Privacy Policy - App

This privacy policy is a non-binding translation of the German version.

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are using our app and thank you for your trust. Below, we inform you about how your personal data is handled when using our app. Personal data is any data that can be used to personally identify you.

1.2 The controller responsible for data processing in this app within the meaning of the General Data Protection Regulation (GDPR) is Sascha Albrecht, NIGHTFROST Software, Marienburger Str. 41, 38642 Goslar, Germany, Phone: +4953217469115, Email: kontakt@symptolog.de.

2) Data Processing in the App

2.1 The app processes personal data primarily exclusively locally on the user’s device. Data is only transmitted to us or third parties if the user actively performs certain functions (e.g. sharing data, cloud backups, retrieving weather information).

2.2 The app uses an SSL/TLS encrypted connection whenever data is transmitted over the internet (e.g. when creating a share link or during cloud backups).

3) App Permissions

3.1 Network access (INTERNET, ACCESS_NETWORK_STATE)
Required for retrieving weather data via our website, sharing data, and cloud backups. No automatic background data transmission takes place.

3.2 Location data (GPS or manual location)
If the user consents to location access, the app uses the current GPS location or a manually entered postal code or fixed location to determine weather data.
When using the GPS function, the location is repeatedly determined as long as the weather function is actively used.
The location or postal code is transmitted exclusively to our own website in order to retrieve or calculate weather data.
No data is passed on to third parties.
Location data is not stored permanently; no tracking, background location tracking, or movement profiles are created.

3.3 Camera and microphone
These permissions are only used when the user actively uses corresponding functions (e.g. taking a photo). No background recordings take place.

3.4 Storage access
The app can create local backups, import/export files, and load media. This only occurs based on user action.

3.5 Notifications and alarms
These permissions are used to execute reminders or schedules within the app. No data is used for advertising or tracking purposes.

4) Processing of Health and Symptom Data

Health or symptom data entered by the user is stored exclusively locally on the device. No automatic transmission of this data takes place. We have no access to the locally stored data.

5) Sharing Function (Share Link)

The user can manually upload their data to our server in order to create an encrypted share link.
The transmitted data is stored in encrypted form and can only be accessed using an ID and password. Without this information, access is not possible.
We cannot view this data. The user decides whether and with whom the link is shared.

6) Backups

6.1 Local backup
Backups can be created locally on the device. These do not leave the device.

6.2 Cloud backup (e.g. Google Drive)
This is only performed if the user actively selects it. The data is transmitted in encrypted form. Google Ireland Limited is responsible for data processing within Google Drive.

7) Anonymous Usage Statistics

The app may store anonymous location information such as city or postal code (e.g. “Goslar”) for statistical purposes. No GPS coordinates, IP addresses, device identifiers, or other identifiable information are stored. No association with individuals takes place. This data is not personal data and does not fall under the GDPR.

8) No Analytics, Tracking, or Advertising Services

The app does not use tracking tools, analytics services, advertising services, telemetry, or background data transmission. No user profiles are created.

9) External Links and Payment Providers

The app may contain links to external providers (e.g. PayPal, Patreon, Ko-fi), for example for voluntary support of the project.
When clicking such links, a connection to the servers of the respective providers is established. In this process, personal data (e.g. IP address or device information) may be processed.
The privacy policies and terms of use of the respective providers apply exclusively to their data processing. We have no influence on the scope or purpose of such data processing.

10) Rights of the Data Subject

10.1 Users have the following rights:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to notification pursuant to Art. 19 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to withdraw consent pursuant to Art. 7(3) GDPR
• Right to lodge a complaint pursuant to Art. 77 GDPR

11) Storage and Deletion

All locally stored app data can be deleted by the user at any time. Uninstalling the app removes all local data.
Share links for data manually uploaded by users have a validity period defined by the user. After this period expires, the associated data is automatically deleted and can no longer be accessed. Early manual deletion by the user is neither required nor provided.
Location or postal code data is not stored permanently.

12) Security

All transmitted health data is encrypted. Access to shared data is not possible without an ID and password. No data is passed on to third parties.