Privacy Policy for "RehaBuddy"

This privacy policy explains how the RehaBuddy mobile application ("App") and website process your data and protect your privacy. RehaBuddy is targeted at the European market and is fully GDPR compliant.

Core Principles & Local Data Storage

RehaBuddy was developed with privacy as a core principle. The app functions primarily offline and stores your personal data locally on your device. This includes:

• Exercise and progress data
• Personal notes and goal settings
• App usage settings and preferences

No registration or account creation is required, and your personal rehabilitation data never leaves your device unless you explicitly choose to share it.

App Data Collection & Processing

Crash Reporting (Sentry)

We use Sentry to detect and fix app crashes. This includes crash reports, device information, and randomly generated IDs. Data is stored on EU servers for 30-90 days. Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

Anonymous Usage Analytics (PostHog)

We use PostHog for anonymous analytics to improve app stability and functionality. No personal data is collected - no IP addresses, emails, or device IDs. Only a random, non-traceable UUID is used. All data stays on EU servers. This processing doesn't require consent as no personal data is involved. Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

Feedback & Feature Voting

When you submit feedback, we collect your message and optional contact details via Trello. Premium users can vote on features using anonymized IDs. Legal basis: Consent (feedback), contract performance (feature voting).

Website Data Collection

Our website uses Vercel Analytics for anonymous performance monitoring. This is cookie-free and fully anonymized. Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

Third-Party Services

We use these services:

• Sentry: Crash reporting (EU servers)
• PostHog: Anonymous analytics (EU servers only)
• Trello: Feedback management
• App Store/Google Play: App distribution and subscriptions

Subscriptions

Subscriptions are processed by Apple App Store or Google Play. We only receive confirmation of active subscriptions, never payment details.

Device Permissions

The app may request notifications (for reminders), camera/photos (for exercise images), and device information (for compatibility). All data stays local on your device.

Data Security

Your local data is encrypted on your device. All external communications use HTTPS encryption.

Your Rights (GDPR)

You have full control over your local data - uninstalling the app removes everything. For external data (crash reports, analytics), you can request access, correction, deletion, or restrict processing by contacting us. You can also contact your local data protection authority.

Data Control

You can deactivate analytics in app settings (though it's already anonymous). Notifications can be managed in app settings.

Data Retention

Local data: You have full control. Crash reports: 30-90 days. Analytics: Per PostHog policies, deletion available on request. Feedback: Until processed, then deletable on request.

Data Sharing

We never sell your data. Sharing only occurs with the services mentioned above, for legal obligations, or with your explicit consent.

Data Location

PostHog and Sentry operate exclusively on EU servers. For any other services with potential non-EU transfers, we ensure adequate protection through standard contractual clauses or adequacy decisions.

Policy Updates

We may update this policy. Significant changes will be communicated via in-app notification or email (if available).

Contact Information

For questions about this privacy policy or your privacy rights: