1. Introduction
JawBuddy UG ("we," "us," or "our") operates the website jawbuddy.com and the JawBuddy mobile application. We are committed to protecting your personal data and respecting your privacy in accordance with GDPR (EU 2016/679) and applicable data protection laws.
Controller
Company: Jawbuddy UG
Address: Nobelstr. 10, Stuttgart, Baden-Württemberg 70569, Germany
Email: privacy@jawbuddy.com
Phone: +49 160 92303560
2. Scope of This Policy
This privacy policy applies to:
• Website: jawbuddy.com (public-facing website)
• JawBuddy Mobile Application (iOS app for jaw health exercises)
3. Website Data Collection
Automatic Data Collection
When you visit jawbuddy.com, information is automatically collected:
• IP address
• Date and time of access
• Browser type and operating system
• Referring website (referrer URL)
Purpose: Ensuring website functionality, security, and administration
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)
Retention: Automatically deleted after 7 days
Email Contact
When you contact us by email, we store your inquiry and personal data to process your request.
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)
4. JawBuddy Mobile Application Data
Account Data
When you create a JawBuddy account:
• Email address (required)
• Name (optional)
• Age range
• Language preference
Purpose: Authentication, personalization, multi-device sync
Your Control: Delete account anytime: Profile → Privacy & Sharing → Delete Account
Health and Jaw Movement Data
IMPORTANT: JawBuddy is a wellness application, not a medical device. The app does not diagnose, treat, or cure medical conditions.
What We Collect:
• Jaw opening distance (measured in millimeters)
• Jaw lateral deviation (side-to-side movement)
• Exercise completion data
• Progress metrics over time
What We Do NOT Collect:
• Face images or photographs
• Complete face meshes
• Biometric identification data
• Facial expressions unrelated to jaw movement
TrueDepth Camera Usage
Face Tracking Technology
JawBuddy uses your device's TrueDepth camera (iPhone X and later) through Apple's ARKit Face Tracking to measure jaw movements during exercises.
How It Works:
• All processing occurs locally on your device via Apple's ARKit
• Raw face data is processed in real-time (~16ms per frame)
• Face data is NEVER saved or transmitted
• Only calculated measurements (e.g., "35mm opening") are stored
No Biometric Identification: JawBuddy does NOT use face data for biometric identification or facial
recognition. The TrueDepth camera is used solely as a measurement tool, similar to how a ruler measures distance.
Legal Basis: Art. 6 para. 1 lit. b GDPR + Art. 9 para. 2 lit. a GDPR (explicit consent for health data)
5. Advertising Measurement & Tracking
With your explicit consent, JawBuddy uses advertising measurement tools to understand which health awareness campaigns help people discover TMJ care. No health data is ever shared with ad platforms.
Ad Measurement Services (consent required)
When you opt in to advertising measurement, we use:
Meta (Facebook) SDK — Measures which ad campaigns lead to app installs and subscriptions. Privacy Policy: https://www.facebook.com/privacy/policy/
TikTok Business SDK — Measures which ad campaigns lead to app installs and subscriptions. Privacy Policy: https://www.tiktok.com/legal/privacy-policy
What is shared with ad platforms (only when you consent):
Device advertising identifier (IDFA on iOS)
App install confirmation
Registration event (no personal details included)
Subscription purchase event (amount and currency only)
What is NEVER shared with ad platforms:
Health or exercise data
Jaw measurements or treatment progress
Your name, email, or any personal information
Screen views or in-app behavioral data
Your Control
These SDKs are ONLY activated when you:
Grant advertising consent in our privacy prompt
Confirm you are 16 years or older (GDPR requirement)
Grant App Tracking Transparency permission (iOS)
You can revoke consent at any time via Profile → Privacy & Sharing. Revoking immediately disables these SDKs.
If you do not consent, or deny ATT, no advertising measurement occurs and the SDKs are never initialized.
Legal Basis: Art. 6 para. 1 lit. a GDPR (explicit consent). Consent can be withdrawn at any time with immediate effect.
Our iOS app includes a Privacy Manifest declaring NSPrivacyTracking: true, and requests App Tracking Transparency permission before any advertising measurement occurs.
