Privacy Policy

Last updated: 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

serbizAI serbizAI OÜ
Kesklinna linnaosa, Ahtri tn 12, 10151
TALLINN
ESTONIA
info@serbizai.com
+491627436574

2. Data Protection Officer

You can reach our Data Protection Officer at: datenschutz@healthtracker.de

3. Personal Data Collected

We process the following personal data:

  • Account data: email address, username, encrypted password hash (Argon2).
  • Profile data: date of birth and biological sex (stored encrypted with your personal key); optional contact details (name, phone, address, national ID — stored encrypted with a master key).
  • Health data: medical reports and uploaded documents (PDF/image files); extracted lab parameters, imaging and microbiology results; symptoms, medications, and medical appointments — all stored encrypted and classified as special category data under GDPR Art. 9.
  • Calendar integration credentials: where you connect Google Calendar or Microsoft Outlook, OAuth access tokens are stored encrypted per user and used solely to synchronise appointment data at your request.
  • AI-generated summaries: narrative summaries of your tracked data generated by AI (stored in plaintext on our servers as a cached display value; contains no raw identifying values but may describe health trends).
  • Billing data: payment transaction IDs (Stripe/PayPal), subscription status, credit balance, and generated invoices (stored encrypted). Full card details are never received or stored by us.
  • Feedback data: where you submit a post-appointment feedback form (sent by email link), satisfaction ratings and free-text comments are stored linked to your account. Doctor names are stored in anonymised (hashed) form only.
  • Usage data: IP address (server and Nginx access logs only — not stored in the database), timestamps of actions, processing stage of uploaded reports.

What is required vs. voluntary: Your email address and password are required to create and access an account. Date of birth and biological sex are required for correct reference range calibration of lab parameters. All health data (reports, symptoms, medications) is voluntary — you choose what to track.

4. Purpose and Legal Basis of Processing

Purpose Legal Basis
Account management & authentication GDPR Art. 6(1)(b) — contract performance
Storing and displaying health data GDPR Art. 6(1)(a) + Art. 9(2)(a) — explicit consent
Sending transactional emails (verification, reminders) GDPR Art. 6(1)(b) — contract performance
Platform security and fraud prevention GDPR Art. 6(1)(f) — legitimate interest
Processing payments and storing invoices GDPR Art. 6(1)(b) — contract performance; GDPR Art. 6(1)(c) — legal obligation (§ 147 AO)
Cloud AI extraction of anonymised health data GDPR Art. 6(1)(a) + Art. 9(2)(a) — explicit consent (opt-in only)

Automated processing note: We use AI systems to summarise your tracked health data. This does not constitute automated decision-making with legal or similarly significant effects within the meaning of GDPR Art. 22. No decisions are made solely on the basis of automated processing. AI outputs are informational summaries of data you have entered and do not replace human medical judgement.

5. Data Security

All health data is encrypted with a user-specific AES-256-GCM key derived from your password using PBKDF2 with 480,000 iterations. The plaintext password is never stored. Contact and billing fields are encrypted with a separate master key. Data is transmitted over TLS/HTTPS. We implement technical and organisational measures in accordance with GDPR Art. 32.

6. Data Retention

Your personal and health data is retained for as long as your account is active. Upon account deletion, all personal data is erased within 30 days, unless a legal retention obligation applies.

Billing and invoice data (payment transactions, invoices) is retained for 10 years after the relevant tax year, as required by § 147 AO (German Fiscal Code) and § 257 HGB, irrespective of account deletion.

Inactive, unsubscribed accounts with no uploaded data within the configured retention window are automatically anonymised and soft-deleted.

7. Third-Party Disclosure

We do not pass your personal data to third parties unless legally required or you have explicitly consented. We use the following service providers (data processors) under written Data Processing Agreements:

  • Stripe, Inc. (USA) — payment processing. Stripe processes billing and card data. We never receive or store full card numbers. Transfer basis: Standard Contractual Clauses + EU–US Data Privacy Framework. Stripe Privacy Policy
  • Neon, Inc. — PostgreSQL database hosting. All database data is stored in an EU data centre (AWS eu-central-1, Frankfurt). Transfer basis: Data Processing Agreement with EU Standard Contractual Clauses where applicable.
  • Hetzner Online GmbH (Germany) — server hosting (Hetzner Cloud). All server infrastructure is located in Germany/EU.
  • Google LLC / Alphabet (USA) — optional calendar integration (Google Calendar OAuth). Only activated when you connect your calendar. OAuth tokens are stored encrypted per user. Transfer basis: Google Cloud DPA with Standard Contractual Clauses.
  • Microsoft Corporation (USA) — optional calendar integration (Outlook/Office 365 OAuth). Only activated when you connect your calendar. Transfer basis: Microsoft Online Services DPA with Standard Contractual Clauses.

7b. International Data Transfers (Cloud AI — Opt-In Only)

When you explicitly enable cloud AI extraction, anonymised health data may be transferred to the following recipients located outside the European Economic Area (EEA):

  • Anthropic, PBC (USA) — AI-powered parameter extraction and health data summaries. Transfer basis: Standard Contractual Clauses (SCCs) pursuant to GDPR Art. 46(2)(c). Anthropic Privacy Policy
  • OpenAI, LLC (USA) — parameter extraction (fallback). Transfer basis: Standard Contractual Clauses. EU Data Processing Addendum available at openai.com.
  • Google LLC (USA) — parameter extraction via Gemini API (fallback). Transfer basis: Google Cloud Data Processing Addendum with Standard Contractual Clauses.
Anonymisation is performed locally before any transfer. However, anonymisation is best-effort and residual identifying data may remain. You can revoke this consent at any time in your profile settings — all future processing will then use local AI only.

If you have not opted in to cloud AI, all AI processing is performed on our EU servers using a local AI model — no data is transferred outside the EEA.

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Access — GDPR Art. 15: request a copy of all data we hold about you
  • Rectification — GDPR Art. 16: correct inaccurate data (via your profile)
  • Erasure ("right to be forgotten") — GDPR Art. 17: delete your account and all health data
  • Restriction of processing — GDPR Art. 18
  • Data portability — GDPR Art. 20: export all your data in a portable format (available in your account settings)
  • Objection — GDPR Art. 21: object to processing based on legitimate interest
  • Withdrawal of consent — GDPR Art. 7(3): withdraw AI sharing consent at any time in your profile — this does not affect prior lawful processing

To exercise your rights, please contact: datenschutz@healthtracker.de

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (GDPR Art. 77). You may do so with the supervisory authority of your EU member state of habitual residence, place of work, or the location of the alleged infringement.

The competent supervisory authority depends on the Bundesland where our company is registered. Please contact us at datenschutz@healthtracker.de to confirm which authority applies.