchev
Email: privacy@carering.app
Website: carering.app