Privacy Policy for "RehaBuddy"

This privacy policy explains how the RehaBuddy mobile application ("App") and website process your data and protect your privacy. RehaBuddy is targeted at the European market and is fully GDPR compliant.

Core Principles & Local Data Storage

RehaBuddy was developed with privacy as a core principle. The app functions primarily offline and stores your personal data locally on your device. This includes:

• Exercise and progress data
• Personal notes and goal settings
• App usage settings and preferences

No registration or account creation is required, and your personal rehabilitation data never leaves your device unless you explicitly choose to share it.

App Data Collection & Processing

Crash Reporting (Sentry)

To improve app stability, we use Sentry for crash reporting:

• Purpose: Detection and fixing of app crashes and technical errors
• Data collected: Crash reports, stack traces, device information (OS, app version), randomly generated user IDs
• Data storage: EU servers (Frankfurt), retention 30-90 days
• Legal basis: Legitimate interest to ensure app functionality
• Privacy: No cross-device tracking, no personal data required

Analytics (PostHog)

To improve user experience, we use PostHog for app analytics:

• Purpose: Understanding app usage for product improvement
• Data collected: App usage statistics, user interactions, device information, anonymized usage patterns
• Data storage: EU servers available
• Legal basis: Consent (can be withdrawn at any time)
• Opt-out: Complete deactivation possible in app settings

Advertising (Google AdMob)

In the free version of the app, advertisements are served via Google AdMob:

• Purpose: Financing the free app version
• Data collected: Advertising ID, device information, location data (if enabled), ad interactions
• Legal basis: Consent under GDPR
• Control: Personalized advertising can be disabled in device settings
• Premium version: Ad-free with subscription

Feedback System (Trello API)

When you send feedback through the app:

• Purpose: Collection and management of user feedback
• Data collected: Feedback text, optionally provided contact details
• Storage: Trello platform for internal processing
• Legal basis: Consent when sending feedback

Feature Voting

Premium users can vote on new features:

• Purpose: Product decisions based on user preferences
• Data collected: Voting preferences, anonymized user IDs
• Legal basis: Contractual basis as part of premium service

Website Data Collection

Website Analytics (Vercel Analytics)

Our website uses Vercel Analytics to analyze website usage:

• Purpose: Understanding website performance and usage
• Data collected: Anonymous page view counts, basic performance metrics, referrer information (anonymized)
• Privacy: Cookie-free, no personal data, fully anonymized
• Legal basis: Legitimate interest (no consent required due to full anonymization)

Third-Party Services

The app integrates the following third-party services:

• Sentry.io: Crash reporting (EU servers available)
• PostHog: Analytics (EU servers available)
• Google AdMob: Advertising (Google privacy policies apply)
• Trello: Feedback management
• App Store/Google Play: App distribution and subscription management

In-App Purchases & Subscriptions

Subscription transactions are handled entirely through Apple App Store or Google Play:

• Processing: Directly by Apple/Google according to their privacy policies
• Our role: We only receive confirmations of active subscriptions, no payment details
• Refunds: Through App Store/Google Play policies

Local Permissions

The app may request the following device permissions:

• Notifications: For reminders and progress updates (processed locally)
• Camera/Photo Library: For exercise images (only with explicit use, stored locally)
• Device Information: For compatibility and crash reports

Data Security

• Local data: Encrypted storage on your device
• Transmission: HTTPS encryption for all external communications
• Access: No unauthorized access to local rehabilitation data possible

Your Rights (GDPR)

You have the following rights regarding your data:

Complete control over local data

• Deletion: Uninstalling the app removes all local data
• Access: All your data is directly viewable in the app
• Portability: Export functions available in the app

Rights regarding external services

• Access: Information about processed data
• Rectification: Correction of incorrect data
• Erasure: Removal of your data from external systems
• Objection: Object to processing
• Restriction: Limit processing
• Withdrawal: Your consent is revocable at any time

Opt-out Options

• Analytics: Deactivation in app settings
• Advertising: Disable personalized advertising in device settings
• Notifications: Local notifications in app settings

Data Retention

• Local data: Unlimited, full user control
• Crash reports: 30-90 days (Sentry)
• Analytics data: According to PostHog policies, deletion on request
• Feedback: Until processed, then deletion on request

Data Sharing

We never sell or trade your personal information with third parties. Data sharing occurs only:

• With the above-mentioned third-party services for specific purposes
• For legal obligations
• With your explicit consent

International Data Transfers

Where possible, we use EU servers. For transfers outside the EU, we ensure adequate data protection through:

• EU Commission adequacy decisions
• Standard contractual clauses
• Certifications (e.g., Privacy Shield successors)

Changes to This Privacy Policy

We may update this privacy policy. For significant changes, we will notify you through:

• In-app notification
• Update of the "Last updated" date
• Optional email notification (if contact details are available)

Contact Information

For questions about this privacy policy or your privacy rights: