Effective Date: April 2026 · Last Updated: 2026-04
Your privacy is of utmost importance to us. This Privacy Policy outlines how SJB Digital Ventures LLC, doing business as MS Buddy ("MS Buddy," "we," "us," or "our"), collects, uses, discloses, and safeguards your personal information. By using MS Buddy ("the App"), you agree to the collection and use of information in accordance with this policy and our Terms of Use.
Account Information: When you create an account, we collect your username and email address. If you create an account using your password, your password is securely hashed using industry-standard bcrypt and is never stored in plain text.
Sign in with Google: You may choose to create an account or sign in using Sign in with Google. If you do, we receive from Google only a stable user identifier, your email address, and your name. We do not receive your contacts, photos, calendar, or any other Google account data.
Sign in with Apple: You may choose to create an account or sign in using Sign in with Apple. If you do, we receive from Apple a stable user identifier and, when Apple provides it, your email address and name. If you choose Apple's Hide My Email feature, we may receive and store Apple's private relay email address instead of your personal email address.
User-Entered Data: We collect health-related information that you choose to provide, including symptoms, triggers, activities, journal entries, sleep entries, stress entries, meal and hydration entries, weather notes, bladder and bowel entries, weight, mobility and walking entries (such as ratings, fall events, and balance notes), energy-budget entries (such as energy levels and activity cost ratings), and optional profile details such as age, sex, year of diagnosis, type of MS, current medications, and other health information. If you use the Reminders feature, you may also provide doctor names, appointment locations, MRI and lab work dates, medication reminders, and questions for your doctor. Reminder data is stored solely to power your reminders and is never shared with third parties.
Sensitive Health Data Consent: By entering health-related information into the App, you provide explicit consent for us to process this sensitive data for the purpose of delivering the App's wellness tracking features. You may withdraw this consent at any time by deleting your data or your account.
Certain features of the App use artificial intelligence (AI) provided by third-party services (such as OpenAI) to generate summaries of research articles, to synthesize narrative descriptions of MS care facilities and providers from publicly available sources, and to score facility patient-experience dimensions. When processing this content, we send article or public web text to the AI service; no personal user data is included in these requests. AI-generated summaries, narratives, and scores are stored and displayed within the App. They have not been reviewed by medical professionals and are provided for informational purposes only.
Usage Information: We collect information about how you use the App, including page views, feature usage, device type, operating system, user agent, timestamps, and recent activity. For logged-in users, internal logs may be associated with your user ID so we can provide support, diagnose issues, improve the App, and protect account security.
Approximate Location: We may collect your IP address and use it to determine a general geographic area for usage analytics, troubleshooting, and security. This is not precise location data and is not shared with third parties.
Local Storage: When accessed via a web browser, we use local storage (similar to cookies) to maintain your login session and retain user preferences. We do not use third-party tracking cookies.
Database: We use MongoDB Atlas for data storage. All data is encrypted in transit using TLS and at rest using AES-256 encryption. MongoDB Atlas maintains SOC 2 Type II and ISO 27001 certifications.
AI Processing: We use OpenAI to process public content (research article text, public facility and provider information). No personal user data is sent to OpenAI.
Imagery: We use Unsplash to source stock imagery for facility and content pages. No user data is transmitted to Unsplash.
Email Delivery: We use email delivery infrastructure to send account messages, password reset emails, doctor reports, doctor question lists, data export files, feedback notifications, and related service communications. These emails may include the content you choose to send or export.
Fitbit: If you choose to connect Fitbit, Fitbit processes your authentication request and provides the data you authorize in accordance with Fitbit's own terms and privacy policy. MS Buddy uses Fitbit data only to provide wearable sync, charts, insights, and related wellness tracking features.
We may disclose your information when required to do so by law or in response to valid legal process (such as a court order, subpoena, or government request). We will notify you of such requests when legally permitted to do so.
We do not sell, trade, or rent your personal information to third parties. We do not share your data with advertisers, data brokers, or any third parties for marketing purposes.
We employ industry-standard security measures to protect your personal and health data:
While we implement strong security measures, no online service can guarantee absolute protection. We encourage users to use strong, unique passwords.
MS Buddy supports Face ID and Touch ID for secure login. Biometric data is processed entirely within your device's secure enclave. MS Buddy does not store or access your biometric information.
In the event of a data breach affecting your personal information, we will:
We retain your personal data for as long as your account is active or as needed to provide you with the App's services:
MS Buddy may request access to your HealthKit data, Fitbit account data, and local notifications. You have full control over these permissions and can modify them at any time via your device settings, the App, or your Fitbit account settings.
Editing and Deletion: You can view, edit, or delete your personal and health data within the App.
