TToxiGuard

Last updated: May 26, 2026

Privacy Policy

ToxiGuard is built on the belief that people deserve clear, trustworthy information about their medications and health. That same standard applies to how we handle your personal information. This policy explains what we collect, why we collect it, and how you can control it — in plain language, without the legal fog.

ToxiGuard is operated by ToxiGuard Inc., a company incorporated in Ontario, Canada. We are subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy law.

1. What Information We Collect

Information you give us directly

  • Account details — your email address and a password when you create an account.
  • Your medication regimen — the drugs, supplements, or substances you add to your personal stack. You choose what to add; nothing is imported automatically.
  • Your health profile — optional information you provide such as kidney function, liver function, pregnancy status, or other health conditions that affect how the app calculates interaction risks. This information is stored only on your device unless you are signed in to a synced account.
  • Search queries — medications, foods, chemicals, or household products you look up in the app.
  • Subscription tier — whether you are on the Consumer, Premium, or Provider plan.

Information collected automatically

  • Device and app data — your device type, operating system version, app version, and a randomly generated device identifier. We use this to diagnose crashes and understand how the app is performing.
  • Usage patterns — which screens you visit, how often you use the app, and general feature engagement (for example, "drug–food interactions were viewed 3 times this session"). We do not log the specific drugs or queries associated with usage events.
  • Approximate location — a city-level location derived from your device's GPS or network data, used solely to retrieve local weather conditions (temperature, air quality, pollen levels) that are relevant to certain drug precautions. We do not store your precise GPS coordinates.
  • Session tokens — a secure token used to authenticate your account across sessions. Stored securely on your device and transmitted over encrypted connections only.

Information we do not collect

We do not collect your name, phone number, date of birth, provincial health card number, payment card details (purchases are processed by Apple App Store or Google Play, not by us), or any biometric data.

2. Why We Collect It — and the Legal Basis

Under PIPEDA, we must identify the purposes for which we collect personal information at or before the time of collection. Here is what we use your data for, and why:

What we use Why Can you opt out?
Email + password To create and secure your account Only by not creating an account; the app works without one for basic features
Medication regimen + health profile To calculate interaction risks and safety alerts for you Yes — you can delete these at any time from the app
Search queries To return results and improve search accuracy Queries are used for your session; see retention section for details
Device and usage data To fix bugs, measure performance, and improve the app Opt-out available in Settings → Privacy
Approximate location To display weather-relevant drug precautions Yes — deny location permission in your device settings; the weather card will not load
Session token To keep you signed in securely No — required for authenticated sessions

We do not use your personal information for advertising, and we never sell it to third parties.

3. Sensitive Health Information

The medications you add, your health conditions, and your health profile are sensitive personal information. We treat them accordingly:

  • They are stored encrypted on your device (using your device's secure storage APIs).
  • If you use a synced account, they are transmitted over TLS-encrypted connections and stored encrypted at rest on our servers.
  • We do not share this information with any third party except as described in Section 6.
  • We do not use your specific medication list or health conditions for analytics, training machine learning models, or any purpose other than providing the service to you.

4. How Long We Keep Your Information

Data type Retention
Account information For as long as your account exists, plus 30 days after deletion (to allow recovery)
Medication regimen and health profile Deleted immediately upon your request or account deletion
Search queries (server-side logs) Aggregated and anonymised within 14 days; raw logs deleted within 30 days
Session tokens Expire after 90 days of inactivity; invalidated on sign-out
Crash and diagnostic data Deleted after 90 days
Anonymised usage analytics May be retained indefinitely in aggregate form; cannot be linked back to you

You can request deletion of all your personal information at any time by going to Settings → Account → Delete My Data, or by emailing us at privacy@toxiguard.ca. We will action deletion requests within 30 days.

5. How We Protect Your Information

We take reasonable technical and organisational measures to protect your personal information against loss, theft, and unauthorised access. These include:

  • TLS encryption for all data in transit between your device and our servers
  • Encrypted storage for sensitive data at rest (AES-256)
  • Secure, hashed password storage — we never store your password in plain text
  • Access controls limiting which employees can access personal data (principle of least privilege)
  • Regular security reviews of our infrastructure

No system is perfectly secure. If you believe your account has been compromised, please contact us immediately at privacy@toxiguard.ca.

In the event of a data breach that poses a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA's mandatory breach reporting rules.

6. Who We Share Your Information With

We do not sell, rent, or trade your personal information. We share limited information only in the following circumstances:

Service providers — We use a small number of third-party services to operate ToxiGuard. These providers process data on our behalf and are bound by data processing agreements requiring them to protect your information:

  • Cloud infrastructure — our servers are hosted on infrastructure that meets SOC 2 standards.
  • Crash reporting — we use a crash analytics service to receive diagnostic reports when the app crashes. These reports include device type, OS version, and a stack trace; they do not include your medication list or health data.
  • Open-Meteo — a free, open-source weather API used to retrieve weather data based on your approximate location. Open-Meteo does not receive any personal identifiers from ToxiGuard. See their privacy policy at open-meteo.com.

Legal requirements — We may disclose personal information if required to do so by law, court order, or a government authority, or if we believe disclosure is necessary to protect the safety of any person, prevent fraud, or protect our legal rights. We will notify affected users where legally permitted to do so.

Business transfers — If ToxiGuard is acquired, merged, or undergoes a similar corporate change, your personal information may be transferred as part of that transaction. We will notify you in advance and give you the opportunity to delete your account before any transfer takes effect.

7. Your Rights Under PIPEDA

As a Canadian resident, you have the right to:

  • Know what we hold — Request access to the personal information we have about you. We will respond within 30 days.
  • Correct inaccuracies — Ask us to correct personal information that is inaccurate or incomplete.
  • Delete your data — Request that we delete your personal information. See Section 4 for timelines.
  • Withdraw consent — Withdraw consent for processing that is not strictly necessary to provide the service. This may limit certain features.
  • Lodge a complaint — If you believe we have handled your personal information improperly, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca/en/report-a-concern.

To exercise any of these rights, contact us at privacy@toxiguard.ca. We may ask you to verify your identity before we can respond.

8. Children's Privacy

ToxiGuard is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@toxiguard.ca and we will delete it promptly.

Users between 13 and 18 should review this policy with a parent or guardian before using the app.

9. Third-Party Links and Services

The app may display links to external resources (for example, drug reference databases or health authorities). These third-party sites have their own privacy policies and we are not responsible for their practices. We encourage you to review the privacy policies of any sites you visit.

10. Provider (B2B) Accounts

If you use ToxiGuard through an organisation — for example, a pharmacy group or research institution with a Provider tier account — the organisation is the primary account holder. The organisation's administrators may be able to see activity within their account. Your organisation's own privacy practices also apply. If you have questions about how your organisation uses ToxiGuard, contact them directly.

Patient data entered by a Provider account holder remains subject to the same protections described in this policy. ToxiGuard does not use patient data entered in Provider accounts for analytics or service improvement.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you within the app and update the "Last updated" date at the top of this page. Continued use of ToxiGuard after a policy update constitutes acceptance of the revised policy. If you disagree with a material change, you can delete your account before the change takes effect.

12. Contact Us

If you have questions, concerns, or requests related to this privacy policy, please reach out:

ToxiGuard Inc. Privacy Officer Toronto, Ontario, Canada

Email: privacy@toxiguard.ca

We aim to respond to all privacy inquiries within 5 business days.

ToxiGuard is a consumer safety tool, not a medical device or clinical service. The information it provides does not constitute medical advice. Always consult a qualified healthcare professional for medical decisions.