Back to redsgn.uk

App Privacy Policy

Effective: 15 July 2026 · Last updated: 15 July 2026 · Version 1.0

This policy explains how personal data is handled in [APP NAME] (the “App”), a mobile health application published by REDESIGN Sp. z o.o. It is written to satisfy the requirements of the Apple App Store Review Guidelines (§5.1) and Google Play (User Data & Health apps policies, Data safety), as well as the EU GDPR.

Note for reviewers & publishers: the data practices below must match the App’s actual behaviour and the store privacy declarations (Apple App Privacy labels / Google Play Data safety). Sections marked […] are configured per App.

1. Who is responsible for your data

The data controller for the App is REDESIGN Sp. z o.o., a company registered in Warsaw, Poland.

Where the App is operated on behalf of a healthcare organisation (for example a clinic or insurer), that organisation may be the controller and REDESIGN acts as its processor under a data processing agreement. In that case, the organisation’s own privacy notice governs, and this policy describes the technical data handling. The responsible party for [APP NAME] is: [CONTROLLER NAME / "REDESIGN Sp. z o.o."].

2. Data we collect

We collect only what the App needs for the purposes below. Categories map to the Apple “App Privacy” and Google Play “Data safety” disclosures. Remove any row the App does not use.

Category Examples Linked to you?
Account & contact Name, email, phone, login identifiers Yes
Health & fitness Data you enter or that the App reads with your permission from Apple Health / Health Connect (e.g. activity, heart rate, symptoms, medication, clinical measurements) Yes
User content Notes, messages, photos or documents you add Yes
Identifiers User ID, device ID (only as configured) Yes
Usage & diagnostics Crash logs, performance data, in-app events (for reliability) [Yes / No]
Technical App version, OS version, coarse region, IP (in logs) [Yes / No]

We do not collect data we have not disclosed here, and we do not sell your personal data.

3. How and why we use data (legal bases)

Purpose GDPR legal basis
Provide the App’s core features to you Performance of a contract (Art. 6(1)(b))
Process health data for the health purpose you request Your explicit consent (Art. 9(2)(a))
Keep the App secure, prevent abuse, fix crashes Legitimate interests / legal obligation (Art. 6(1)(f)/(c))
Respond to your support requests Legitimate interests (Art. 6(1)(f))
Optional analytics or communications Consent, which you can withdraw at any time (Art. 6(1)(a))

We do not use your data for automated decisions that produce legal or similarly significant effects without a lawful basis and appropriate safeguards.

4. Health & fitness data — special rules

Health data is sensitive (“special category”) data. We process it only with your explicit consent and only for the health purposes the App provides. In line with platform rules:

The App is [not a medical device / a medical device under MDR class __]. It [does / does not] replace professional medical advice. Configure this statement per App.

5. Sharing, service providers & SDKs

We share personal data only with the categories of recipients below, under contracts that require them to protect it to at least the same standard we apply (including, for EU data, GDPR-compliant processing terms). We require the same level of protection from any party that receives data through the App.

A current list of sub-processors for [APP NAME] is available on request from [email protected].

6. Tracking & advertising

The App [does not / does] display third-party advertising, and [does not / does] track you across apps and websites owned by other companies. If any tracking is used, on iOS we request permission through Apple’s App Tracking Transparency prompt first, and you can decline without losing core functionality.

7. How long we keep data

We keep personal data only as long as needed for the purposes above or as required by law. Typical periods:

8. Your rights

Under the GDPR (and comparable laws) you can:

To exercise any right, email [email protected]. We respond within the timeframe required by law (usually one month).

9. Deleting your account & data

You can request deletion of your account and associated personal data at any time — this satisfies Apple’s in-app account-deletion requirement and Google Play’s data-deletion requirement.

We delete or irreversibly anonymise your data within [e.g. 30–90 days], apart from records we are legally required to keep (for example limited billing records), which we isolate and delete when the retention period ends.

10. Children

The App is [not directed to children under 16 / intended for ages __ ]. We do not knowingly collect data from children below the applicable age of digital consent without verifiable parental consent. If you believe a child has provided data, contact [email protected] and we will delete it. The App complies with Apple’s Kids Category rules and Google Play’s Families policy where applicable.

11. International data transfers

Your data is primarily processed in the [EU/EEA]. If data is transferred outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, with additional measures where needed.

12. Security

We apply technical and organisational measures appropriate to the sensitivity of health data, including encryption in transit (TLS) and at rest, access controls and least-privilege, audit logging, and secure development practices. To report a security concern, see our security disclosure policy. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of a breach where the law requires.

13. Changes to this policy

We may update this policy as the App evolves or the law changes. We will revise the “last updated” date and, for material changes, provide notice in the App or by email. Continued use after an update means you accept the revised policy.

14. Contact

Questions or requests about privacy: [email protected]
REDESIGN Sp. z o.o., ul. Nowy Świat 33/13, 00-029 Warsaw, Poland.

See also our website privacy statement and terms.