Data Processing Agreement

1. Introduction

This Data Processing Agreement (“DPA”) governs the processing of personal data by Medikle (“we,” “us,” or “our”) on behalf of users (“you” or “data subject”) in connection with the Medikle mobile application and related services.

2. Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Health Data

Personal data related to physical or mental health, including medical conditions, medications, and health metrics.

Processing

Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Controller

The user who determines the purposes and means of processing personal data.

Data Processor

Medikle, which processes personal data on behalf of the data controller.

3. Scope of Processing

Medikle processes personal data for the following purposes:

• Providing medicine identification services using AI technology
• Storing and managing health-related information and medical profiles
• Facilitating medication reminders and health tracking
• Enabling emergency contact and SOS functionality
• Improving application performance and user experience
• Ensuring data security and service reliability

4. Categories of Data

The following categories of personal data may be processed:

• Identity Information: Name, username, profile information
• Contact Information: Email address, emergency contact details
• Health Information: Medical conditions, allergies, medications, dosages, health metrics
• Location Data: Approximate location for emergency services (when enabled)
• Technical Data: Device information, app usage data, crash reports
• Visual Data: Photos of medications for identification purposes

5. Data Security Measures

Medikle implements appropriate technical and organizational measures to ensure data security:

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict authentication and authorization mechanisms
• Data Minimization: Only necessary data is collected and processed
• Secure Infrastructure: Use of secure cloud services (Supabase) with industry-standard security
• Regular Security Audits: Ongoing monitoring and security assessments
• Incident Response: Procedures for handling data breaches and security incidents

6. Data Retention

Personal data will be retained only as long as necessary for the purposes outlined in this agreement:

• Active Account Data: Retained while the user account is active
• Health Records: Retained according to user preferences and legal requirements
• Technical Data: Retained for up to 2 years for service improvement
• Emergency Contact Data: Retained while emergency features are active
• Deleted Account Data: Securely deleted within 30 days of account deletion

7. Data Subject Rights

As a data subject, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing at any time

8. Third-Party Services

Medikle may use the following third-party services for data processing:

• Supabase: Database and authentication services with EU data protection compliance
• Google Gemini API: AI-powered medicine identification (images processed securely)
• Cloud Storage Providers: Secure storage of encrypted data backups
• Analytics Services: Anonymous usage analytics for service improvement

All third-party processors are required to provide adequate data protection guarantees and comply with applicable data protection laws.

9. Cross-Border Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction. In such cases:

• Transfers are made only to countries with adequate data protection levels
• Appropriate safeguards are implemented where required
• Standard contractual clauses are used when necessary
• Users are informed of any significant data transfer arrangements

10. Data Breach Notification

In the event of a personal data breach:

• Medikle will assess the risk to individuals' rights and freedoms
• High-risk breaches will be reported to supervisory authorities within 72 hours
• Affected users will be notified without undue delay if required
• Detailed documentation of all breaches will be maintained
• Immediate steps will be taken to mitigate any adverse effects

11. Data Processing Lawfulness

Personal data processing is based on the following lawful bases:

• Consent: Explicit consent for health data processing and optional features
• Contract Performance: Processing necessary for service delivery
• Legitimate Interests: Service improvement and security (where appropriate)
• Vital Interests: Emergency contact and SOS functionality

12. Contact Information

For questions about data processing or to exercise your rights, please contact us:

• Email: privacy@medikle.com
• Data Protection Officer: dpo@medikle.com
• Postal Address: [Your Company Address]
• Website: www.medikle.com

13. Updates to This Agreement

This Data Processing Agreement may be updated from time to time to reflect changes in:

• Applicable data protection laws and regulations
• Our data processing practices and security measures
• Third-party services and integrations
• User feedback and regulatory guidance

Users will be notified of any material changes to this agreement through the application or email notifications.