Privacy Policy
Last updated: May 2026
What we collect
TolRx stores only what you explicitly provide:
- Your email address (used to identify your account)
- Your password, stored as a one-way bcrypt hash - we never see the plain text
- The medications you add to your list, including any notes or nicknames
- Your trigger markings (confirmed, suspected, safe) and any notes attached to them
- The conditions you select (MCAS, EDS, POTS, Celiac)
- Your theme preference, stored only in your browser's localStorage
If you sign in with Google, we receive only your email address from Google. No other Google profile data is stored.
How we use your data
Your data is used solely to provide the TolRx service to you:
- To show you your medication list and trigger history
- To flag ingredients against your personal trigger list
- To check for FDA recalls on medications you have saved
- To send recall notification emails if you have an email address configured
We do not sell your data. We do not share it with third parties except where required by law or to deliver the service (e.g., the email provider used to send recall alerts).
Third-party services
Medication data is fetched from the FDA openFDA API and NIH DailyMed. These requests contain drug names or NDC codes only - no personal information is sent to these services. Google Sign-In is an optional authentication method governed by Google's own privacy policy.
Your rights
You can export, delete, or permanently remove your account at any time from your Profile page. Deleting your account removes all stored data immediately.
Contact
Questions about this policy? Contact us.