Privacy Policy — KneeBack

This policy applies to the KneeBack mobile application and website. Contact: kneebackapp@gmail.com

1. Who We Are (Controller)

KneeBack ("we", "our", "us") is operated by:

Alexander Grimm
An der Heuwaag 1
91438 Bad Windsheim, Deutschland
Email: kneebackapp@gmail.com

For all data-related enquiries, requests, or complaints, contact us at kneebackapp@gmail.com.

2. Two Modes — Your Choice

    KneeBack runs in two distinct modes:

    Local Mode (default) — All your recovery data stays exclusively on your device.
    No account is required. No personal data ever leaves your device or reaches our servers.

    Signed-in Mode — When you create an account and sign in, your recovery data is
    synced to our cloud so you can access it across devices and restore it after reinstallation.
    Personal data is only collected and processed when you actively use a signed-in account.

You can use KneeBack fully-featured in Local Mode indefinitely. Signing in is optional, reversible, and you can delete your account and all associated cloud data at any time.

3. What Data We Collect

Local Mode — no personal data collected: No data leaves your device. The following is stored only locally and protected by your device's own security:

Exercise logs, daily checklists, and completion history
Range-of-motion (ROM) measurements (flexion and extension angles)
Surgery date, knee side, and graft type (entered by you for app functionality)
Milestone notes and phase progress
Notification reminder preferences

Signed-in Mode — cloud data (account holders only): When you sign in, the following data is uploaded to our cloud infrastructure. No cloud data is processed when you use Local Mode.

Email address (used for authentication only)
Recovery profile: surgery date, knee side, graft type
Health and exercise data: exercise logs, ROM measurements, and streak activity
Daily notes (free text, optional — may contain health context you choose to record)
Exercise plan and personal customisations
Notification preferences and device push token

Community feature: Community posts are linked to an anonymous device identifier only. Your email address is never visible in the community, regardless of whether you have an account. The device identifier is a pseudonym — it allows us to attribute your posts to you for moderation and deletion purposes without revealing your identity.

4. Why We Process Your Data (Legal Bases)

Purpose	Data	Legal Basis
Provide cloud backup and cross-device sync	Email, recovery profile, exercise data	Art. 6(1)(a) GDPR — your explicit consent when creating an account
Process health data (ROM, surgery info)	ROM measurements, surgery date, graft type	Art. 9(2)(a) GDPR — your explicit consent; health data requires this separate basis
Community feature (anonymous posts)	Anonymous device identifier, post content	Art. 6(1)(f) GDPR — legitimate interest in providing a support community, balanced against your interest in anonymity
Push notifications	Device push token	Art. 6(1)(a) GDPR — your consent when enabling reminders

5. Health Data

ROM measurements, surgery date, and graft type constitute health data under Art. 4(15) GDPR. Processing this data requires your explicit consent under Art. 9(2)(a) GDPR, which you provide when you create an account and sign in. You may withdraw this consent at any time by deleting your account (see Section 9).

In Local Mode your health data never leaves your device and is never subject to cloud processing. This applies even if you have previously held an account — switching back to Local Mode stops all cloud data flows immediately.

6. Data Storage, Security, and Third Parties

When cloud sync is enabled, your data is stored using Supabase. We apply industry-standard security: TLS encryption in transit and encryption at rest.

We share data with the following processors only as strictly necessary:

Processor	Purpose	Location	Safeguard
Supabase	Cloud database and authentication	EU (Ireland, eu-west-1)	Art. 28 DPA; EU-hosted, no third-country transfer
Expo / Apple / Google	Delivering push notifications	US	SCCs under Art. 46 GDPR

We do not sell your data. We do not share your data with advertisers, data brokers, or any party beyond the processors listed above.

7. Third-Country Transfers

Our cloud infrastructure (Supabase) is EU-hosted and does not involve a third-country transfer. Push notification delivery relies on Expo, Apple, and Google — US-incorporated entities. Transfers to these processors rely on Standard Contractual Clauses (SCCs) adopted by the European Commission under Art. 46(2)(c) GDPR. Where applicable, these processors also participate in the EU–US Data Privacy Framework.

8. Data Retention

Local device data — retained until you uninstall the app or use Profile › Reset App
Cloud account data — retained for as long as your account is active
After account deletion — all cloud data permanently deleted within 30 days
Community posts — retained until you delete them, or until your account is deleted
Anonymised aggregates — may be retained indefinitely for service improvement

9. Your Rights Under GDPR

As a data subject, you have the following rights. Most can be exercised directly in the app:

Right of Access Export all your data via Profile › Export My Data.

Right to Rectification Update your recovery profile in the app at any time.

Right to Erasure Delete your account and all cloud data via Profile › Delete Account.

Right to Data Portability Exported data is provided in JSON format.

Right to Withdraw Consent Delete your account at any time. Withdrawal does not affect prior processing.

Right to Object Contact us at kneebackapp@gmail.com to object to any processing.

Right to Lodge a Complaint You may complain to your national supervisory authority (in Germany: BfDI or relevant Landesbehörde).

Right to Restrict Processing Contact us to request restriction of processing while a dispute is resolved.

10. Children's Privacy

KneeBack is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data through our service, contact us at kneebackapp@gmail.com and we will delete it promptly.

11. Waitlist Registration (Internal Testing)

If you submit your email address via the waitlist form on our landing page, the following processing applies:

Field	Detail
Data collected	Email address
Purpose	To notify you when KneeBack opens for public testing on Google Play
Legal basis	Art. 6(1)(a) GDPR — your explicit consent given at the time of submission
Processor	Supabase (EU-hosted infrastructure). No other processors involved; your email is not forwarded to any third-party service.
Retention	Your email address will be deleted no later than 30 days after KneeBack becomes publicly available on Google Play. If that date has not yet been reached, data is retained only for as long as necessary to fulfil the stated purpose.
Your rights	You may withdraw consent and request deletion of your email at any time by contacting kneebackapp@gmail.com with the subject "withdraw waitlist consent". Withdrawal does not affect the lawfulness of processing prior to withdrawal.

You are not required to join the waitlist to use KneeBack. The web app is available at kneeback.app/app without any registration.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will always reflect the current version.

For material changes affecting how your health data is processed, we will notify you within the app and obtain your fresh explicit consent where required by Art. 9 GDPR before continuing to process your data under the new terms.

For questions or data subject requests, contact: kneebackapp@gmail.com