1. Introduction
SaliLab ("the App") is a clinical management tool designed exclusively for healthcare professionals. It allows them to record, analyze, and share patients' clinical data with other authorized professionals.
This Privacy Policy describes what personal data we collect, the purposes for which we process it, with whom we share it, and what rights you have as a user or as a patient whose data is managed through the App.
By creating an account in SaliLab, you represent that you are a healthcare professional with legal capacity to manage patient clinical data in your jurisdiction and you agree to the terms of this policy.
Important note: SaliLab is a tool for healthcare professionals, not a direct patient-facing application. If you are a patient whose data has been entered into the App, the primary data controller for that data is the healthcare professional who recorded it. You can exercise your rights by contacting that professional directly.
2. Data Controller
The data controller for the personal data of App users (doctors/professionals) is the individual developer of the App. For any privacy inquiries:
The healthcare professional using SaliLab acts as the data controller for their patients' data. SaliLab acts as the data processor with respect to patient data stored in the cloud.
3. Data We Collect
3.1 Professional Account Data
| Data | Purpose | Storage |
|---|---|---|
| Email address | Authentication, communications | Supabase Auth |
| First and last name | Identification in professional network | Local SQLite + Supabase |
| Phone number | Optional verification, public profile | Local SQLite + Supabase |
| Medical specialty | Public profile in professional network | Local SQLite + Supabase |
| Country and state/province | Regional clinical context | Local SQLite + Supabase |
| Username | Search in professional network | Local SQLite + Supabase |
3.2 Patient Clinical Data
The following data is entered by the healthcare professional about their patients. Patients are not direct users of the App.
| Category | Specific Data |
|---|---|
| Identification | Name, last name, date of birth, sex, national/social ID (optional), phone (optional) |
| Anthropometric | Weight (kg), height (m) |
| Cardiovascular | Systolic and diastolic blood pressure, smoking status, known cardiovascular disease, diabetes, herpes |
| Metabolic | Glucose (mg/dL), fasting glycemia, diet (fruits/vegetables), water intake |
| Salivometric | Saliva volume, collection time, salivary pH, nitric oxide, viscosity, color, appearance, odor, sediment |
| Medication | Medication notes (free text) |
| Clinical notes | Free text written by the professional |
| Clinical history (snapshots) | Chronological records of clinical metrics |
| Appointments | Date, time, duration, and description of appointments |
3.3 Device and Usage Data
| Data | Purpose |
|---|---|
| FCM token (Firebase) | Push notifications |
| Device model, OS version, app version | Error diagnostics (crash reports) |
| Error logs | Service stability improvement (no patient data) |
| Screenshots (voluntary) | Attached to user-submitted bug reports |
3.4 Location Data
The App requests device location access once only during registration, in order to auto-fill the country and state/province fields. This data is not stored on the device or in the cloud beyond the country/state value saved in the professional's profile.
4. Purposes and Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the clinical management service | Performance of contract (Art. 6.1.b GDPR) |
| Storage and analysis of patient clinical data | Legal obligation and public interest task (Art. 6.1.c, 6.1.e GDPR; Art. 9.2.h GDPR) |
| Push notifications (appointments, connections) | Explicit consent (Art. 6.1.a GDPR) |
| Error reporting and diagnostics | Legitimate interest in service quality (Art. 6.1.f GDPR) |
| Account communications (password reset, verification) | Performance of contract (Art. 6.1.b GDPR) |
5. Data Sharing
5.1 Between Professionals (Network Feature)
Professionals can share patient clinical data with other connected professionals within the App. When this occurs:
- The sharing professional is responsible for obtaining patient consent as required by applicable law.
- The recipient accesses data with the assigned permission level (read-only or read/write).
- Access may have an expiration date and can be revoked at any time.
- Shared data is encrypted in transit (TLS). Optionally, the professional may enable end-to-end encryption from the App settings using their Patient Data Encryption Key (PDEK).
5.2 Third-Party Service Providers
| Provider | Service | Data Transferred | Policy |
|---|---|---|---|
| Supabase | Cloud database, authentication, file storage | Professional profile, clinical data (encrypted), error logs | supabase.com/privacy |
| Google Firebase | Push notifications (FCM) | Device FCM token | firebase.google.com/support/privacy |
| AI Provider (OpenAI / Anthropic) | AI-assisted clinical analysis (AI Insights feature) | Anonymized clinical metrics and, when using the notes feature, clinical note excerpts with patient identifiers pre-removed. Patient names and direct identifiers are NOT sent. | openai.com/policies/privacy · anthropic.com/privacy |
| GitHub | Internal error report management (Issues) | Anonymized error logs, device information | github.com privacy |
The currently active AI provider can be checked at any time in the App settings under the "AI Insights" section. Any change of provider will be communicated in advance via an in-app notice.
We do not sell or share personal data with third parties for advertising or commercial purposes.
6. Data Security
- Encrypted local database: SQLite encrypted with SQLCipher. The key is stored in the iOS Keychain or Android Keystore.
- Encryption in transit: All communication with Supabase occurs over HTTPS/TLS.
- End-to-end encryption (optional): Patient data can be encrypted client-to-client using a Patient Data Encryption Key (PDEK) derived from the professional's password.
- Access control: Row-Level Security (RLS) policies in Supabase: each professional can only access their own data.
- Secure notifications: FCM tokens are transmitted signed with service account JWTs.
- Sanitized error reports: Patient IDs in error stack traces are replaced with placeholders before transmission.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Professional account data | While the account is active. Deleted 30 days after account deletion request. |
| Active patient clinical data | While the professional maintains an active account. |
| Patients in trash (soft deleted) | 14 days, then permanently deleted. |
| Error logs | 90 days, then automatically deleted. |
| In-app notifications | Deleted on sign-out. |
| AI cache (on device) | Until the professional signs out or uninstalls the app. |
Account deletion: You can delete your account at any time from Settings → Account → Delete Account within the App, or by sending a request to privacy@salilab.app. We will confirm the deletion within 72 hours. You may request a data export in JSON/CSV format before permanent deletion.
8. Your Rights
Under GDPR and equivalent regulations, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention obligations).
- Data portability: Receive your data in a structured, machine-readable format (JSON/CSV).
- Objection and restriction: Object to or restrict certain types of processing.
- Withdrawal of consent: At any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact: privacy@salilab.app. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, the CNIL in France, or the AEPD in Spain).
9. Children's Privacy
SaliLab is not directed to users under 18 years of age. We do not knowingly collect personal data from minors as App users.
Regarding clinical data of minor patients, the healthcare professional is responsible for complying with the applicable regulations in their jurisdiction regarding the processing of minors' data.
10. International Data Transfers
Data stored on Supabase may reside on servers located in the European Union or in other countries. Supabase applies Standard Contractual Clauses (SCCs) pursuant to GDPR for international transfers.
Data processed by the AI provider (AI Insights feature) is transferred to the provider's servers pursuant to their own privacy policy and without permanent retention of request content.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you through the App or by email at least 15 days before the changes take effect.
The "Last updated" date at the top of this page always reflects the most current version.
For any privacy-related questions:
privacy@salilab.app