Privacy Policy - Shotsy Android

Shotsy Android is provided by Shotsy Co. We are the data controller for the processing of your personal data via Shotsy.

1. Our business model: User privacy first

Shotsy’s business model is based entirely on premium subscriptions, meaning we generate revenue solely by providing value to our users. We do not sell personal or health data, and we do not run ads. Your data is only shared with trusted third-party service providers as outlined in this Privacy Policy, and solely for purposes such as account management, subscription processing, and app functionality. Our priority is to protect your privacy while delivering a secure and reliable service.

2. Shotsy Android user account

Using Shotsy on Android requires creating a user account through Google Sign-in, managed by Firebase Authentication. When you create an account, we collect and securely store your email address and other account information. Your consent is required to store and process this data in the United States. Without this consent, you will not be able to use Shotsy on Android.

3. Shotsy Android’s basic functionality

Using Shotsy Android to manage your health data requires your consent to process personal and health data under the following legal bases:

GDPR: Article 6 para. 1a) and Article 9 para. 2a).
LGPD: Articles 7 and 11 for consent and legitimate interests.

Withdrawal of this consent will prevent further use of Shotsy Android.

a) Running Shotsy Android

When using Shotsy Android, your device automatically transmits technical data, including date and time of access, operating system, device type, crash logs, and IP address. This data is processed as a technical requirement to provide the service.

b) Supporting your treatment

Shotsy Android allows you to document and manage your treatment, including:

Medication schedules.
Injection site history.
Well-being or side effects.
Measurements (e.g., weight).

4. Data storage and security

Where your data is stored

Data entered into Shotsy Android is securely stored in Firebase and accessible with your Google account credentials. Data is stored in the United States, and appropriate safeguards, such as Standard Contractual Clauses (SCCs), are implemented for international transfers, ensuring compliance with GDPR and LGPD.

Separation of data

Account information (e.g., email address) and health data are stored separately. Access to account information is restricted to a limited number of personnel trained in privacy best practices and is granted only for essential operational purposes.

Security measures

We implement robust security measures to protect your data, including:

Encryption of data in transit.
Role-based access controls for employees.
Regular audits and testing of our security protocols.

Data retention

We retain your data as long as your account is active or as required to comply with legal obligations. Upon account deletion, all associated data is permanently removed from our servers.

As a user in the EU or EEA, you have the following rights:

Access: Request a copy of the personal data we hold about you.
Rectification: Request corrections to inaccurate or incomplete data.
Erasure: Request deletion of your personal data (“right to be forgotten”).
Restriction: Restrict processing under certain circumstances.
Objection: Object to processing based on legitimate interests.
Portability: Request your data in a machine-readable format.
Complaint: File a complaint with your Data Protection Authority.

Rights of California residents (CCPA)

Under the CCPA, California residents have the right to:

Know what personal data is collected, used, and shared.
Access the categories and specific pieces of personal data collected.
Delete personal information.
Opt-out of the sale of personal data (we do not sell data).
Non-discrimination for exercising privacy rights.

You can exercise these rights via the app’s Settings screen.

Rights of Brazilian residents (LGPD)

Under LGPD, Brazilian users have the right to:

Confirm Processing: Verify if your data is being processed.
Access: Request access to your personal data.
Correct: Request updates or corrections to your data.
Delete: Request deletion of data processed with your consent.
Anonymize: Request anonymization or blocking of unnecessary data.
Portability: Request a transfer of your data to another provider.
Revoke Consent: Withdraw consent for processing.

6. Data portability and deletion

You can export your data and delete your account through the app’s Settings screen. Upon deletion, all associated data will be permanently removed.

We use trusted third-party services to maintain and improve Shotsy Android:

Firebase (Google): Authentication, data storage, and analytics services.
Crashlytics: Error reporting and debugging.
RevenueCat: Subscription management.

These third parties process data only as necessary and under strict confidentiality agreements. We do not sell or share data for advertising purposes.

8. International transfers

Data is stored and processed in the United States. We use Standard Contractual Clauses (SCCs) and other safeguards to ensure compliance with GDPR and LGPD for cross-border transfers.

9. Children’s data

Shotsy Android is not intended for users under the age of 13 (or under the minimum age in your jurisdiction). We do not knowingly collect data from children.

10. Data breach notification

We take proactive steps to protect your data and prevent breaches, including encryption, secure storage, regular audits, and strict access controls. Despite these measures, if a data breach affecting your personal or health data occurs, we will notify affected users and relevant authorities promptly, as required under GDPR, LGPD, and CCPA.

11. Contact information

For questions or to exercise your rights, contact us:
Email: android@shotsyapp.com

12. Amendments

We reserve the right to update this Privacy Policy. The latest version will always be available at shotsyapp.com.

This Privacy Policy was last changed on November 27, 2024.