# MyVaxCard Privacy Policy
**Last Updated:** January 2026
## Overview
MyVaxCard is designed with privacy as a core principle. Your health data never leaves your device. We do not collect, store, or transmit any personal information to external servers.
## Data We DO NOT Collect
- **No personal information transmitted** - Your data stays on your device
- **No analytics or usage tracking** - We don't monitor how you use the app
- **No advertising identifiers** - No ads, no tracking
- **No cloud storage** - Your records are never uploaded anywhere
- **No account required** - Completely anonymous usage
## Data Stored Locally on Your Device
MyVaxCard stores the following information **only on your device**:
- **Vaccination records** - Names, dates, lot numbers, providers
- **Card photos** - Images of your vaccination cards
- **Reminders** - Optional reminder schedules you create
- **App preferences** - Language selection and settings
### Encryption
All locally stored data is encrypted using industry-standard encryption:
- **Database encryption:** SQLCipher with AES-256-CBC and HMAC-SHA512
- **Key derivation:** PBKDF2 with 256,000 iterations
- **Key storage:** iOS Keychain / Android Keystore (hardware-backed when available)
- **Backup encryption:** AES-256-GCM with PBKDF2 (600,000 iterations)
## Network Activity
MyVaxCard operates primarily offline. The only network activity is:
- **Vaccine schedule reference data** - The app may optionally download updated vaccine schedule information from public health authorities. This download:
- Contains NO personal data
- Is used solely for informational reference
- Can be disabled in Settings
- Is anonymous (no user identification)
## Your Rights and Controls
You have full control over your data:
- **Export** - Create encrypted backups anytime via Settings
- **Delete** - Permanently delete all data from Settings
- **No account** - Nothing to cancel or close
- **Portability** - Backup files can be restored on any device
## Data Security
We implement multiple layers of security:
1. **Encryption at rest** - All data encrypted on device
2. **Secure key storage** - Keys stored in platform secure enclaves
3. **No transmission** - Data never sent to external servers
4. **Password-protected backups** - Export files require your password
## Children's Privacy
MyVaxCard does not knowingly collect information from children under 13. The app is designed for adults to manage their own or their family's vaccination records.
## Third-Party Services
MyVaxCard does not integrate with any third-party analytics, advertising, or data collection services.
## Changes to This Policy
We will notify users of any material changes to this privacy policy through app updates. The "Last Updated" date at the top of this policy indicates when it was last revised.
## Contact Us
If you have questions about this privacy policy or your data, please contact us at **info@hvitravnur.com**.
## Legal Basis (GDPR)
For users in the European Economic Area, our legal basis for processing is:
- **Legitimate interest** - Providing the core functionality of the app
- **Consent** - For optional features like reminders
Since all data remains on your device and is never transmitted to us, traditional data controller obligations under GDPR are minimized. You maintain full control of your data at all times.
---
*MyVaxCard - Your vaccinations, your device, your control.*