1. Introduction
JawBuddy UG ("we," "us," or "our") operates the website jawbuddy.com and the JawBuddy mobile application. We are committed to protecting your personal data and respecting your privacy in accordance with GDPR (EU 2016/679) and applicable data protection laws.
Controller
Company: Jawbuddy UG
Address: Darsberger Strasse 15, 69239 Neckarsteinach
Email: privacy@kauschlau.de
Phone: +49 160 92303560
2. Scope of This Policy
This privacy policy applies to:
• Website: jawbuddy.com (public-facing website)
• JawBuddy Mobile Application (iOS app for jaw health exercises)
3. Website Data Collection
Automatic Data Collection
When you visit jawbuddy.com, information is automatically collected:
• IP address
• Date and time of access
• Browser type and operating system
• Referring website (referrer URL)
Purpose: Ensuring website functionality, security, and administration
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)
Retention: Automatically deleted after 7 days
Email Contact
When you contact us by email, we store your inquiry and personal data to process your request.
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
4. JawBuddy Mobile Application Data
Account Data
When you create a JawBuddy account:
• Email address (required)
• Name (optional)
• Age range
• Language preference
Purpose: Authentication, personalization, multi-device sync
Your Control: Delete account anytime: Profile → Privacy & Sharing → Delete Account
Health and Jaw Movement Data
IMPORTANT: JawBuddy is a wellness application, not a medical device. The app does not diagnose, treat, or cure medical conditions.
What We Collect:
• Jaw opening distance (measured in millimeters)
• Jaw lateral deviation (side-to-side movement)
• Exercise completion data
• Progress metrics over time
What We Do NOT Collect:
❌ Face images or photographs
❌ Complete face meshes
❌ Biometric identification data
❌ Facial expressions unrelated to jaw movement
TrueDepth Camera Usage
Face Tracking Technology
JawBuddy uses your device's TrueDepth camera (iPhone X and later) through Apple's ARKit Face Tracking to measure jaw movements during exercises.
How It Works:
• All processing occurs locally on your device via Apple's ARKit
• Raw face data is processed in real-time (~16ms per frame)
• Face data is NEVER saved or transmitted
• Only calculated measurements (e.g., "35mm opening") are stored
No Biometric Identification: JawBuddy does NOT use face data for biometric identification or facial
recognition. The TrueDepth camera is used solely as a measurement tool, similar to how a ruler measures distance.
Legal Basis: Art. 6 para. 1 lit. b GDPR + Art. 9 para. 2 lit. a GDPR (explicit consent for health data)
5. No User Tracking
JawBuddy does NOT track users for advertising purposes.
We do not:
❌ Use advertising identifiers
❌ Track you across apps or websites
❌ Share data with advertising networks
❌ Create advertising profiles
❌ Work with data brokers
Our iOS app includes a Privacy Manifest declaring: NSPrivacyTracking: false
6. No Third-Party Data Sharing
We do NOT share your health data or face tracking measurements with third parties.
Your data stays with us and is NOT shared with:
❌ Advertising networks
❌ Analytics platforms (Google Analytics, etc.)
❌ Research institutions
❌ Data brokers
❌ AI training services
User-Controlled Sharing
You can export your progress reports to share with your healthcare provider (doctor, dentist, physiotherapist). This is optional and user-initiated only.
7. Data Storage and Security
Storage Locations
On Your Device: App preferences, cached exercise data
Compliance: GDPR, SOC 2, ISO 27001
Security Measures
• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Control: Per-user data isolation
• Authentication: Secure token-based authentication
• Monitoring: Regular security audits
Data Retention
• Account data: For duration of your account
• Upon deletion: All data permanently deleted within 30 days
• Log files: Automatically deleted after 30 days
8. Medical Disclaimer
⚕️ IMPORTANT: JawBuddy is NOT a medical device
JawBuddy is a wellness and exercise guidance application. It does not diagnose, treat, cure, or prevent any medical condition.
What JawBuddy Does NOT Do:
❌ Diagnose medical conditions
❌ Prescribe treatments
❌ Provide medical advice
❌ Replace healthcare professionals
Consult Your Healthcare Provider:
Always consult with a qualified healthcare provider before starting any exercise program, especially if you have jaw disorders (TMJ/TMD), recent surgery, chronic pain, or any medical concerns.
All measurements are for informational purposes and should be reviewed with your healthcare provider for medical interpretation.
Your Rights Under GDPR
Right to Access (Art. 15 GDPR)
Request information about your personal data
How: Profile → Privacy & Sharing → Request All Your Data
Right to Erasure (Art. 17 GDPR)
Request deletion of your personal data ("right to be forgotten")
How: Profile → Privacy & Sharing → Delete Account
Other Rights
• Right to Rectification (Art. 16 GDPR): Correct incorrect data
• Right to Restriction (Art. 18 GDPR): Request processing restriction
• Right to Data Portability (Art. 20 GDPR): Receive data in structured format
• Right to Object (Art. 21 GDPR): Object to processing
• Right to Lodge Complaint (Art. 77 GDPR): File complaint with supervisory authority
Supervisory Authority
Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: https://www.bfdi.bund.de
10. Data Security
We use SSL/TLS encryption (Secure Socket Layer) with the highest encryption level supported by your browser during website visits.
All data transmission between the JawBuddy app and our servers uses TLS 1.3 encryption. Data at rest is encrypted with AES-256.
11. Changes to This Privacy Policy
This privacy policy is currently valid and dated October 2025.
Material Changes: We will notify you via email and in-app notification
Minor Changes: Updated policy posted with new date
Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@kauschlau.de
Subject: Data Protection Inquiry
Response Time: Within 5 business days
