Privacy Policy
Last updated: March 2026
1. Data Controller
Alteox SARL Luxembourg Email: hello@alteox.com Alteox SARL ("we", "us") is the data controller responsible for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Luxembourg's Data Protection Act of 1 August 2018.
2. Data We Collect
We collect and process the following data: • Account data: email address, display name, authentication provider (Google, Apple, or email) • Medication data: medication names, dosage, form, expiry dates, stock status, photos of medication packaging, custom notes • Usage data: app interactions, cabinet organisation, search queries • Device data: device type, operating system version, app version Photos of medication packaging are processed by AI (Claude Vision API by Anthropic) to extract text. Photos are stored securely and only accessible to your account.
3. Purpose of Processing
We process your data for the following purposes: • Providing the core service: scanning, storing, and organising your medication inventory • AI-powered text extraction from medication packaging photos • Drug information lookup from pharmaceutical databases • Symptom-based medication search within your inventory • Expiry date tracking and notifications • Account management and authentication • Service improvement and bug fixing
4. Legal Basis (Art. 6 GDPR)
We process your personal data based on: • Contract performance (Art. 6(1)(b)) — processing is necessary to provide you the PillTrove service you registered for • Legitimate interest (Art. 6(1)(f)) — for service improvement, security, and fraud prevention • Consent (Art. 6(1)(a)) — for optional features such as push notifications. You may withdraw consent at any time.
5. Data Storage & Security
Your data is stored on servers located within the European Union (EU/EEA). We use encrypted connections (TLS/HTTPS) for all data transmission. Authentication tokens are stored securely and passwords are hashed. Medication photos are stored in encrypted cloud storage accessible only to your account.
6. Third-Party Processors
We use the following third-party services to provide PillTrove: • Appwrite (database, authentication, file storage) — EU-hosted • Anthropic (Claude Vision API) — for AI-powered medication scanning. Photos are sent to Anthropic's API for text extraction. Anthropic does not use your data for model training. • OpenFDA / ChEMBL — public pharmaceutical databases for drug information lookup (no personal data shared) All processors are bound by data processing agreements in compliance with GDPR.
7. Your Rights
Under the GDPR, you have the following rights: • Right of access (Art. 15) — request a copy of your personal data • Right to rectification (Art. 16) — correct inaccurate data • Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten") • Right to data portability (Art. 20) — receive your data in a machine-readable format • Right to restrict processing (Art. 18) • Right to object (Art. 21) • Right to lodge a complaint with the Luxembourg supervisory authority: Commission Nationale pour la Protection des Données (CNPD), 15 Boulevard du Jazz, L-4370 Belvaux, Luxembourg — www.cnpd.lu To exercise your rights, contact us at hello@alteox.com.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data including medication records and photos will be permanently deleted within 30 days. Anonymised, aggregated data may be retained for statistical purposes.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.
10. Contact
For any questions regarding this Privacy Policy or your personal data: Alteox SARL Email: hello@alteox.com