Privacy Policy for DrugSpot

Last Updated: April 22, 2026

DrugSpot (the "App") is developed and operated by Andrew Martin ("we," "us," or "our"). This Privacy Policy explains what information we collect when you use the App, how we use it, and the choices you have. We aim to be transparent and to collect only what we need to run the App.

1. Information We Collect

Account information

• Email address. Collected when you sign up with email and password, sign in with Apple, or sign in with Google.
• Password. If you use email and password sign-in, your password is stored in hashed form by Firebase Authentication (a Google service) on our behalf. We never see your plaintext password. Apple and Google sign-in do not create a password with us.
• User identifier. A unique Firebase User Identifier (UID) is generated for each account.
• Display name and profile photo URL. Optional. If you sign in with Apple or Google we receive the name and photo URL you have chosen with that provider. You can edit your display name in the App.

Data you create while using the App

• Study activity: flashcards you create, puzzle completions, quiz scores, streaks, experience points, achievements, and study timestamps.
• Multiplayer activity: game wins, losses, and your Elo Rating System (ELO) score. Your display name, avatar, and multiplayer statistics are visible to other players on leaderboards and during multiplayer games.

App preferences

• Theme, notification settings, and similar preferences are stored on your device. Some preferences (for example, study reminders) also save to your account so they sync across devices.

If you make a purchase

• Subscription status. We store whether you have an active subscription, which tier, and when it expires. Managed by RevenueCat, which receives your Firebase User ID.
• Payment details. Payments for in-app subscriptions are processed directly by Apple (App Store) or Google (Play Store). We never see or store your credit card, debit card, or billing information.

If you submit a bug report

When you tap "Report an Issue" and submit, we collect: your report description, a screenshot if you attach one, your device model, your Operating System (OS) version, your app version, and your theme preference. We do not collect any of this unless you initiate a report.

Automatically collected

• Firebase Installation Identifier (ID), generated automatically by Firebase to route your data to the correct account and to help us debug issues tied to a specific install.

What we do NOT collect

• Location (Global Positioning System (GPS), coarse, or Internet Protocol (IP)-based)
• Contacts, text messages, phone call logs, or calendar
• Photos or files beyond screenshots you choose to attach to a bug report
• Microphone or camera data
• Web browsing history
• Health or medical information about you
• Advertising identifiers (we do not serve ads in the App)

2. How We Use Your Information

• To create your account and authenticate you at sign-in.
• To save your study progress, flashcards, and preferences, and to sync them across your devices.
• To rank players on leaderboards and run the multiplayer experience.
• To manage your subscription and unlock premium features.
• To respond to and investigate bug reports.
• To schedule local reminders on your device for study sessions, streaks, and flashcard reviews. These notifications are generated locally; we do not send remote push notifications.
• To understand aggregate usage patterns so we can improve the App.

We do not sell your personal information. We do not use your data for third-party advertising.

3. Service Providers

We rely on the following service providers. Each is contractually bound to process your data only on our behalf.

• Firebase Authentication (Google LLC). Account creation, sign-in, password hashing.
• Cloud Firestore (Google LLC). Stores your profile, study data, multiplayer statistics, and bug reports.
• Firebase Storage (Google LLC). Stores files you upload, such as bug report screenshots.
• RevenueCat, Inc. Manages your subscription entitlements.
• Apple, Inc. and Google LLC. Process in-app purchase payments.
• ElevenLabs, Inc. Generates drug pronunciation audio. We send a drug name to the ElevenLabs Text-to-Speech Application Programming Interface (API). No account or personal information is sent.
• Open Food and Drug Administration (OpenFDA) and DrugBank. Provide reference drug information. We send a drug name in the query. No account or personal information is sent.

These providers have their own privacy policies, which we encourage you to review.

4. Data Security

• All communication between the App and our service providers is encrypted in transit using Hypertext Transfer Protocol Secure (HTTPS).
• Passwords are hashed and stored by Firebase Authentication using industry-standard techniques. We never handle plaintext passwords.
• We apply reasonable administrative and technical safeguards, but no system can be guaranteed 100% secure. We cannot promise absolute security.

5. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account and associated data at any time:

• In the App: Settings → Delete Account.
• On the web: visit https://drugspotapp.com/delete-account — no login required. Enter the email address associated with your account to submit a deletion request.

Account deletion removes your profile, display name, photo URL, study progress, flashcards you created, puzzle and quiz history, multiplayer statistics, achievements, streaks, subscription record, and bug reports you submitted. Firebase Authentication also deletes your sign-in credentials.

Deletion requests are processed within 30 days. Backups may retain copies for up to 90 additional days before they are overwritten.

6. Your Rights

• View and edit your profile in Settings.
• Sign out at any time.
• Delete your account and data using the options above.
• Contact us with any privacy question.

If you are in the European Economic Area (EEA), the United Kingdom, or California, you have additional rights under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), including the right to access, correct, and delete your data, and the right to object to or restrict certain processing. Contact us to exercise these rights.

7. Children's Privacy

DrugSpot is intended for pharmacy students and other adult learners. It is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn that a user under 13 has created an account, we will delete the account and its data.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted in the App and on our public privacy page. The "Last Updated" date at the top tells you the most recent revision. Your continued use of the App after changes take effect constitutes acceptance of the revised Privacy Policy.

9. Contact Us

For any privacy question or request, contact us here.

10. Governing Law

This Privacy Policy is governed by the laws of the United States. Any disputes arising under this Privacy Policy are subject to the exclusive jurisdiction of the applicable courts.