Account Deletion: You may delete your account at any time from your Profile page within the App. This will permanently remove your personal information and anonymize your health data so it can no longer be linked to you. Limited operational, security, support, and audit logs may be retained as described in Section 5. For a complete deletion of all data including anonymized records, contact us at support@mymsbuddy.com before deleting your account.
Data Export: Before deleting your account, you can request or export your data from your Profile page. Exports may be delivered by email as JSON files containing your symptoms, triggers, health data, wearable data, reminders, and other records.
You have the right to:
We commit to the following:
MS Buddy provides customizable local notifications for reminders about appointments, MRI and lab work, or other health-related activities. These notifications are processed locally on your device.
You can manage notification preferences within the App or through your device's notification settings.
Internal Analytics: We collect usage data (such as page views, feature usage, device information, timestamps, and approximate location derived from IP address) through our internal logging system to improve App functionality, troubleshoot issues, measure engagement, and protect account security.
Data Exclusion: We do not include the contents of your symptom entries, journal entries, reminders, or wearable measurements in analytics events. We do not use third-party analytics services that receive your data.
MS Buddy may contain links to external websites such as mymsbuddy.com. We are not responsible for the privacy practices of external websites. We encourage you to review their privacy policies.
The App utilizes third-party plugins for features such as secure data storage, biometric login, and local notifications. These plugins handle data in accordance with their own privacy policies and are used strictly within their intended functionalities.
Sign in with Google: If you sign in with Google, Google processes your authentication request in accordance with Google's Privacy Policy. We only receive the minimal information described in Section 1.
Sign in with Apple: If you sign in with Apple, Apple processes your authentication request in accordance with Apple's Privacy Policy. We only receive the information described in Section 1.
Fitbit: If you connect Fitbit, Fitbit processes your authorization and account connection in accordance with Fitbit's policies. You can review Fitbit's privacy policy at fitbit.com/global/us/legal/privacy-policy.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Categories of Data Collected: Identifiers (username, email); health information (symptoms, triggers, medications, dosages, doctor information, diagnosis details, sleep entries, stress entries, meal and hydration entries, weather notes, bladder and bowel entries, weight, mobility and walking entries, energy-budget entries, journal entries, reminders (including MRI and lab dates), HealthKit data, Fitbit data, and other health details you provide or authorize); internet/electronic activity (page views, feature usage, device information, user agent, timestamps, and approximate location derived from IP address); and connected account information for services you choose to link.
To exercise these rights, contact us at support@mymsbuddy.com. We will respond to verifiable consumer requests within 45 days where required by the CCPA/CPRA, and within 30 days for all other requests.
Certain states have enacted laws providing additional protections for consumer health data. If you reside in such a state, the following applies:
Washington (My Health My Data Act):
Other states: Several states including Nevada, Colorado, Connecticut, and Virginia have enacted privacy laws granting consumer rights similar to those described in Section 11 above. If you reside in one of these states and wish to exercise your rights, contact us at support@mymsbuddy.com.
MS Buddy is operated from the United States and is primarily intended for users in the United States. Your information is transferred to and maintained on servers located in the United States, where data protection laws may differ from those in your jurisdiction.
International Users: If you are located in the European Union, European Economic Area, United Kingdom, or another jurisdiction outside the United States with cross-border data transfer requirements (such as Japan, Singapore, South Korea, or Australia), please be aware that by using the App, your data will be transferred to the United States. Where required, we rely on consent, contractual necessity, adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms for cross-border data transfers. If you do not consent to this transfer, please do not use the App.
By using MS Buddy, you acknowledge and consent to the transfer, processing, and storage of your information in the United States.
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no industry standard for how to respond to DNT signals, we do not currently respond to them. However, we do not engage in cross-site tracking of our users.
You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at support@mymsbuddy.com. We will respond to verifiable consumer requests within 45 days where required by the CCPA/CPRA, and within 30 days for all other requests.
Communications: You may opt out of receiving promotional communications by following the unsubscribe instructions provided in emails.
Data Collection: You can limit data collection by adjusting App permissions in your device settings.
For any questions or concerns regarding this Privacy Policy, please contact us:
Email: support@mymsbuddy.com
We comply with all applicable federal and state data protection and privacy laws. Users have the right to lodge a complaint with a data protection authority, state attorney general, or other regulatory body if they believe their rights have been violated.
We may update this Privacy Policy from time to time. Any significant changes will be communicated via in-app notifications or email at least 30 days before they take effect. Your continued use of MS Buddy after the effective date indicates your acceptance of the updated policy.
Thank you for choosing MS Buddy to assist you in your wellness journey. We are committed to protecting your privacy and providing a secure, user-friendly experience.