Privacy Policy

1. Controller

The controller responsible for data processing within the meaning of the GDPR is the operator of the Z38.Health App.

Contact: E-Mail: support@z38.health

2. Data We Process

To provide you with the functions of the app, we process various categories of data. We limit this processing to what is necessary.

Identification and Contact Data: This may include, for example, your phone number or e-mail address required for registration and login.

Profile and Master Data: Information you provide in your profile (e.g., age, gender) to personalize the app experience.

Health and Well-being Data: Data you enter while using the app (e.g., responses to questionnaires, mood tracking, or other health-related inputs) to utilize the app's core features.

Usage Data: Technical information about how you interact with the app, used to troubleshoot errors and ensure stability.

3. Purposes and Legal Bases of Processing

We process your data for the following purposes:

Provision of App Functions: To enable you to use the app as intended (Legal basis: Art. 6(1)(b) GDPR – Performance of a contract).

Processing of Special Categories of Data (Health Data): To the extent that the app processes health data, this is done exclusively based on your explicit consent, which you granted upon registration or during use (Legal basis: Art. 9(2)(a) GDPR).

Improvement and Security: To ensure the security of the app and to optimize our service technically (Legal basis: Art. 6(1)(f) GDPR – Legitimate interests).

4. Data Sharing and Use of AI

We do not generally share your data with third parties, except with our technical service providers.

Technical Service Providers (Hosting/Database): We use providers to host the app, who process data primarily within the EU.

Use of AI Features (OpenAI): To provide you with chat features, we use the API provided by OpenAI (Ireland/USA).

When you use the chat features, your inputs (prompts) are sent to OpenAI.

OpenAI does not use your data to train its AI models.

Data is retained briefly (up to 30 days) for abuse detection and then deleted.

This processing is based on your explicit consent (Art. 9(2)(a) GDPR) and is safeguarded by Standard Contractual Clauses and the EU-US Data Privacy Framework.

5. Data Security

We implement appropriate technical and organizational security measures to protect your data against loss, misuse, or unauthorized access. Data transmission is encrypted.

6. Storage Duration

We store your personal data only as long as necessary for the provision of the app and associated services, or as required by statutory retention periods. If you delete your account, your personal data will be deleted or anonymized, provided there are no legal grounds preventing this.

7. Your Rights

Under applicable law, you have the following rights at any time:

• Right of access to your data stored by us (Art. 15 GDPR).
• Right to rectification of incorrect data (Art. 16 GDPR).
• Right to erasure ("Right to be forgotten") (Art. 17 GDPR).
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR).
• Right to withdraw consent: You can withdraw your consent to the processing of your health data at any time with effect for the future.

To exercise these rights, please contact us at the address provided above.

8. Right to Lodge a Complaint

If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority.