Document

Privacy Policy

This policy explains what information MediBoo processes and how it is used to support the service.

Last updated: 11.03.2026

MediBoo Privacy Policy

This Privacy Policy explains how the individual developer and operator of the MediBoo app (“MediBoo,” “we,” “us,” or “our”) collects, uses, stores, shares, and otherwise processes personal data in connection with the MediBoo mobile application and any related services, features, and functionality (collectively, the “App”).

Please read this Privacy Policy carefully before using the App.

1. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed in connection with access to and use of the App, including when you create an account, create or manage profiles, add records, use reminders, contact us, or otherwise interact with the App.

It does not apply to websites, platforms, app stores, payment providers, analytics providers, cloud infrastructure providers, or other third-party services that may be linked to, integrated with, or used within the App and that are governed by their own privacy policies and terms.

2. Important context about the App

MediBoo is an organizational, informational, educational, and supportive mobile application designed to help users maintain a family health journal and related records.

The App is not a healthcare provider, is not a medical device, and does not provide diagnosis, treatment, or medical advice. This Privacy Policy describes how personal data is processed in connection with the App, but does not change the nature of the App or create any medical relationship.

3. Categories of data we may process

Depending on how you use the App and on its actual configuration, we may process the following categories of personal data.

3.1 Data you provide directly

You may provide us or the App with:

  • account data, such as email address, sign-in identifiers, display name, authentication-related information, and account preferences;
  • profile data, such as profile names or labels, age or date-of-birth-related data, weight-related data, family relationship descriptions, and other profile information you choose to enter;
  • journal and record data, such as symptom entries, temperature measurements, medication history, dosage entries, treatment schedules, visit notes, questions for consultations, doctor or facility details, vaccination history, test results, calendar entries, and other notes you choose to enter;
  • attachments and uploaded content, such as photos, documents, images, or other files you choose to add or associate with entries;
  • communications, such as messages sent to us through support, contact forms, feedback forms, or email.

3.2 Health-related and other sensitive data entered by you

Because the App is designed to organize health-related records, you may choose to enter information relating to your health or another person’s health, including symptoms, medication information, visit notes, measurements, test results, vaccination history, and similar data.

Where such information constitutes special categories of personal data or sensitive data under applicable law, we process it only to the extent necessary to provide the App and related services, on the basis permitted by applicable law and, where required, on the basis of your explicit consent or another appropriate legal basis.

You decide what information to enter into the App. If you enter personal data relating to another person, you are responsible for ensuring that you are authorized to do so or otherwise have an appropriate legal basis under applicable law.

3.3 Technical and device data

When you use the App, we may automatically collect certain technical information, such as:

  • device type, device identifiers, operating system, app version, language settings, time zone, and approximate region derived from technical signals;
  • App configuration and settings;
  • log information, timestamps, feature usage events, and information about interactions with the App;
  • network and diagnostic information reasonably necessary for operation, security, debugging, and improvement of the App.

3.4 Analytics, diagnostics, and crash data

If enabled in the App, we may process analytics, performance, diagnostics, and crash-related data to understand how the App is used, measure engagement, detect problems, improve stability, and develop new features.

This data may include technical identifiers, usage event data, crash reports, performance metrics, and similar telemetry.

3.5 Subscription and purchase data

If the App offers paid plans, subscriptions, or in-app purchases, we may process subscription-related information such as plan type, subscription status, renewal status, transaction identifiers, country or storefront, and limited billing metadata made available to us by the relevant platform or payment provider.

We generally do not receive your full payment card details where purchases are processed through app stores or third-party payment providers.

3.6 Data from third parties

We may receive limited data from third parties where necessary to operate the App, such as from:

  • authentication providers, if you sign in through a third-party method;
  • app stores or payment platforms, in connection with subscription status or purchase confirmation;
  • infrastructure, analytics, storage, notification, or support providers acting on our behalf.

4. How we use personal data

We may use personal data for the following purposes:

  • to provide, operate, maintain, develop, and improve the App;
  • to create and manage user accounts, profiles, and core App functionality;
  • to store and display records, attachments, schedules, and reminders;
  • to enable synchronization, backup, restore, or cross-device access, if those features are offered;
  • to send service-related messages, technical notices, security alerts, and support communications;
  • to respond to inquiries, feedback, support requests, and legal requests;
  • to personalize the App experience and remember preferences;
  • to analyze usage, monitor performance, troubleshoot errors, and improve the App;
  • to protect the App, users, and our business against fraud, misuse, abuse, unauthorized access, and security incidents;
  • to comply with legal obligations, enforce our policies, and establish, exercise, or defend legal claims.

5. Legal bases for processing

Where GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases, as applicable:

  • Performance of a contract – where processing is necessary to provide the App and requested features to you.
  • Legitimate interests – where processing is reasonably necessary for security, diagnostics, service improvement, fraud prevention, internal administration, support, or protection of our rights and business, provided that such interests are not overridden by your rights and interests.
  • Consent – where consent is required, including where applicable for certain sensitive data processing, optional analytics, certain notifications, or features that require your permission.
  • Compliance with legal obligations – where processing is necessary to comply with applicable laws, regulations, court orders, or lawful requests.
  • Legal claims – where processing is necessary to establish, exercise, or defend legal claims.

