CareTechr Healthcare Ltd (“CareTechr”, “we”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data when you use the CareTechr mobile application
and related services (“App”, “Services”).

1) Controller (who we are)

Controller: CareTechr Healthcare Ltd

Address: PORTUGAL, Rua Colegio Militar 12, 2780-239 Oeiras, Lisboa Portugal

Email (privacy): [email protected]

General contact: [email protected]

2) What data we collect

We may collect and process the following categories of data, depending on the features you use:

A. Account & Profile Data

• Name (optional, if you provide it)
• Email address
• Phone number (optional, if you provide it)
• Password (stored securely; we recommend using OTP/reset flows rather than sending passwords by email)

B. Health & measurement data (sensitive data)

When you connect supported health devices, the App can record measurements such as:

• SpO₂/PPG, heart rate, ECG traces/summaries, blood pressure, temperature, blood glucose, device battery status, and related timestamps (based on your device/app features).

C. Device & app technical data

• Device identifiers needed for app functionality (e.g., device model, OS version, app version)
• Bluetooth device identifiers (e.g., BLE device ID/MAC as provided by the OS) for connection and syncing
• Diagnostic logs in case of crashes/errors (if enabled)

D. Permissions data (Bluetooth & Location)

• Bluetooth is used only to discover/connect to and communicate with supported medical/health devices.
• Location permission (where required by Android for BLE scanning) is used only to enable BLE scanning/connection. We do not collect or store your precise location, and we do not send location data to our servers.

3) Why we use your data (purposes)

We process your data to:

• Create and manage your account and provide authentication
• Connect to devices and sync measurements
• Display charts/history and help you track trends over time
• Provide customer support and respond to your requests
• Improve app stability, performance, and security
• Comply with legal obligations where applicable

4) Legal Basis (GDPR)

Depending on context, processing is based on:

• Performance of a contract (providing the Services)
• Your consent (especially for health/sensitive data where applicable)
• Legitimate interests (security, fraud prevention, service improvement)
• Compliance with legal obligations

5) Sharing of data

We may share data only as necessary:

• With service providers (hosting, analytics/crash diagnostics, email delivery) under contractual confidentiality and security obligations
• With authorized employees/contractors who need access to support operations
• If required by law or to protect rights, safety, and security

We do not sell your personal data.

6) International transfers

If data is processed outside the EEA, we use appropriate safeguards (e.g., SCCs) as required by law.

7) Retention

We retain personal data only as long as needed for the purposes described above:

• While your account is active
• After account deletion, we delete or anonymize data unless legal obligations require retention for a longer period (e.g., compliance, dispute resolution)

8) Security

We use technical and organizational measures to protect data, including encryption in transit (HTTPS) and access controls. No system is 100% secure, but we work to reduce risks.

9) Your Rights

You may request access, correction, deletion, restriction, portability, or objection as applicable under GDPR.

You may also lodge a complaint with your local supervisory authority (e.g., CNPD in Portugal).

10) Children

The App is not intended for children under 18. If you believe a minor has provided data, contact us.

11) Changes

We may update this policy. If changes are material, we will notify you via the App or email.

12) Contact

Privacy: [email protected]

Support: [email protected]