Dosera Privacy Notice

Effective: September 28, 2025 Last updated: September 28, 2025

1) Who we are

Dosera is a GLP-1 companion app operated by Virtual Traffic Lights. We help you track medication and wellness—without trading away your privacy. Questions? info@dosera.app

2) What this notice covers

• The information we handle
• How and why we use it
• Where it’s stored and who helps us run the service
• The choices and rights you have

For extra rules that apply to health information, see the Health Data Addendum at the end.

3) Our plain-English promises

• We don’t sell your data.
• We don’t use your health data for ads.
• We collect only what we need to run the app.
• You can export or delete your data.
• We keep your data in the EU by default.

4) Where Dosera runs (and what that means for your data)

• iOS & Android apps — You sign up for a Dosera account. App data (including health entries) is stored on our servers in the EU (Hetzner).
• Sign-in — We use Firebase Authentication (EU) to manage login securely.
• Notifications — If you opt in to push reminders, we use Firebase Cloud Messaging (FCM) to deliver them.
• AI assistance — We use OpenAI for anonymous health insights and symptom guidance. No user identifiers or personal data are sent—only anonymized health information for analysis.
• Support email — We use AWS to send/receive email.
• Website — Marketing info only. We’re not running analytics or advertising cookies right now.

5) Data we handle (and why)

Account data

Email address and a Dosera account ID

Why: create your account, secure access, sync across devices

Health & wellness entries (optional)

GLP-1 injections (date, site, dose, time), side effects/notes, weight, protein, calories, water

Why: core app functionality so you can track progress

Health integrations (optional)

With permission, import from Apple Health or Android Health Connect (e.g., weight, nutrition)

Why: reduce manual entry

Camera/Photos (optional)

Photos of food for nutrition tracking, weight scale readings for automatic data entry

Why: simplify data entry and improve tracking accuracy.

Device & app diagnostics

App/OS version, device info, crash/performance logs (Crashlytics)

Why: keep the app reliable and secure

Notifications (optional)

A device token (via FCM) if you enable push

Why: send reminders you asked for

AI-powered insights (optional)

Anonymized health data sent to OpenAI for symptom analysis, side effect guidance, and personalized health insights

Why: provide intelligent assistance and insights about your health journey. All data is anonymized and contains no personal identifiers.

Payments

If you buy via Apple or Google, they process the payment. We don’t see full payment details.

Support

Emails you send to info@dosera.app

6) How we use data

• Operate and improve Dosera
• Keep accounts secure and troubleshoot issues
• Send essential service messages
• Send opt-in push notifications
• Meet legal requirements and prevent misuse

We do not use health data for advertising. We do not sell personal data.

7) Legal bases (EEA/UK)

• Consent: health entries; Apple Health/Health Connect import; push notifications; camera/photo capture; AI-powered insights
• Contract: creating and maintaining your account; providing core app features
• Legitimate interests: safeguarding the service; crash/performance monitoring

You can withdraw consent in Settings. This won’t undo past lawful use.

8) Where we store data (our data map)

• App & health data: EU (our servers on Hetzner)
• Authentication: EU (Firebase Authentication)
• Crash diagnostics: (Crashlytics) – limited technical data
• Push notifications: (Firebase Cloud Messaging) – device tokens only
• Email: (AWS) – transactional/support email

We work to keep data in the EU. If a provider processes limited data elsewhere, we use appropriate safeguards (e.g., SCCs).

9) How long we keep data

• Account & app data: kept until you delete items or your account
• Crash/performance logs: short operational periods for debugging
• Emails: as long as needed to respond and for records, unless you ask us to delete (where permitted)

We may retain minimal information required by law.

10) Your controls and rights

• Export: Settings → Import / Export data (CSV)
• Delete: delete entries or your account in the app, or email us
• Access/Correct/Restrict/Object/Withdraw consent: available under applicable laws; we’ll help via info@dosera.app

We do not “sell” or “share” personal data for cross-context behavioral advertising.

11) Children and teens

• Under 13: you can’t use Dosera.
• Ages 13–18: you need parental consent to use the app.

12) International transfers

We prioritize EU hosting. If transfer outside your region happens, we use legally required safeguards.

13) Security—in short

Encryption in transit and at rest, role-based access, and vendor due diligence. No system is perfect, but we work hard to protect your data.

14) Changes to this notice

If we change this notice, we’ll update the date above and post the new version at dosera.app/privacy.

15) Contact

Virtual Traffic Lights info@dosera.app ULICA IVANA KUKULJEVIĆA 10 42000 Varaždin, Croatia

---

Health Data Addendum (extra rules for sensitive info)

What counts as health data

GLP-1 injection details; side-effects and wellness notes; weight, protein, calories, water; data you import from Apple Health/Health Connect; photos of food, weight scales, or other health-related images; anonymized health information processed by AI for insights.

How we use it

Provide core features, help you track progress, improve reliability and security, meet legal duties. Never for advertising. Never sold.

Where it lives

Stored on our EU servers (Hetzner). Access is limited and logged. We keep health data separate from contact info where practical.

Sharing

Only with providers that help run Dosera (Hetzner, Firebase Auth/FCM, Crashlytics, AWS email, OpenAI for anonymized AI processing), or as required by law, or with your request. Providers must protect it and can’t use it for their own purposes. AI processing uses only anonymized data with no personal identifiers.

Your choices

• Turn health integrations, camera features, and AI insights on/off at any time
• Export (CSV) or delete in the app
• Withdraw consent (EEA/UK) in Settings or by contacting us
• Appeal a denied request where local law provides that right

Geofencing

We do not create or use geofences to target people based on health information.