Legal

Privacy Policy

Last updated: May 2026

🔒 Summary: MediTrack uses an account system. Your data – including medications and intakes – is stored on Supabase servers so it's available across devices and we can provide support. We do not sell data or share it with third parties.

1. Responsible Party

Ioannis Antoniadis
Beethovenstraße 5
73732 Esslingen am Neckar
E-mail: datenschutz@getmeditrack.app

2. What data the app collects and why

MediTrack requires a user account. During registration and use, the following data is collected and stored on Supabase servers (see Section 5):

  • Email address – for identification and account recovery
  • Medications – name, active ingredient, brand, dosage, intake times, colour and shape of tablet
  • Intake log – when which medication was confirmed
  • Period data – cycle start/end, flow intensity, symptoms (if used)
  • Reminder settings – morning, noon and evening times
  • Device information – app version, platform, last use
  • Push token – for delivering reminders and notifications

Legal basis: Art. 6(1)(b) GDPR (contract performance) and for health data Art. 9(2)(a) GDPR (explicit consent through use of the app).

3. Who has access to your data

The operator (Ioannis Antoniadis) has access to stored data for support purposes. This access is used exclusively to:

  • diagnose and fix technical issues
  • identify outdated app versions and inform users
  • communicate important app notices

No commercial use, sharing with third parties or evaluation for advertising purposes takes place.

4. Website data (getmeditrack.app)

When visiting our website, technically necessary data is processed by the hosting provider:

  • IP address
  • Date and time of access
  • Accessed URL
  • Browser and operating system

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).

5. Processors and third-party services

Supabase Inc. (data storage and authentication)
Supabase is the database infrastructure provider on which user accounts and app data are stored. Data is stored in AWS (Amazon Web Services) data centres. A Data Processing Agreement (DPA) in accordance with GDPR is in place with Supabase.
Privacy policy: supabase.com/privacy

Google Firebase / FCM (push notifications)
Firebase Cloud Messaging by Google is used to deliver medication reminders. A device-specific push token is transmitted to Google.
Privacy policy: policies.google.com/privacy

Google Fonts (website)
This website loads fonts from Google Fonts. A connection to Google servers may be established.
Privacy policy: policies.google.com/privacy

Google Play Store
The app is downloaded via the Google Play Store. Google is responsible for data processing in the Play Store.

6. Contact form

If you contact us via the contact form or by email, the transmitted data (name, email, message) is stored for processing your request and deleted afterwards. No sharing with third parties.

Legal basis: Art. 6(1)(b) GDPR.

7. Data deletion

You can request the deletion of your account and all associated data at any time by email to datenschutz@getmeditrack.app. Deletion takes place within 30 days.

Logs and technical protocol data are automatically deleted after no more than 90 days.

8. Your rights (GDPR)

You have the right to:

  • Access your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Complaint to the competent supervisory authority (Art. 77 GDPR) – in Baden-Württemberg: LfDI Baden-Württemberg

To exercise your rights, contact: datenschutz@getmeditrack.app

9. Data security

Transmission between app and server is exclusively encrypted (TLS/HTTPS). Database access is secured by Row Level Security (RLS) – each user can only view their own data. Credentials are stored in hashed form.