PRIVACY & SAFETY

Your health data belongs to you.

For-Fin was built with privacy as a default, not an afterthought. Here is what we do, what we do not do, and how your data is protected.

NOT A MEDICAL DEVICE

For-Fin does not diagnose, predict, treat, or provide medical advice. It helps users record information, manage routines, and prepare reports to discuss with qualified health professionals. It is not a substitute for professional medical care.

What we collect

For-Fin collects only what you enter: your name, medication details, dose logs, seizure event records, and optional care team connections. We do not collect location data, raw sensor data, or any information beyond what you explicitly enter.

We collect your email address for authentication. We do not use it for advertising or share it with third parties.

How your data is stored

All data is stored in a Supabase Postgres database with Row-Level Security (RLS) enforced at the database level. This means only you — and caregivers you have explicitly invited and approved — can access your records. No other authenticated user can query your data, even if they know your ID.

Data is stored in Australia-region servers. Backups are encrypted. Database access requires authenticated sessions with no exposed service-role keys on the client.

Caregiver access

You may invite a trusted person to your Care Circle. Caregivers must accept the invitation and are assigned a role with specific access limits. You can revoke access at any time. Revoked caregivers immediately lose all access. All caregiver actions are logged in an audit trail visible to you.

Caregivers with limited access can only see medication summaries. Caregivers with full access can see medication logs and event records. No caregiver can change your plan or delete your data.

Reports

Reports generated in For-Fin are private by default. They are not publicly accessible. If you download or print a report, you control where it goes. We create an audit record when a report is generated.

Emergency disclaimer

For-Fin is not an emergency response service. If you or someone else is experiencing a medical emergency, call emergency services immediately (000 in Australia, 911 in the US, 999 in the UK). Do not rely on For-Fin for emergency decisions.

Data export and deletion

You can export all your data at any time from Settings → Your Data. The export is a JSON file downloaded directly to your device — no copy is stored on our servers.

You can delete your account from Settings → Danger Zone. Deletion removes all your patient records, medication plans, logs, seizure events, and care team connections immediately. Your authentication record may take additional time to be fully purged from Supabase infrastructure.

What we do not do

  • Sell or share your data with advertisers
  • Use your health data to train AI models
  • Make diagnostic or predictive medical claims
  • Provide emergency response or crisis services
  • Send unsolicited marketing beyond product updates you opted into
  • Collect location data
  • Access your device sensors without your action

Contact

Questions about your data or privacy? Email hello@for-fin.com. We aim to respond within 48 hours.

Last updated May 2026. for-fin.com