Legal

Privacy Policy

Last updated: June 2026

1. Who we are

Mintlane is an independent mobile app studio based in Germany, operated by Stefan Hirche. We build focused mobile applications for Android and iOS. This privacy policy applies to the website at mintlane.io and all Mintlane mobile applications, including Medifix.

2. Our approach to data

Mintlane apps are designed to run standalone — without accounts, without servers, and without your data leaving your device unless you explicitly choose otherwise. This is a core architectural decision, not a policy afterthought.

We do not build user profiles. We do not sell data. We do not serve tracking-based advertising.

3. This website

The mintlane.io website collects no personal data. There are no analytics scripts, no tracking pixels, and no cookies beyond what is technically necessary to serve the page. The dark/light mode preference is stored locally in your browser only.

4. Medifix

Medifix stores all medication and intake data locally on your device using an AES-256 encrypted on-device database. By default, no medication data is transmitted to Mintlane or any third party — the only exception is the optional Caregiver-Sharing feature described in section 4.3 below, which you must explicitly set up.

4.1 Drug interaction lookups

When you search for a medication, Medifix may query the publicly operated FDA OpenData API (api.fda.gov) for drug interaction information. The query contains only the medication name — no personal information, no device identifiers, and no account data. The FDA API is operated by the US Food and Drug Administration and is subject to its own terms of service. You can disable interaction lookups at any time in Settings.

4.2 Crash reports (optional)

Medifix includes crash reporting powered by Google Firebase Crashlytics. This feature is off by default and is only enabled if you explicitly consent during onboarding or in Settings → Privacy → Crash reports.

When enabled, crash reports contain: a stack trace, the app version, the device manufacturer, the operating system version, and a random Crashlytics installation ID. They do not contain any medication names, intake times, or other health data.

Legal basis: Art. 6(1)(a) GDPR (consent). Data processor: Google LLC, USA (adequacy via EU Standard Contractual Clauses). You can withdraw consent at any time in Settings.

4.3 Caregiver-Sharing (optional)

Medifix offers an optional feature that lets you invite a family member or other caregiver to see a real-time summary of your medication status. This feature is off by default and only activates if you generate an invitation link and someone accepts it.

When in use, both the patient's and the caregiver's devices sign in anonymously to Firebase Authentication — this creates a random, device-bound identifier with no email address, password, or real-world identity attached. A snapshot of the medication status is encrypted on-device before being written to Firebase Realtime Database, purely to relay it between the two paired devices; the encryption key is generated locally and never leaves either device, so Mintlane and Google cannot read its contents. Access to that data is restricted to the two paired devices' anonymous identifiers. Push notifications (e.g. a missed-dose alert to the caregiver) are delivered via Firebase Cloud Messaging.

The invitation link does not require or collect the caregiver's email address or any contact information — pairing happens via a one-time link, not an account lookup. You can revoke a caregiver's access at any time in Settings, which immediately removes their access to your data.

Data processor: Google LLC, USA (adequacy via EU Standard Contractual Clauses).

4.4 In-app purchases

Medifix offers an optional Premium upgrade and an optional Caregiver-Sharing subscription. Purchases are processed entirely by Apple (App Store) or Google (Google Play). Mintlane receives only a confirmation of whether a valid purchase exists — no payment details, no card numbers, and no billing address are ever transmitted to Mintlane.

4.5 Device permissions

Medifix requests the following device permissions:

None of these permissions are used to collect or transmit personal data.

4.6 Your data — export and deletion

You can export all your Medifix data at any time in Settings → Privacy → Export data. The export is a local file — it is not sent to Mintlane.

You can permanently delete all Medifix data in Settings → Privacy → Delete all data. This action is irreversible and removes everything from your device immediately.

5. Contact data

If you email us at hello@mintlane.io, we will use your email address and message content solely to respond to your enquiry. We do not add you to any mailing list and we do not share your contact details with third parties.

6. Your rights (GDPR)

If you are located in the European Union, you have the following rights regarding any personal data we may hold:

To exercise any of these rights, contact us at privacy@mintlane.io. Given the minimal data we collect, most requests can be fulfilled within a few days.

7. Data retention

We retain email correspondence for up to 24 months for support continuity, after which it is deleted. Crashlytics data is retained by Google for 90 days. If you use Caregiver-Sharing, the encrypted status snapshot and the anonymous device identifiers described in section 4.3 are retained in Firebase only for as long as the caregiver connection stays active, and are deleted immediately when you revoke it. We hold no other personal data on our own servers.

8. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We do not send unsolicited emails to notify you of changes.

9. Contact

Questions about privacy? Write to us at privacy@mintlane.io. We read and respond to every message.