Privacy Policy

1. Introduction

LucidRx (“we,” “our,” or “us”) is operated by W. Craig Washington, Jr., MD, PLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the LucidRx mobile application and website (collectively, the “Service”).

Please read this policy carefully. By using LucidRx, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide

• Email address and password (for account creation)
• Medications you save or track
• Symptom journal entries, including mood ratings, symptoms, and notes
• Side effect logs
• Medication reminder preferences

Information Collected Automatically

• Device type and operating system
• App usage data (pages visited, features used)
• IP address and approximate location (country/region)
• Crash reports and performance data

Payment Information

Premium subscription payments are processed by Stripe. We do not store your credit card number or payment details. Stripe's privacy policy governs their handling of payment data.

3. How We Use Your Information

• To provide and improve the LucidRx Service
• To personalize your experience (e.g., saved medications, reminders)
• To generate your Provider Summary Report for sharing with your care team
• To send medication reminders and app notifications (if enabled)
• To process subscription payments
• To respond to support requests
• To detect and prevent fraud or security incidents
• To comply with legal obligations

4. Health Information

LucidRx is a consumer wellness application and is not a covered entity under HIPAA. The health-related information you enter (symptoms, medications, side effects) is used solely to power features within the app. We do not sell, rent, or share your health data with third parties for marketing or advertising purposes.

We strongly encourage you to speak with your healthcare provider before making any changes to your medications or treatment plan. LucidRx is for informational purposes only and is not a substitute for professional medical advice, diagnosis, or treatment.

5. Data Sharing

We do not sell your personal information. We may share your data only in these circumstances:

• Service providers: Supabase (database hosting), Stripe (payments), Vercel (infrastructure). Each operates under their own privacy and security policies.
• Legal requirements: If required by law, court order, or governmental authority.
• Business transfers: In the event of a merger or acquisition, your data may transfer to the acquiring entity under this same policy.
• With your consent: For example, when you choose to share your Provider Summary Report with your doctor.

6. Data Security

We implement industry-standard technical safeguards to protect your data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Row-level security — each user can only access their own data
• Session timeouts after periods of inactivity
• Rate limiting on sensitive operations
• Audit logging for account-level actions

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@lucidrx.app.

7. Your Rights and Choices

• Access and export: You can export all your data from your Profile settings at any time.
• Deletion: You can delete your account and all associated data from your Profile settings. Deletion is permanent and irreversible.
• Notifications: You can disable medication reminders in your device settings or within the app.
• Correction: You can update your journal entries, medications, and profile information at any time within the app.

8. Children's Privacy

LucidRx is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or preventing fraud).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email to your registered address. Your continued use of LucidRx after changes take effect constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: