PillBox · Privacy policy
Your data never leaves your phone.
PillBox does not collect any data. Not your medication list, not your dose history, not analytics, not crash reports. Nothing. Everything the app knows lives on your phone and nowhere else. The rest of this page explains that in the detail the law asks for.
Effective 22 June 2026 · Last updated 3 July 2026
Who we are
PillBox is developed by Xander Janse van Rensburg (Logic Foundry), based in Australia. References to “we”, “us”, or “our” mean this developer.
What PillBox stores, on your device
All data is stored locally in the app’s private, iOS-encrypted storage on your iPhone. It is never transmitted to us or any third party. That data is:
- Medication information: names, forms, instructions, start and end dates, and the icon and colour you choose.
- Dose schedules: times and days, quantity and unit, strength, an optional label, and per-schedule reminder settings.
- Dose history: whether each dose was taken, skipped, or missed; when and how it was marked; optional notes; and an audit trail of any status changes.
- Profiles: the names, icons, and colours you create, and which profile is active.
- App settings: reminder timing, lock-screen detail preference, Live Activity settings, the dose forecast window, and Today-view colour choice.
- Medicine reference data (PBS): a bundled, read-only copy of the Australian PBS medicines schedule (public reference data; no personal information). Searches run entirely on-device. If you link a medication to a PBS listing, that listing’s details are stored with the medication, on your device only.
How we use it
PillBox uses your data only to operate the app on your device: scheduling notifications, displaying your schedule, tracking adherence, and driving the lock-screen Live Activity. We use no data for advertising, profiling, or analytics.
How it’s stored and protected
Your medication database lives in Apple’s SwiftData framework inside your iPhone’s private app sandbox: encrypted by iOS through your device passcode, isolated from other apps, and never sent anywhere. The app makes no network requests and has no server.
One small exception to full isolation: to power the home-screen widget and lock-screen countdown, PillBox writes a “next dose” snapshot (medication name, dose, time) to an App Group container shared only between PillBox and PillBox’s own widget extension. Never with any other app or third party, and with the same iOS encryption.
Notifications and your lock screen
When PillBox delivers a notification it may show on your lock screen. With “Show dose details on lock screen” on (the default), it includes the medication name, dose, strength, and time; with it off, it shows only a generic reminder, and the Taken/Skip actions still work. Live Activities show the medication name, dose, time, and whether it’s due or overdue, and can be turned off entirely. These are displayed by iOS on your own device and are not transmitted to us.
Exporting and importing
You can export all your data as a JSON file and import it on another device, entirely under your control. Export generates a file you share yourself via the iOS Share Sheet; import replaces current data after an explicit warning. No server is involved. We never receive an exported file; if you email or upload it, that’s subject to those services’ policies, not ours.
iCloud device backups
PillBox does not back up your data to iCloud directly. If you have iCloud Backup enabled, Apple’s backup may include PillBox’s local storage as part of your overall device backup, governed by Apple’s Privacy Policy, not ours.
What we do not collect
PillBox does not collect, access, or transmit: analytics or usage statistics; crash reports sent to a server; device identifiers, advertising IDs, or fingerprints; location; health or HealthKit data; or contacts, photos, camera, or calendar data.
The app contains no advertising libraries, analytics SDKs, or crash-reporting tools. The only third-party code is Apple’s open-source swift-markdown (and its swift-cmark dependency), used purely to render help articles offline; it does not access your data.
Permissions
| Permission | Why | Required? |
|---|---|---|
| Send notifications | To deliver medication reminders | Yes. The app can’t remind you without it |
| Background app refresh | To start Live Activities before a dose is due | No. Disabling it only affects Live Activities |
PillBox does not request contacts, location, camera, photos, health data, microphone, or calendar access.
Children’s privacy
PillBox is not directed at children under 13 and does not knowingly collect information from children. Because all data is entered by the user and stays on the device, the privacy posture is the same for all ages.
Your rights
Because all your data is stored only on your device, you control it directly: everything is visible in the app; you can delete individual records; uninstalling PillBox removes all app data permanently; and you can export a full JSON copy anytime. There’s no account to close and no server-side data to request deletion of, because we hold none.
Where the law applies
PillBox is developed in Australia and is subject to the Australian Privacy Act 1988 and the Australian Privacy Principles. Because it stores all data locally and transmits nothing, it does not transfer personal data across borders. In the EEA, the local-only architecture means no personal data is processed by us under the GDPR; in California, we do not sell, share, or disclose personal information under the CCPA. For a privacy concern under Australian law you can also contact the OAIC at oaic.gov.au or 1300 363 992.
Changes and contact
If we make material changes we’ll update the “Last updated” date, visible in the app’s in-app help after the corresponding update. For any privacy question, contact PillBox@LogicFoundry.com.au.
PillBox stores your medication data on your device. That’s it. We have nothing else.