Download

Go Home

Privacy Policy – MeAgain

Privacy Policy – MeAgain

Last Updated: July 1, 2025



1. Introduction

At MeAgain (an app by Dots Future Technologies Inc.) we take your privacy seriously. This Privacy Policy outlines how we collect, use, and safeguard your personal and health-related information as you navigate your GLP-1 journey using our app. Unless directly requested by you (e.g., share with your provider), we never sell, rent, or share your identifiable personal or health data. 



2. What Information We Collect

Health & Wellness Data

• GLP‑1 medication intake (shot dates, medication type, dosage, NDC)
• Side‑effect logs & Patient‑Reported Outcomes (PROs)
• Weight, water, protein and fiber tracking
• Transformation images (before‑and‑after photos for the Journey Card feature; faces are blurred or cropped before any external use)
• Photos of meals (for nutrition analysis)
• Activity, sleep and movement tracking (if synced via Apple Health or other wearables)
• Pharmacy fill & refill confirmations (days‑supply, quantity dispensed)

User‑Provided Data

• Preferences and settings you select in the app
• Shot‑preparation checklist usage
• Electronic signatures on informed consent & e‑consent documents (21 CFR Part 11 compliant)
• Any manual data entries related to your progress

System‑Generated Metadata

• Audit logs (timestamps, hashed user IDs) necessary for compliance with HIPAA, ISO 27001, and state pharmacy‑board regulations



3. How We Collect Data

  1. Manual entry inside the app


  2. Photo uploads


  3. e‑Prescription & pharmacy integrations (with your explicit authorization)


  4. Third‑party integrations such as Apple Health (opt‑in)


  5. App interaction telemetry (preferences and checklist usage)


All collection points are encrypted in transit (TLS 1.2+) and logged in an immutable audit trail.



4. Why We Collect Data

We collect data to:
• Track and manage your GLP‑1 treatment effectively
• Offer reminders and support tools (e.g., shot‑prep checklists)
• Analyze trends to support your progress
• Improve app functionality and user experience
• Generate de‑identified, aggregated real‑world evidence (RWE) that may be licensed to third parties such as academia, payers, or life‑science companies for legitimate research, healthcare operations, or public‑health purposes



5. Data We Do Not Collect

MeAgain does not collect or store:
• Precise GPS location
• Contacts or phone‑usage data
• Government‑issued identification numbers
• Protected class characteristics not relevant to treatment (e.g., religion, political affiliation)



6. De‑Identification & Secondary Use

Before any dataset leaves our secure environment it undergoes HIPAA Safe‑Harbor de‑identification or an expert‑determination process. Direct identifiers are removed or tokenised; dates are generalised to the week; ZIP codes are truncated to the first three digits where required. De‑identified data is not considered Protected Health Information (PHI) under HIPAA. We reserve the right to license such de‑identified and aggregated insights for research, analytics and product development. Individuals cannot be re‑identified from this information.



7. Data Storage & Security Data Storage & Security

• Encryption in transit (TLS 1.2+) and at rest (AES‑256)
• ISO 27001‑certified infrastructure
• Annual HIPAA security‑risk assessments
• Immutable, time‑stamped audit logs
• Data residency in U.S.‑based SOC 2 Type II datacentres
• Regular penetration testing & third‑party code reviews
• Disaster Recovery: We maintain encrypted backups and test disaster‑recovery procedures at least annually.
• Breach Notification: If a breach of unsecured PHI occurs, we will notify affected users and the U.S. Department of Health & Human Services within 60 days, as required by HIPAA §§164.400‑414.

Retention: We store your identifiable data only while you maintain an account or as required by law. If you delete your account, all PHI is permanently destroyed within 30 days; de‑identified derivatives may be retained indefinitely. We keep these anonymised records solely to improve public‑health evidence and product safety; they can never be linked back to you, and you may opt out of such licensing at any time in your in‑app privacy settings.



8. Data Sharing

Identifiable Data

We do not sell or share your identifiable personal or health data with third parties except:

  1. With your explicit, granular consent (e.g., sharing a progress report with your clinician).


  2. As required by law or subpoena.


  3. With contracted subprocessors bound by HIPAA Business‑Associate Agreements (BAAs).


De‑Identified & Aggregated Data

We may license de‑identified, aggregated datasets to trusted research partners, payers, or life‑science companies under strict contractual terms that prohibit re‑identification.



9. User Rights & Choices

• Access, correct, or delete your data directly in‑app
• Data portability (machine‑readable export)
• Withdraw consent to any optional data feed at any time

We will fulfil verified requests within 30 days (45 days for California residents).
• Opt‑out of de‑identified data licensing via settings (will not affect your care)



10. Consent & Policy Updates

By signing the electronic informed‑consent form and using MeAgain, you agree to this Privacy Policy. We’ll notify you of significant changes via in‑app messaging and request renewed consent where legally required. Continued use after updates constitutes acceptance of revised terms.



11. Legal Compliance

• Not for users under 16.
• MeAgain provides informational support; it is not a substitute for medical advice.
• We comply with state pharmacy‑board rules (including CA & NY) for prescription‑data handling.



12. Contact

Questions? Email support@meagain.app.