Privacy Policy

This is the privacy policy for LabelRx ("the app"), a drug-reference tool for licensed clinicians, published by the operator of bioturd.com.

Summary

LabelRx does not require an account, email address, or password. It does not ask you to enter any patient information, and no patient-identifiable data is transmitted from the app. It does not sell or share data with advertisers.

Important: no protected health information (PHI)

LabelRx is a reference tool. Nothing in the app requires or encourages the entry of patient names, medical record numbers, dates of birth, or any other protected health information. Calculators (e.g., CrCl, MME, BSA) accept clinical inputs such as serum creatinine, weight, age, and sex — these are entered directly by you and are not stored on our servers or transmitted to us. Calculator inputs remain in the app on your device only.

What we store

1. Anonymous device identifier

When you first open the app, a random UUID is generated on your device. This identifier is not linked to your name, phone number, email, or Apple ID. It exists so the app can persist your saved drugs, history, and preferences across launches without requiring an account.

2. Saved drugs, recently viewed, and bookmarks

The drugs you save or recently view are stored locally on your device (in AsyncStorage) and mirrored to our Supabase database, associated only with your anonymous device UUID. This is so your library persists across app updates and re-installs (when we can match the device).

3. Anonymous usage counts

We increment a daily view-count when you open a drug's detail page. These counts are aggregated across all users and power the "Trending" list. Your individual view history is not attached to your identity; only the aggregate count across all users is visible anywhere in the app.

4. Expo push token (optional)

If you opt in to label-change alerts or shortage alerts, Apple issues an anonymous push token that lets our server deliver notifications to your device via Apple's Push Notification service (APNs). We store this token associated with your device UUID. The token does not identify you.

5. Alert log

Each push we send to you is logged (event, timestamp, delivered/opened status) so the in-app notifications inbox can show your history. This log is scoped to your device UUID.

6. Alert preferences

The toggles you set on the Settings screen (for example, label-change notifications, shortage alerts, theme) are stored on our server keyed only to your device UUID.

7. No analytics, no ads

We do not use third-party analytics SDKs. We do not serve ads. We do not use cookies or tracking pixels. The iOS app does not access your contacts, photos, location, camera, microphone, health data, or any other OS-level data.

Third parties involved in delivering the service

• Supabase (database + serverless functions) — stores the drug catalogue, your anonymous device UUID, your saved drugs, and your alert preferences. Supabase privacy policy.
• Expo Push Service (push notifications) — forwards our push messages to APNs. Expo privacy.
• Apple Push Notification service (APNs) — delivers notifications to your device.
• GitHub Actions (data ingestion) — runs our data collection scripts on a schedule.

Public data sources we read from

The drug information in LabelRx is sourced from public U.S. government and NIH databases, including:

• DailyMed (NIH National Library of Medicine) — FDA-approved Structured Product Labeling (SPL) XML for every drug label, including indications, dosing, warnings, boxed warnings, contraindications, adverse reactions, interactions, and pregnancy/lactation sections.
• openFDA (FDA) — drug approvals, adverse event reports (FAERS), enforcement recalls, drug labels, and shortage listings.
• FDA Orange Book — approved drug products, patents, exclusivities, and therapeutic equivalence codes.
• ClinicalTrials.gov (NIH) — trial listings and status.
• RxNorm and RxNav (NIH) — drug identity normalization.
• CPIC (Clinical Pharmacogenetics Implementation Consortium) — public pharmacogenomics guidelines.
• ASHP and FDA drug shortage notices.

We do not share any user data with these sources; we only read their publicly available feeds, and the specific set of sources may evolve as we add or retire data pipelines.

Your controls

• Delete your data: uninstall the app. Your local saved/recent/history records are wiped with the app. Your anonymous device UUID row on our server becomes orphaned and is purged in regular cleanup.
• Revoke notifications: iOS Settings → Notifications → LabelRx. The push token becomes invalid immediately.
• Manual deletion request: email hello@bioturd.com and we will delete any server-side row associated with your device within 7 days.

Intended audience

LabelRx is intended for licensed healthcare professionals (pharmacists, physicians, nurses, residents, pharmacy and medical students). It is not intended for consumers seeking medication advice and is not a substitute for consultation with a qualified licensed professional. See our Terms of Service for the full clinical-use disclaimer.

Children's privacy

LabelRx is intended for licensed clinicians, typically 18+. We do not knowingly collect data from children under 13.

International users

Our servers (Supabase) are hosted in the United States. Drug information is U.S. FDA-labeled and U.S.-regulatory-centric. By using the app, you consent to the transfer and processing of the minimal data described above in the US. Transfers to the US rely on Standard Contractual Clauses executed between us and our processor (Supabase), as permitted under Chapter V of the EU General Data Protection Regulation (GDPR) and the equivalent UK regime. The app is not intended to reflect the regulatory status of drugs outside the United States.

European Economic Area, United Kingdom, and Swiss users

If you use LabelRx from the EEA, the UK, or Switzerland, the following applies in addition to everything above.

Data controller. MEAS Partners, LLC, 131 Continental Dr, Ste 305, Newark, DE 19713, USA. Contact: hello@bioturd.com. We have not appointed an EU or UK representative because the app does not require an account, does not collect contact information or clinical identifiers, does not target EU/UK residents specifically, and processes only a device-scoped anonymous UUID together with the saved-drug, push-token, and preference data strictly necessary to deliver the reference.

Legal basis for processing (GDPR Article 6). We rely on legitimate interests (Article 6(1)(f)) for storing your anonymous device UUID, saved drugs, recently viewed items, alert preferences, and the anonymous usage counts that power the Trending list — our interest is delivering a free, account-free clinical reference, and the processing is minimal, cannot identify you as a natural person, and does not override your fundamental rights. If you opt in to label-change or shortage alerts we additionally rely on your consent (Article 6(1)(a)) for push notifications, which you may withdraw at any time by revoking notifications in iOS Settings.

Your rights. Subject to the limits in the GDPR / UK GDPR, you have the right to request access to, rectification of, erasure of, restriction of processing of, or portability of the data we hold that is associated with your device UUID, and to object to processing based on legitimate interests. To exercise these rights, email hello@bioturd.com from any address and include the device UUID shown at the bottom of the app's Settings screen so we can locate your row. We respond within one month. You also have the right to lodge a complaint with your national supervisory authority (in the UK, the Information Commissioner's Office).

Automated decision-making. We do not make any decisions that produce legal or similarly significant effects on you using automated processing or profiling. Clinical calculators produce outputs from inputs you enter on-device; those inputs are not transmitted to us and the calculator output is not a clinical recommendation (see our Terms of Service).

Retention. Device-scoped rows (saved drugs, recently viewed, push token, alert preferences, alert log) are retained while your device remains active and are purged in regular cleanup once the push token becomes invalid or on explicit deletion request. Aggregate anonymous daily view-counts are retained indefinitely in non-identifying form.

Changes to this policy

If we change this policy in a material way, the updated policy will be posted at this URL and the "last updated" date below will change. Continued use of the app constitutes acceptance of the updated policy.

Last updated: April 23, 2026