Where we process health-related or other sensitive personal data under laws that require an additional condition, we rely on the condition applicable to the specific processing activity, such as explicit consent or another lawful basis, where required and appropriate.

6. Sharing of data

We do not sell personal data for monetary consideration. We may share personal data only in the following circumstances:

6.1 Service providers and processors

We may share data with service providers acting on our behalf, such as providers of:

  • cloud hosting and infrastructure;
  • authentication and identity management;
  • databases, file storage, and backups;
  • analytics, diagnostics, and crash reporting;
  • notifications and communications;
  • customer support, contact forms, or support operations;
  • subscription infrastructure and purchase verification.

These parties may process personal data only to the extent necessary to provide services to us and subject to appropriate contractual and legal safeguards.

6.2 Legal and safety disclosures

We may disclose personal data where reasonably necessary to:

  • comply with applicable law, regulation, court order, legal process, or lawful requests from public authorities;
  • protect the rights, property, and safety of MediBoo, users, or others;
  • detect, investigate, and address fraud, abuse, security issues, or technical problems;
  • enforce our terms, policies, or legal rights.

6.3 At your direction or with your consent

We may share data where you expressly request it, use a sharing feature, connect the App to a third-party service, or otherwise consent to such sharing.

6.4 Business, project, or ownership transfer

If rights to the App, the App as a whole, or an organized part of the project are sold, transferred, licensed, contributed into a business, assigned to a successor, or otherwise involved in a restructuring, relevant data may be disclosed to the extent permitted by law and reasonably necessary to complete that transaction, subject to appropriate safeguards.

7. International data transfers

Personal data may be processed in countries other than the country in which you reside, including outside the European Economic Area, where this results from the use of infrastructure, vendors, or technical services used by the App.

Where required by applicable law, we use appropriate safeguards for international transfers, which may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms. citeturn637883search1turn637883search7

8. Data retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the App, maintain accounts, preserve backups where applicable, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests.

Retention periods may vary depending on the category of data, the features you use, applicable legal requirements, and operational needs. In general:

  • account and profile data are retained for as long as your account remains active and for a reasonable period thereafter;
  • journal entries, attachments, and health-related records are retained until deleted by you, until the associated account is deleted, or for such other period as necessary to provide the service;
  • technical logs, analytics, and diagnostics data may be retained for shorter rolling periods appropriate to operational and security needs;
  • billing and transaction-related records may be retained for the period required by tax, accounting, audit, anti-fraud, platform, or compliance obligations.

9. Data security

We implement reasonable technical, organizational, and administrative measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no method of transmission, storage, or electronic processing can be guaranteed to be completely secure. The security of your data also depends on how you use and protect your device, credentials, backups, and authentication methods.

You should use appropriate device-level security, keep your login credentials confidential, and take care when entering or storing personal data relating to yourself or others.

10. Children and family profiles

The App may be used by adults to create and manage records relating to children, dependants, family members, or other persons for whom they are authorized to maintain information.

The App is not directed to children as independent users where consent of a parent or guardian is required under applicable law. If you enter data relating to a child or another person, you are responsible for ensuring that you are authorized to do so and that your use of the App complies with applicable law.

11. Your privacy rights

Depending on your location and applicable law, you may have certain rights regarding your personal data, including the right to:

  • request access to personal data;
  • request rectification of inaccurate or incomplete data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a competent supervisory authority.

These rights are not absolute and may be subject to legal conditions, limitations, and verification requirements. Data subject rights are a core part of the EU privacy framework. citeturn637883search0turn637883search3turn637883search6

To exercise your rights, you may contact us using the details at the end of this Privacy Policy. We may need to verify your identity before completing your request.

If you are in Poland, the competent supervisory authority is generally the President of the Personal Data Protection Office (UODO). You may also have the right to complain to the supervisory authority in the country of your habitual residence, place of work, or place of the alleged infringement.

12. Third-party services

The App may use third-party infrastructure and software tools to provide certain features. Depending on the actual configuration of the App, these may include services relating to:

  • authentication and account management;
  • cloud database, file storage, and backups;
  • analytics, diagnostics, and crash reporting;
  • subscription management and purchase validation;
  • push notifications and communications;
  • contact forms and support operations.

A current list of key third-party services may be made available in the App, on the website, or upon request.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the App, our data practices, legal requirements, or operational needs.

For material changes, we may provide additional notice in the App, by email, or by another appropriate means where required by law or justified by the circumstances.

Your continued use of the App after the effective date of an updated Privacy Policy means acceptance of the updated version to the extent permitted by applicable law.

14. Controller and contact details

The controller of personal data processed in connection with the App is:

Paweł Kraszewski
Warsaw, Poland
Email: mediboo.apps@gmail.com
Privacy contact: mediboo.apps+privacy@gmail.com