This notice explains how DiaTrack processes personal data under Turkish KVKK and—where applicable for services offered to EU residents—GDPR. HIPAA does not apply unless we become a U.S. covered entity/business associate.
Appropriate technical and organizational measures including encryption in transit/at rest, access controls (MFA/role-based), monitoring and audits.
No selling of data. We share only with processors necessary to run the service (e.g., Google Firebase) under DPAs and our instructions. Cross‑border transfers may occur depending on region selection; we use Standard Contractual Clauses and, where relevant, valid adequacy/transfer mechanisms (e.g., EU‑US Data Privacy Framework) plus supplementary safeguards. EU users’ storage region is stated in-app.
The service is not offered to children under 13; such accounts are removed. For ages 13–18, parent/guardian consent is required.
Submit requests via diatrack@mevatech.dev or in-app: Settings → Privacy → Data Requests. Response within 30 days.
I confirm I have read the Privacy Notice and freely give my explicit consent to processing my special‑category data for diabetes management and related features (KVKK Art.6/2; GDPR Art.6(1)(a), 9(2)(a) where applicable).
Health (glucose, insulin, HbA1c, medication times, events), identity/contact, device/usage — used for reminders, analytics, charts/reports (PDF), backup/sync, anonymized statistics and product improvement.
Local encrypted storage on device; optional backup/sync via Firebase when logged in. Cross‑border transfers rely on SCCs and appropriate safeguards.
Appropriate encryption and access controls; data minimization; periodic security testing.
I can withdraw consent at any time via Settings → Privacy → Consent Management; withdrawal does not affect past lawful processing.