App Privacy Policy
Effective: 15 July 2026 · Last updated: 15 July 2026 · Version 1.0
This policy explains how personal data is handled in [APP NAME] (the “App”), a mobile health application published by REDESIGN Sp. z o.o. It is written to satisfy the requirements of the Apple App Store Review Guidelines (§5.1) and Google Play (User Data & Health apps policies, Data safety), as well as the EU GDPR.
Note for reviewers & publishers: the data practices below must match the App’s actual behaviour and the store privacy declarations (Apple App Privacy labels / Google Play Data safety). Sections marked […] are configured per App.
1. Who is responsible for your data
The data controller for the App is REDESIGN Sp. z o.o., a company registered in Warsaw, Poland.
- Controller: REDESIGN Sp. z o.o.
- Registered office: ul. Nowy Świat 33/13, 00-029 Warsaw, Poland
- KRS: 0001087497 · NIP: 5252992417 · REGON: 527769280
- Registration court: District Court for the Capital City of Warsaw, Commercial Division of the National Court Register
- Privacy contact: admin@redsgn.uk
Where the App is operated on behalf of a healthcare organisation (for example a clinic or insurer), that organisation may be the controller and REDESIGN acts as its processor under a data processing agreement. In that case, the organisation’s own privacy notice governs, and this policy describes the technical data handling. The responsible party for [APP NAME] is: [CONTROLLER NAME / "REDESIGN Sp. z o.o."].
2. Data we collect
We collect only what the App needs for the purposes below. Categories map to the Apple “App Privacy” and Google Play “Data safety” disclosures. Remove any row the App does not use.
| Category | Examples | Linked to you? |
|---|---|---|
| Account & contact | Name, email, phone, login identifiers | Yes |
| Health & fitness | Data you enter or that the App reads with your permission from Apple Health / Health Connect (e.g. activity, heart rate, symptoms, medication, clinical measurements) | Yes |
| User content | Notes, messages, photos or documents you add | Yes |
| Identifiers | User ID, device ID (only as configured) | Yes |
| Usage & diagnostics | Crash logs, performance data, in-app events (for reliability) | [Yes / No] |
| Technical | App version, OS version, coarse region, IP (in logs) | [Yes / No] |
We do not collect data we have not disclosed here, and we do not sell your personal data.
3. How and why we use data (legal bases)
| Purpose | GDPR legal basis |
|---|---|
| Provide the App’s core features to you | Performance of a contract (Art. 6(1)(b)) |
| Process health data for the health purpose you request | Your explicit consent (Art. 9(2)(a)) |
| Keep the App secure, prevent abuse, fix crashes | Legitimate interests / legal obligation (Art. 6(1)(f)/(c)) |
| Respond to your support requests | Legitimate interests (Art. 6(1)(f)) |
| Optional analytics or communications | Consent, which you can withdraw at any time (Art. 6(1)(a)) |
We do not use your data for automated decisions that produce legal or similarly significant effects without a lawful basis and appropriate safeguards.
4. Health & fitness data — special rules
Health data is sensitive (“special category”) data. We process it only with your explicit consent and only for the health purposes the App provides. In line with platform rules:
- We never use health data (including data from Apple HealthKit or Android Health Connect) for advertising, marketing, or use-based data mining.
- We never sell health data or disclose it to third parties for advertising or data-mining purposes.
- Health data is shared only with parties and for the purposes you consent to — such as your clinician, your chosen care provider, or research you opt into — and only to deliver health services or as required by law.
- You control access. You can revoke the App’s permission to read or write Apple Health / Health Connect data at any time in your device settings, and you can disconnect linked wearables in the App.
The App is [not a medical device / a medical device under MDR class __]. It [does / does not] replace professional medical advice. Configure this statement per App.
5. Sharing, service providers & SDKs
We share personal data only with the categories of recipients below, under contracts that require them to protect it to at least the same standard we apply (including, for EU data, GDPR-compliant processing terms). We require the same level of protection from any party that receives data through the App.
- Cloud hosting & storage: [PROVIDER, e.g. AWS / GCP / Azure — region]
- Crash & performance monitoring: [PROVIDER, or “none”]
- Authentication / identity: [PROVIDER, or in-house]
- Push notifications: Apple Push Notification service / Firebase Cloud Messaging [if used]
- Healthcare integrations: HL7 FHIR endpoints, telehealth or payment providers you connect to [list per App]
- Legal / safety: authorities where required by law, or to protect the rights and safety of users.
A current list of sub-processors for [APP NAME] is available on request from admin@redsgn.uk.
6. Tracking & advertising
The App [does not / does] display third-party advertising, and [does not / does] track you across apps and websites owned by other companies. If any tracking is used, on iOS we request permission through Apple’s App Tracking Transparency prompt first, and you can decline without losing core functionality.
7. How long we keep data
We keep personal data only as long as needed for the purposes above or as required by law. Typical periods:
- Account & health data: while your account is active.
- After account deletion: erased or irreversibly anonymised within [e.g. 30–90 days], except data we must retain for legal, accounting or safety reasons.
- Backups: purged on our standard backup rotation.
- Crash/diagnostic logs: [e.g. up to 90 days].
8. Your rights
Under the GDPR (and comparable laws) you can:
- access a copy of your data and request a portable export;
- correct inaccurate data;
- delete your data (see section 9);
- restrict or object to certain processing;
- withdraw consent at any time, without affecting prior processing;
- lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).
To exercise any right, email admin@redsgn.uk. We respond within the timeframe required by law (usually one month).
9. Deleting your account & data
You can request deletion of your account and associated personal data at any time — this satisfies Apple’s in-app account-deletion requirement and Google Play’s data-deletion requirement.
- In the App: open [Settings → Account → Delete account]. This initiates deletion of your account and personal data.
- By web/email: send a request to admin@redsgn.uk with the subject “Data deletion request”. This page also serves as the public data-deletion resource that Google Play links to.
We delete or irreversibly anonymise your data within [e.g. 30–90 days], apart from records we are legally required to keep (for example limited billing records), which we isolate and delete when the retention period ends.
10. Children
The App is [not directed to children under 16 / intended for ages __ ]. We do not knowingly collect data from children below the applicable age of digital consent without verifiable parental consent. If you believe a child has provided data, contact admin@redsgn.uk and we will delete it. The App complies with Apple’s Kids Category rules and Google Play’s Families policy where applicable.
11. International data transfers
Your data is primarily processed in the [EU/EEA]. If data is transferred outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, with additional measures where needed.
12. Security
We apply technical and organisational measures appropriate to the sensitivity of health data, including encryption in transit (TLS) and at rest, access controls and least-privilege, audit logging, and secure development practices. To report a security concern, see our security disclosure policy. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of a breach where the law requires.
13. Changes to this policy
We may update this policy as the App evolves or the law changes. We will revise the “last updated” date and, for material changes, provide notice in the App or by email. Continued use after an update means you accept the revised policy.
14. Contact
Questions or requests about privacy:
admin@redsgn.uk
REDESIGN Sp. z o.o., ul. Nowy Świat 33/13, 00-029 Warsaw, Poland.
See also our website privacy statement and terms.