This policy explains what personal data LaboMed Tracking (“the app”, “we”, “us”) processes, why, and what rights you have. It is written to meet the requirements of the EU General Data Protection Regulation (GDPR).
1. Who is responsible for your data
The data controller for the processing described here is:
[Your name or company]
[Street address]
[Postal code, City, Country]
Contact: [your-privacy-email]
2. Data we process
a) Data stored only on your device
You enter or import this information; it is saved in a local database on your phone or computer and is not sent to us except during the import step described in section 2(b):
| Category | Examples |
|---|---|
| Family member profiles | Name, date of birth or year of birth, sex, optional national ID number, medications, height, weight. |
| Lab reports | The imported PDF or photo, and the extracted biomarkers (name, value, unit, reference range, status). |
| Health context | AI-generated summaries, notes, life-event markers (e.g. a new medication or diet), and retest reminders. |
Some of this is health data and other sensitive data (a “special category” under GDPR Art. 9), including a national identity number where you choose to enter one. You decide what to store, and you can delete any of it at any time inside the app.
b) Data transmitted when you import a report
When — and only when — you import a lab report, the app sends the following to our processing service, which forwards it to our AI provider to read the report:
- The report file itself (the PDF or image).
- Context to improve accuracy: the person's age, sex, current medications, height and weight (whichever you have entered).
- The interface language, so the summary is generated in your language.
- A randomly generated device identifier and the app version, used to prevent abuse and apply usage limits.
The device identifier is created on your device and is not linked to your name, email or a user account. We do not ask you to sign in, and we do not use advertising or analytics trackers.
3. Why we process it, and our legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the core function you asked for: reading a report and returning structured results and a summary. | Performance of a service you request (Art. 6(1)(b)); for health data, your explicit consent given by importing the report (Art. 9(2)(a)). |
| Prevent abuse and apply fair-use limits (device identifier, app version). | Legitimate interests in keeping the service available and controlling costs (Art. 6(1)(f)). |
| Store your data on your device for your own record-keeping. | Processing carried out by you, locally; we do not access it. |
4. Who we share it with
We do not sell your data. To read your reports, the following processors act on our behalf:
- AI provider — Anthropic PBC, which operates the Claude AI model used to extract the results and write the summary. Review Anthropic's privacy terms at anthropic.com/legal/privacy.
- Hosting provider — [Hetzner Online GmbH, EU], which hosts the processing service that receives your upload and relays it to the AI provider.
Verify with each processor whether uploaded content is retained or used for model training, and reflect the answer here. Do not publish this policy until these statements match your processors' actual terms.
5. International transfers
Depending on the provider, your imported report may be processed on servers outside your country, including outside the European Economic Area. Where that happens, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.
6. How long we keep it
- On your device: your profiles, reports and history remain until you delete them in the app or uninstall the app. Uninstalling removes the local database.
- On our service / the AI provider: the imported file is processed to produce your result and is not intended to be retained beyond what is needed to complete the request. [Confirm exact retention period.]
7. Security
Your data on the device is protected by your device's own security, and the app can be locked with a PIN. You can also export a password-encrypted backup that only you can open.
8. Your rights
Under the GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. Because most data lives only on your device:
- You can view, edit and delete any profile, report or item directly in the app.
- You can erase everything by deleting it in the app or uninstalling.
- For data handled by our processing service, or to exercise any right, contact us at [your-privacy-email].
You also have the right to lodge a complaint with your local data protection authority.
9. Children
The app can store profiles for children as part of managing a family's health records, entered and controlled by a parent or guardian. The app is not directed to children as users and does not knowingly let children create their own records without a responsible adult.
10. Changes to this policy
We may update this policy as the app evolves. Material changes will be indicated by updating the “Last updated” date at the top of this page.
11. Contact
Questions about this policy or your data? Email [your-privacy-email].
Medical disclaimer: LaboMed Tracking is an informational tool for organizing and understanding lab results. It is not a medical device and does not provide diagnosis or treatment. Always consult a qualified healthcare professional about your results.