Privacy Policy | JawBuddy

1. Introduction

JawBuddy UG (haftungsbeschränkt) operates jawbuddy.com and the JawBuddy mobile application. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR, EU 2016/679).

Data Controller:
JawBuddy UG (haftungsbeschränkt)
Nobelstr. 10, 70569 Stuttgart, Germany
Email: privacy@jawbuddy.com
Phone: +49 160 92303560

2. Scope of This Policy

This policy covers the website jawbuddy.com and the JawBuddy Mobile Application (iOS app for jaw health exercises).

3. Website Data Collection

Automatic Data Collection

When you visit our website, we automatically collect IP addresses, access timestamps, browser/OS information, and referrer URLs for ensuring website functionality, security, and administration. This data is retained for 7 days under legitimate interests (Art. 6 para. 1 lit. f GDPR).

Email Contact

Inquiries sent via email are stored to process your requests under contract fulfillment (Art. 6 para. 1 lit. b GDPR).

4. JawBuddy Mobile Application Data

Account Data

Required: email address. Optional: name, age range, language preference. Used for authentication and personalization. You may delete your account via Profile → Privacy & Sharing → Delete Account.

Health and Jaw Movement Data

The app collects jaw opening distance, lateral deviation, exercise completion, and progress metrics. The app does NOT collect face images, complete face meshes, biometric identification data, or unrelated facial expressions.

Important: JawBuddy is a wellness application, not a medical device. The app does not diagnose, treat, or cure medical conditions.

TrueDepth Camera Usage

All face data processing occurs locally on your device via Apple's ARKit. Face data is NEVERsaved or transmitted — only calculated measurements (e.g., jaw opening in millimeters) are stored. The camera functions solely as a measurement tool, similar to how a ruler measures distance.

Legal basis: Art. 6 para. 1 lit. b GDPR + Art. 9 para. 2 lit. a GDPR (explicit consent for health data).

5. Advertising Measurement & Tracking

With your explicit consent, the app uses Meta (Facebook) SDK and TikTok Business SDK to measure campaign effectiveness. Only device advertising identifiers (IDFA), install confirmations, registration events, and subscription purchase details (amount/currency) are shared — never health data, measurements, names, emails, or behavioral data.

These SDKs activate only when you grant advertising consent, confirm you are 16+, and grant App Tracking Transparency permission. Consent is revocable anytime via Profile → Privacy & Sharing.

6. Third-Party Services & Data Sharing

Advertising Measurement (consent required): Meta Platforms, Inc. (Facebook SDK), ByteDance Ltd. (TikTok Business SDK)

Analytics (consent required): Firebase Analytics (Google LLC), Amplitude, Inc.

Essential Services (always active): Firebase Crashlytics (Google LLC), Firebase Cloud Messaging (Google LLC), RevenueCat, Inc., Google Cloud Platform (Frankfurt, Germany, EU)

Health measurements, face tracking data, and treatment progress are NEVER shared with any third party. You may optionally export progress reports to your healthcare provider (user-initiated only).

7. Data Storage and Security

Storage Locations: On-device (app preferences, cached exercise data) and Backend (Frankfurt, Germany — Google Cloud europe-west3).

Security: TLS 1.3 encryption in transit, AES-256 at rest, access control, per-user data isolation, secure token-based authentication, and regular security audits.

Retention: Account data persists during account tenure. Deletion results in permanent removal within 30 days. Log files are auto-deleted after 30 days.

8. Medical Disclaimer

JawBuddy is NOT a medical device and does not diagnose, treat, cure, or prevent conditions, nor replace healthcare professionals. All measurements serve informational purposes only. Consult a qualified healthcare provider before starting exercises.

9. Your Rights Under GDPR

  • Right to Access (Art. 15): Request your data via Profile → Privacy & Sharing → Request All Your Data
  • Right to Erasure (Art. 17): Delete your data via Profile → Privacy & Sharing → Delete Account
  • Right to Rectification (Art. 16)
  • Right to Restriction of Processing (Art. 18)
  • Right to Data Portability (Art. 20)
  • Right to Object (Art. 21)
  • Right to Lodge a Complaint with the supervisory authority: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), www.bfdi.bund.de

10. Changes to This Privacy Policy

This policy is dated March 2026. Material changes will be communicated via email or in-app notification. Minor updates appear with new effective dates. Continued use of the service implies acceptance.

11. Contact Us

Email: privacy@jawbuddy.com
Subject: Data Protection Inquiry
Response Time: Within 5 business days