Privacy Policy

Carakin ("we", "our", or "the app") is operated as a family wellness tracking service. This Privacy Policy explains what we can and cannot see, how encrypted data is handled, and the choices you have.

Important: We do not collect or read your health, medication, appointment, task, or document content. That information is encrypted on your device before it reaches our servers. We only store and sync the encrypted result, which we cannot decrypt.

What we can access

To run the app, we process a small amount of information in readable form:

• Account sign-in: name, email address, and account identifier from Google, Apple, or Microsoft (used only to authenticate you). • Family setup: family name, member roles, invites, and membership records (used to connect the right people in the app). • Notifications: device push tokens (used to deliver schedule reminders you set; reminder content is not sent in readable form through our servers). • Diagnostics (when enabled): crash reports, error logs, and basic device or app version information (does not include decrypted health content).

Health and care content we do not collect in readable form

The wellness information you and your family enter or sync, including check-ins, medications, appointments, tasks, uploaded documents, profile photos, and Health Connect metrics (such as steps, sleep, heart rate, and exercise minutes), is encrypted on your device before it is uploaded.

Our cloud storage receives ciphertext only. Carakin does not hold your family decryption key and cannot read, search, sell, or use the underlying content of that encrypted data. Only people in your family who have the key on their devices can decrypt and view it.

How encryption works

Encryption happens on your phone before data is sent to Firebase. We store encrypted blobs and sync them between your devices so the app works, but the readable content stays on your side of the encryption. Losing your recovery code and all trusted devices can make encrypted data unrecoverable, including by us.

How we use information

We use readable account and family data to sign you in, manage membership, and deliver reminders. We use encrypted payloads only as opaque data to store and sync between your devices. We do not sell personal or health information, and we do not have access to the readable contents of your encrypted health data.

Third-party services

Carakin uses Google Firebase (authentication, database, storage, cloud messaging, and crash reporting) and platform health APIs (Health Connect on Android). Health content in Firebase is encrypted on your device before upload; providers store and transmit ciphertext but cannot read it without your family key. Other readable account and operational data is processed according to their policies and our configuration.

Data retention and deletion

Family admins can permanently delete a family and its encrypted data from within the app. Deleting a family removes associated Firestore records, stored files, encryption wraps, and local keys on the deleting device. Your sign-in account may remain with your identity provider until you delete it separately. See the Data Policy for a full deletion checklist.

Children and sensitive health information

Carakin is a family wellness log, not a medical record system or a HIPAA-covered service. Do not use it as a substitute for professional medical advice. Parents and guardians are responsible for profiles they create for minors.

Contact

Questions about this policy: support@carakin.com