6. Third-Party Services & Data Sharing
Your health data, exercise data, and face tracking measurements are NEVER shared with third parties.
We use the following third-party services:
Advertising Measurement (requires your explicit consent)
Meta Platforms, Inc. (Facebook SDK) — Ad campaign attribution
ByteDance Ltd. (TikTok Business SDK) — Ad campaign attribution
These services only receive: device advertising identifier, install events, registration events, and purchase events (amount + currency). They never receive health data, personal information, or app usage details.
Analytics (requires your consent)
Firebase Analytics (Google LLC) — App usage statistics and crash reports
Amplitude, Inc. — Product analytics for feature improvement
Analytics data is used solely to improve the app and is not shared with advertisers.
Essential Services (always active for app functionality)
Firebase Crashlytics (Google LLC) — Crash reporting for app stability
Firebase Cloud Messaging (Google LLC) — Push notifications
RevenueCat, Inc. — Subscription management
Google Cloud Platform — Backend hosting (Frankfurt, Germany, EU)
Data NEVER shared with any third party:
Health or exercise measurements
Face tracking or TrueDepth camera data
Treatment progress or pain assessments
Research institutions
Data brokers
User-Controlled Sharing
You can control analytics and advertising consent independently via Profile → Privacy & Sharing. You can also export your progress reports to share with your healthcare provider (doctor, dentist, physiotherapist). This is optional and user-initiated only.our data stays with us and is NOT shared with:
• Advertising networks
• Analytics platforms (Google Analytics, etc.)
• Research institutions
• Data brokers
• AI training services
User-Controlled Sharing
You can export your progress reports to share with your healthcare provider (doctor, dentist, physiotherapist). This is optional and user-initiated only.
7. Data Storage and Security
Storage Locations
On Your Device: App preferences, cached exercise data
Compliance: GDPR
Backend Servers: Frankfurt, Germany (Google Cloud europe-west3)
Security Measures
• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Control: Per-user data isolation
• Authentication: Secure token-based authentication
• Monitoring: Regular security audits
Data Retention
• Account data: For duration of your account
• Upon deletion: All data permanently deleted within 30 days
• Log files: Automatically deleted after 30 days
8. Medical Disclaimer
⚕️ IMPORTANT: JawBuddy is NOT a medical device
JawBuddy is a wellness and exercise guidance application. It does not diagnose, treat, cure, or prevent any medical condition.
What JawBuddy Does NOT Do:
• Diagnose medical conditions
• Prescribe treatments
• Provide medical advice
• Replace healthcare professionals
Consult Your Healthcare Provider:
Always consult with a qualified healthcare provider before starting any exercise program, especially if you have jaw disorders (TMJ/TMD), recent surgery, chronic pain, or any medical concerns.
All measurements are for informational purposes and should be reviewed with your healthcare provider for medical interpretation.
Your Rights Under GDPR
Right to Access (Art. 15 GDPR)
Request information about your personal data
How: Profile → Privacy & Sharing → Request All Your Data
Right to Erasure (Art. 17 GDPR)
Request deletion of your personal data ("right to be forgotten")
How: Profile → Privacy & Sharing → Delete Account
Other Rights
• Right to Rectification (Art. 16 GDPR): Correct incorrect data
• Right to Restriction (Art. 18 GDPR): Request processing restriction
• Right to Data Portability (Art. 20 GDPR): Receive data in structured format
• Right to Object (Art. 21 GDPR): Object to processing
• Right to Lodge Complaint (Art. 77 GDPR): File complaint with supervisory authority
Supervisory Authority
Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Website: https://www.bfdi.bund.de
10. Data Security
We use SSL/TLS encryption (Secure Socket Layer) with the highest encryption level supported by your browser during website visits.
All data transmission between the JawBuddy app and our servers uses TLS 1.3 encryption. Data at rest is encrypted with AES-256.
11. Changes to This Privacy Policy
This privacy policy is currently valid and dated March 2026.
Material Changes: We will notify you via email and in-app notification
Minor Changes: Updated policy posted with new date
Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@jawbuddy.com
Subject: Data Protection Inquiry
Response Time: Within 5 business days
