This Privacy Policy explains how we handle information when you use Exura - our mobile application. Exura helps you receive and view medical recommendations from your healthcare provider. We keep your privacy and data security as our top priority and collect only the information needed to provide you this service.
Data Portability and User Rights
You have two key rights regarding your data:
Access Your Data: You can request to see what information we have about you, including your active medical recommendations and basic device information. Delete Your Data: You can ask us to delete your data completely from our service.
To exercise any of these rights, email us at privacy@exura.app. You can also use the 'Delete Account' button located in the application.
You can request a copy of your data:
- Medical recommendations will be provided in PDF format
- Request will be processed within 15 days
- Data will be sent to your verified email address
- The export will include all active recommendations and their scheduled dates
We'll respond to your request within 15 days.
Information We Collect
We want to be clear about what information we collect and what we don't. When we say "collect", we mean data that is transmitted from your device and stored on our servers for longer than necessary to process your immediate request.
When you use Exura, we collect:
Medical recommendations shared by your healthcare provider, including preparation instructions and recovery plans. Each recommendation remains available for the specific period set by your healthcare provider, plus an additional 30 days. After this period, we remove this data from our systems.
Basic device information in the form of a unique device identifier. We use this solely to ensure you receive the correct recommendations and to authenticate your device. This identifier remains active until you delete your account.
Optional account information: If you choose to create an account using your email address, we store this separately from your medical recommendations. This allows you to access your recommendations from multiple devices. Creating an account does not link your data with any other applications or services.
Important: We do not:
- Collect your name, phone number, or any other personal contact information
- Use your data for analytics or tracking purposes
- Process your medical recommendations for any purpose other than displaying them to you
- Collect crash reports or diagnostic data
- Use your information for product improvement or marketing
App Tracking and Advertising
Exura does not track your activity across other companies' apps or websites. Specifically, we do not:
- Share your data with third parties for advertising purposes
- Use data to track you across apps and websites owned by other companies
- Link your data with third-party data for advertising or advertising measurement
- Share your information with data brokers
Device Permissions and App Functionality
Exura requires notification permissions to alert you when new medical recommendations are available or when action is needed regarding your treatment plan. You can manage notification permissions through your device settings at any time.
If you choose to deny notification permissions:
- You will still have full access to your medical recommendations within the app
- You will need to manually check the app for updates and new recommendations
- You may miss important timing for your treatment plan activities
You can update your notification preferences at any time through your device's settings menu.
Age Verification and Access
Exura displays medical recommendations that are issued by healthcare providers to their patients. Age verification is handled by healthcare providers as part of their medical practice:
- Only verified healthcare providers can issue treatment plans through our system
- Treatment plans can only be issued to patients who have been verified in person by the healthcare provider
- While individuals under 18 may install the application, they cannot receive treatment plans unless verified and approved by their healthcare provider
Data Security, Storage and Protection
We implement industry-standard security measures to protect your data:
- Data at rest is encrypted using Firebase's built-in encryption
- Access to the data is strictly controlled and limited to essential personnel
- We monitor our systems for potential security issues
- In the event of a data breach that affects your personal information, we will notify you within 72 hours via the contact information available
We store all data in secure Google Firebase data centers located in Warsaw, Poland (europe-central-2 region). Our data storage practices include:
- Strict separation between medical recommendations and authentication data
- Automatic deletion of recommendations after their designated period
- Complete data removal when you delete your account
- No backup retention after deletion
Privacy Labels and Data Usage
In accordance with Apple's privacy requirements, here is how we use the data we collect:
Data Linked to You:
- Device ID: Used only for app functionality (authenticating your device and delivering correct recommendations)
- Medical Recommendations: Used only for app functionality (displaying your treatment plans)
- Email Address (if provided): Used only for app functionality (optional account authentication)
Data Not Collected:
- Location information
- Usage data
- Diagnostic data
- Contact information
- Any other personal information
Third-Party Services
We use only essential third-party services:
Google Firebase:
- Firestore: Stores your medical recommendations
- Authentication: Handles account creation and login if you choose to use email
- Cloud Functions: Processes data delivery and account deletion requests
App Stores:
- Google Play Store and Apple App Store: Only for application distribution
These services can access only the minimum data required for their specific functions and cannot use your data for any other purposes.
International Data Transfers
We keep your data within the European Union. Your medical recommendations and related information are stored in Warsaw, Poland, and do not leave EU territory.
If you download our application from the App Store or Google Play Store, your interaction with these platforms is governed by their respective terms and privacy policies.
Regional Privacy Rights
Different privacy laws may give you additional rights depending on your location:
- EU residents have specific rights under GDPR, including those outlined in this policy
- California residents have additional rights under CCPA, including opting out of data sales (though we never sell your data)
- Other regions may provide similar protections
We honor these rights regardless of your location.
Application Updates and Data Handling
When we update Exura:
- Your privacy settings and preferences remain unchanged
- Your medical recommendations and account information stay secure and intact
- You may need to accept new permissions if we add features, but can always adjust them in settings
Changes to Privacy Policy
We may update this Privacy Policy. When we make significant changes, we will notify you through the Exura app and update the "Last Updated" date at the top of this policy.
By continuing to use Exura after changes to this policy, you accept the updated terms. If you disagree with any changes, you may delete your data and stop using the application.
User Control Over Data
You have complete control over your data through:
1. The 'Delete Account' button in the application, which immediately removes all your data
2. Automatic deletion of recommendations after their designated period
3. Email-based requests for data access
Using Exura requires storing your medical recommendations and a device identifier. If you don't wish to provide this information, you won't be able to use the service.
Data Controller Information
The data controller responsible for processing your information is:
Exura PSA
Registration Number: KRS 0001134792
NIP: 9462746537
REGON: 54000231100000
Registered Office:
Gospodarcza 26
20-213 Lublin, Poland
If you have questions about how we process your personal data, you can reach our data protection team at privacy@exura.app
Contact Information
For general inquiries about Exura and technical support: e-mail: support@exura.app
