Privacy Policy

Last updated: December 2024

Introduction

Kontexa Ltd ("we", "us", or "our") is committed to protecting your privacy and the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

We process health data as a data processor on behalf of healthcare providers. Your therapist or healthcare provider is the data controller for the information shared through our platform.

Information We Collect

We collect the following categories of information:

Health Data

With your explicit consent, we collect health metrics from Apple HealthKit including steps, sleep duration, heart rate, heart rate variability, and active calories.

Location Data

With your permission, we collect significant location changes to understand activity patterns. We do not track precise GPS locations.

Self-Reported Data

Information you provide through mood check-ins, craving assessments, and PHQ-9 questionnaires.

Account Information

Your name, email address, and authentication credentials required to create and maintain your account.

Device Information

Device type, operating system version, and app version for technical support and compatibility.

How We Use Your Information

We use your information to:

  • Provide and personalize the Kontexa service
  • Generate insights and patterns from your health data
  • Share relevant information with your approved healthcare providers
  • Improve our services and develop new features
  • Send important notifications about your account or service changes
  • Ensure the security and integrity of our platform
  • Comply with legal obligations

We never use your data for advertising or sell it to third parties.

Data Sharing

Healthcare Providers

We share your health data and insights with therapists and healthcare providers you explicitly authorize through the app.

Service Providers

We use trusted third-party services (cloud hosting, analytics) that process data on our behalf under strict data processing agreements.

Legal Requirements

We may disclose data when required by law or to protect the rights, safety, or property of Kontexa, our users, or others.

We never sell your personal data to third parties.

Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Secure authentication with AWS Cognito
  • Regular security audits and penetration testing
  • Access controls and audit logging
  • EU-based data centers (Frankfurt) for GDPR compliance

While we implement robust security measures, no system is completely secure. We continuously work to improve our security practices.

Data Retention

We retain your data for as long as your account is active or as needed to provide our services.

Upon account deletion:

  • Personal data is deleted within 30 days
  • Backup systems are purged within 90 days
  • Anonymized analytics data may be retained for service improvement

Healthcare-related records may be retained longer as required by applicable medical record retention laws.

Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@kontexa.eu

Children's Privacy

Kontexa is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

International Data Transfers

Your data is stored on servers located in the European Union (Frankfurt, Germany). We do not transfer your personal data outside the EU/EEA.

If transfers become necessary in the future, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes through the app or via email. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

For questions about this Privacy Policy or our data practices:

Email: privacy@kontexa.eu

Kontexa Ltd, Olivia Business Centre 1, Gdańsk, Poland

Data Protection Officer: dpo@kontexa.eu