Privacy Policy

1. Introduction

This Privacy Policy explains how Criscode ("we", "us", or "our") collects, uses, stores, and protects information when you use the SafeDose mobile application ("App"). We are committed to protecting your privacy and the privacy of the children in your care.

SafeDose processes sensitive health data about children. We comply with the EU General Data Protection Regulation (GDPR), the US Children's Online Privacy Protection Act (COPPA), and other applicable data protection laws worldwide.

Data Controller: Criscode, ul. Gryczana 25, 56-400 Oleśnica, Poland

2. Data We Collect

We collect only the data you choose to enter into the App:

2.1 Child Profile Data

• Child's first name
• Year of birth
• Weight

2.2 Health Tracking Data

• Body temperature readings (with timestamps)
• Medication name(s) administered
• Medication dosage and time of administration

2.3 Analytics Data (with your consent)

• Anonymized app usage events (screens visited, features used)
• App version and device type (for crash analysis)
• Anonymous session data

Analytics data is collected only with your explicit consent and is not linked to your child's health data or personal identity.

2.4 Advertising Data (future feature)

The App does not currently display advertisements. When advertising is introduced, we will update this Policy and request your explicit consent before collecting any advertising-related data (such as advertising identifiers). For EU/EEA users, we will implement a Google-certified Consent Management Platform (CMP) compliant with the IAB TCF v2.2 framework before serving any personalized ads.

3. How We Use Your Data

We use your data solely for the following purposes:

• To display your child's health records within the App;
• To allow you to track medication history and temperature trends;
• To improve App performance and fix technical issues (with your consent for analytics);
• To serve contextual or personalized advertisements (future feature, requires separate consent);
• To comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data on the following legal bases:

• Consent (Art. 6(1)(a) GDPR): You provide explicit consent when entering your child's health data, enabling analytics, or (in the future) accepting personalized ads. You may withdraw consent at any time.
• Legitimate Interests (Art. 6(1)(f) GDPR): For crash reporting and basic App stability monitoring, where we have a legitimate interest in maintaining a functional App.
• Legal Obligation (Art. 6(1)(c) GDPR): Where required by applicable law.

Health data related to children constitutes special category data under Art. 9 GDPR. We process it only on the basis of your explicit consent (Art. 9(2)(a) GDPR).

5. Children's Privacy (COPPA)

SafeDose is designed exclusively for use by parents and legal guardians. We do not knowingly collect personal information directly from children under the age of 13 (or the applicable age threshold in your jurisdiction). All information about a child is entered solely by the parent or guardian.

If you believe we have inadvertently collected information directly from a child without parental consent, please contact us immediately at contact@criscode.com and we will delete such data promptly.

In accordance with COPPA, parents may review, update, or request deletion of their child's data at any time (see Section 11 — Your Rights).

6. Analytics

The App collects anonymized usage analytics to help us understand how the App is used and to improve its functionality. Analytics are collected only with your explicit consent. We use industry-standard tools (such as Firebase Analytics by Google) for this purpose.

Analytics data collected includes: feature usage patterns, session length, and crash reports. This data is anonymized and is not linked to your child's health records or personal identity.

You may opt out of analytics at any time in Settings → Privacy → Analytics. Opting out does not affect App functionality.

For EU/EEA users, analytics tracking does not begin until you have provided explicit consent through the in-App consent screen.

7. Advertising

SafeDose does not currently display advertisements. We plan to introduce advertising in a future version. When we do:

• You will be notified in advance and asked for your explicit consent before any advertising-related data is collected;
• EU/EEA users will be presented with a consent form compliant with IAB TCF v2.2 (Google UMP SDK or equivalent Google-certified CMP) before any ads are served;
• You will be able to choose between personalized and non-personalized ads;
• The App will support Google Consent Mode v2 for EEA and UK users, ensuring no advertising data is collected or used without consent;
• On iOS, Apple App Tracking Transparency (ATT) permission will be requested before any advertising identifier (IDFA) is accessed;
• We will never serve behavioral or personalized advertising based on a child's health data;
• You will be able to revoke advertising consent at any time in Settings → Privacy → Advertising.

8. Data Storage and Security

8.1 Where Data Is Stored

Data entered into SafeDose is stored locally on your device. If cloud backup is enabled, data is stored in encrypted cloud infrastructure (e.g., Google Firebase) with servers located in the EU or US depending on your region and provider configuration.

8.2 Security Measures

We implement industry-standard security measures including:

• Encryption of data at rest and in transit (TLS/SSL);
• Access controls limiting who can access stored data;
• Regular security assessments of our infrastructure.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data but are committed to using best practices.

8.3 Data Retention

We retain your data for as long as you use the App. You may delete individual records or all data at any time in App settings. Upon account deletion, all personal data is deleted within 30 days, except where retention is required by law.

9. Data Sharing

We do not sell your data. We may share data with the following limited categories of third parties:

• Cloud Service Providers: Hosting and backend services (e.g., Google Firebase) who process data strictly on our behalf under data processing agreements (DPAs);
• Analytics Providers: Anonymized usage analytics (e.g., Firebase Analytics), only with your consent;
• Advertising Networks (future): Only after your explicit consent and only in compliance with GDPR/COPPA as described in Section 7;
• Legal Authorities: If required by law, court order, or to protect the safety and rights of users.

All service providers are contractually obligated to handle your data securely and only as instructed by us.

10. International Data Transfers

If you are located in the EEA, your data may be transferred to countries outside the EEA (e.g., the United States). In such cases, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data to an equivalent standard as required under GDPR Chapter V.

11. Your Rights

11.1 Rights Under GDPR (EU/EEA Users)

If you are in the EEA, you have the following rights:

To exercise these rights, contact us at contact@criscode.com. We will respond within 30 days.

11.2 Rights Under COPPA (US Users)

Parents and guardians have the right to:

• Review the personal information collected about their child;
• Request correction or deletion of that information;
• Refuse further collection or use of the child's information.

Contact us at contact@criscode.com to exercise these rights.

12. Open Source Software

SafeDose is built with the Flutter framework and a number of open-source packages. Flutter is licensed under the BSD 3-Clause License (Copyright 2014, The Flutter Authors). Third-party packages are used under their respective licenses, which include MIT, BSD, and Apache 2.0 licenses.

Many open-source licenses require that attribution notices be displayed in the App. In compliance with these requirements, a complete list of all open-source components, their authors, and their license texts is available within the App under Settings → About → Open Source Licenses.

The use of open-source software in SafeDose does not affect the privacy of your data — open-source packages used in this App do not independently collect, transmit, or store personal data beyond what is described in this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, particularly when we introduce new features such as advertising. We will notify you of material changes through the App or by other reasonable means. The effective date at the top of this Policy reflects the most recent revision. Continued use of the App after changes constitutes your acceptance of the updated Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: