Effective date: 26 June 2026
Holdfully ("Holdfully", "we", "us", "our") is a private, invitation-based iOS app that helps families coordinate care for an aging or dependent loved one. Members create a shared "care circle" and coordinate medication schedules and reminders, appointments, tasks, daily check-ins, and an emergency card. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to the Holdfully iOS app and the related services we operate.
Everything below is collected only to operate the features you use ("App Functionality"). We do not use any of it for advertising or to track you across other companies' apps or websites. The table maps our collection to Apple's App Store privacy categories.
| Data type | Examples | Linked to you? |
|---|---|---|
| Contact info | Name, email address | Yes |
| Identifiers | Holdfully user ID; device push token (a Device ID, see below) | Yes |
| Health & Fitness | Medications, schedules, vitals and other readings you record | Yes |
| Sensitive info | Health-related details about the person being cared for | Yes |
| Contacts | Names and invite details of the people you invite into a care circle, which you enter manually | Yes |
| Photos or videos | Photo or video attachments you add to check-ins | Yes |
| Other user content | Appointments, tasks, notes, messages, documents you enter | Yes |
| Purchases | Subscription status and purchase history | Yes |
| Usage data | Product interaction / analytics events | Yes |
| Diagnostics | Crash data | No (crash data is not linked to you) |
We do not sell your personal information, and we do not use it for advertising or cross-app tracking.
Holdfully's backend runs on Google Firebase, which provides authentication, our database (Cloud Firestore), file storage (Cloud Storage), server logic (Cloud Functions), and push messaging (Firebase Cloud Messaging, "FCM"). To deliver notifications, FCM issues a device-specific push token. This token functions as a Device ID: we store it and use it solely to send the notifications you have enabled (such as medication and appointment reminders) to your device. The token is not used for advertising or tracking. If you turn off notifications, you can also revoke this association.
Holdfully's optional "scan a medication label" feature uses Apple's on-device Vision framework to recognize text from the label using your device's camera. This optical character recognition (OCR) happens entirely on your iPhone. For this scanning feature, no image is uploaded, and no photo or scan is sent to our servers or to any artificial-intelligence service. Only the text you choose to keep (for example, a medication name you save into the circle) is stored as part of your care information. This on-device limitation applies specifically to the label-scan feature; photos or videos you separately choose to attach to a check-in are uploaded and stored as described elsewhere in this policy.
Holdfully does not collect, request, or use your location, and it does not read GPS data. The emergency card simply places a one-tap phone call to the standard emergency number for your region setting (for example, 911 in the US and Canada, 000 in Australia, 111 in New Zealand). Placing that call uses the phone dialer on your device; we do not determine or record where you are.
You can sign in with email and password, Google Sign-In, or Apple Sign In.
We use these identifiers only to create and secure your account.
Care information is visible only to the members you or the circle owner invite into that circle, limited by each member's role. It is not shared with other circles or made public by us.
We use trusted providers to operate Holdfully. They process data on our behalf under their own privacy terms:
Holdfully does not request access to your location or to your device's address book (Contacts). You can grant or revoke the permissions above at any time in your device Settings.
Information is encrypted in transit and at rest by our infrastructure providers, and access is restricted by each member's role within a circle. No method of storage or transmission is completely secure, but we use industry-standard safeguards to protect your information. In the event of a data breach affecting your personal information, we will notify affected users and the relevant authorities without undue delay, as required by applicable law.
We keep your information for as long as your account is active. You can request deletion of your account and associated data at any time by emailing support@holdfully.app. We will delete your personal data within 30 days of a verified request, except where we are required to retain certain records to comply with law, resolve disputes, or enforce our agreements. Note that content shared into a circle may remain visible to other members of that circle unless they also delete it.
Holdfully is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.
If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct inaccuracies, and to not be discriminated against for exercising these rights. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not use it for cross-context behavioral advertising. To exercise your rights, email support@holdfully.app.
We handle personal information in accordance with the Personal Information Protection and Electronic Documents Act. You may access and request correction of your personal information, and you may withdraw consent (subject to legal and contractual limits) by contacting us. Where required, we will explain why information is collected and obtain meaningful consent.
We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988. You may request access to and correction of your personal information, and you may make a privacy complaint by contacting us; if unresolved, you may escalate to the Office of the Australian Information Commissioner.
We handle personal information consistent with the Information Privacy Principles under the New Zealand Privacy Act 2020. You may request access to and correction of your personal information by contacting us, and you may raise concerns with the Office of the Privacy Commissioner.
Holdfully operates in the United States, Canada, Australia, and New Zealand. Your information may be stored and processed on servers operated by our providers (including Google Firebase) in other countries. We rely on appropriate safeguards for any cross-border transfer.
We may update this policy from time to time. Material changes will be reflected by the "Effective date" above, and we will provide additional notice where required by law.
Questions or privacy requests: support@holdfully.app.