Privacy Policy for DataDoc

Effective date: October 5, 2025

This Privacy Policy explains how DataDoc (“we”, “us”, “our”) collects, uses, shares, and protects information when you use our mobile app, website, and related services (the “Services”). If you do not agree, please do not use the Services.

1) Who We Are & Contact

Data controller: DataDoc Ltd
Address: University House, Kirby Corner Road, Coventry, CV4 8UW, United Kingdom
Email: datadochealth@gmail.com

2) What We Collect

Depending on your settings and permissions:

• Account & contact data: email, name (for sign-in and support).
• Health & fitness data (sensitive): only after you grant permission via Health Connect (and/or Google Fit, if enabled). Depending on your choices, this may include steps, distance, floors, sleep (and stages), heart rate (resting/active), HRV, SpO₂, VO₂ max, blood pressure, blood glucose, temperature, respiratory rate, weight, height, body composition, exercise sessions, calories, speed/pace, power, hydration, and nutrition entries. You choose the categories and can revoke at any time.
• Installed apps information: the names and package identifiers of apps installed on your device. We collect this only after your consent to enable app usage insights and correct categorizationand to detect compatible health integrations and avoid duplicate data sources,when you tap “Connect Usage” or start a usage sync. We do not collect personal content from those apps.
• Digital behavior data (optional): device-usage/screen-time metrics if you enable that feature.
• Self-assessments: optional wellbeing questionnaires (e.g., PSS, WHOQOL, BSI) and other inputs you provide.
• Device & diagnostics: app version, device/OS info, and crash logs (e.g., Firebase Crashlytics), sometimes with a pseudonymous user ID for troubleshooting.
• Log & security data: IP address, timestamps, request identifiers to protect the Services.

3) How We Use Data

• Provide and operate the Services you request.
• Display and sync your health data and insights (if enabled by you).
• Improve performance, quality, and reliability of the Services.
• Communicate service updates and respond to support requests.
• Prevent abuse, secure our systems, and comply with law.
• Research: with your consent, we may use and share de-identified and/or aggregated health data and device-usage data for research and statistical purposes (see “Research Use & Sharing” below).

Health data, installed apps information, device-usage metrics, and any research use occur based on your consent. Operating the app (account, security, diagnostics) relies on contractual necessity and/or legitimate interests.

4) Legal Bases (UK/EU GDPR)

• Consent — Health Connect/Google Fit access; installed apps information; device-usage metrics; and any research use/sharing of de‑identified/aggregated data.
• Contract — to create your account and provide core features.
• Legitimate interests — security, fraud prevention, service improvement (balanced against your rights).
• Legal obligation — where processing is required by law.

5) Health Connect / Google Fit (Android)

• Access occurs only after your explicit permission and only for the data types you approve.
• You can revoke access in Android Settings → Health Connect → App permissions (and in Google Fit settings, if enabled) or in-app.
• We do not sell Health Connect or Google Fit data and do not use it for advertising or profiling.
• If you enable cloud sync, permitted data is transmitted over HTTPS and stored encrypted at rest.

6) Installed Apps Information

DataDoc collects the names and package identifiers of apps on your deviceonly after your explicit consent to:

• Provide app usage insights and correct categorization in your dashboard; and
• Detect compatible health integrations and avoid duplicate data sources.

Collection occurs when you tap “Connect Usage” or start a usage sync. We do not collect personal content from other apps. This information is not sold and is not used for advertising or profiling. You may decline and continue using other features; you may withdraw consent at any time via Android settings (Usage access) or by contacting us.

7) Sharing & Service Providers

We do not sell your personal information. We share data only with service providers acting on our instructions and under contract, such as:

• Cloud hosting and infrastructure.
• Databases and backups.
• Error reporting and diagnostics.
• Customer support tooling.

These providers are bound by confidentiality and data‑processing agreements. We may disclose information if required by law or to protect rights, safety, and security.

8) Research Use & Sharing (De‑identified / Aggregated)

When you create an account and grant app permissions (such as Health Connect, Device Usage), you also agree that we may use and share certain data for research and statistical purposes.

• Scope: We only use de‑identified and/or aggregated health data (from Health Connect/Google Fit, as permitted by you) and device‑usage data (if you enable that feature). We do not include your name, email, account identifiers, or any direct identifiers.
• Purpose: To support scientific research, product development, and population-level wellness insights.
• Recipients: Universities, research institutions, vetted research partners, and our internal research team.
• Safeguards: De‑identification techniques, minimum cohort sizes, secure storage, and strict contractual agreements prohibiting re‑identification or onward sharing.
• Publications: Results may be published or shared publicly in aggregate form only. No individual user is identified.
• No sale or advertising: Research data is not sold and is not used for targeted advertising or profiling.
• Withdraw anytime: You may opt out of future research use by contacting us. This does not affect any data already lawfully processed.

9) Data Retention

• Account & synced data: retained while your account is active. After account deletion, we delete or irreversibly de‑identify within 30 days unless legally required to retain longer.
• Crash logs/diagnostics: typically retained by our provider for about 90 days.
• Backups: removed on a rolling schedule.

10) Security

We use industry‑standard safeguards, including encryption in transit and at rest, access controls, and audits. No system is 100% secure; we continuously improve protections.

11) Your Rights & Choices

• Access, correction, deletion, restriction, and portability where applicable (UK/EU GDPR).
• Object to certain processing based on legitimate interests.
• Withdraw consent at any time (e.g., revoke Health Connect/Google Fit, installed apps, device‑usage).
• CCPA/CPRA (California): request access/deletion and opt out of “sale”/“sharing” (we do not sell personal information).

12) International Transfers

If data is processed outside your country, we use appropriate safeguards (e.g., standard contractual clauses) to ensure an adequate level of protection.

13) Children

The Services are not directed to children under 13. We do not knowingly collect personal data from children under this age. If you believe a child has provided data, contact us to delete it.

14) Your Privacy Controls

You may request to download your personal data or delete your account.

15) Changes to This Policy

We may update this policy. We will revise the “Effective date” above and, when appropriate, notify you in‑app or by email. Continued use of the Services after changes means you accept the updated policy.

16) Contact

Questions or requests: datadochealth@gmail.com