Skip to main content

Privacy Policy

(Version: January 2026)

1. Controller

The controller within the meaning of Art. 4(7) GDPR is:

tio health UG (limited liability)
Holsteinische Str. 34
10717 Berlin
Germany

Email: privacy@tiohealth.care

A data protection officer has not been appointed at this time.

2. General Information

Protecting personal data, especially sensitive health data relating to children, is of utmost importance to us. Personal data is processed exclusively in compliance with the GDPR and applicable national data protection laws.

The app is intended solely for adult parents or legal guardians. Children do not use the app themselves and are not directly addressed.

3. Categories of Data Subjects

  • Parents or legal guardians (app users)
  • Children whose health and developmental data is recorded by their parents

4. Categories of Data Processed

4.1 Account Data

  • Parent name and email address
  • Language preferences
  • Login and account information

 

4.2 Child Data

  • Child’s age and gender (required for app functionality)
  • All other information is voluntary

 

4.3 Health and Development Data (Art. 9 GDPR)
If voluntarily provided:

  • Symptoms and illnesses
  • Developmental concerns
  • Medications and vaccinations
  • Doctor visits and therapies
  • Photos (e.g. rashes, injuries)

 

4.4 Usage and Technical Data

  • Anonymized app usage data
  • Technical device data

5. Purposes and Legal Bases

5.1 Provision of App Features
Legal basis:

  • Art. 6(1)(a) GDPR
  • Art. 9(2)(a) GDPR

 

5.2 Tio Chat (AI-Supported Guidance)
Processing user inputs to provide contextual, non-binding support.

 

5.3 Automated Supportive Processing
Automated structuring or summarization of chat or health log content may occur.
This processing is **purely supportive and has no legal effect** pursuant to Art. 22 GDPR.

 

5.4 App Improvement
Anonymized analytics via Firebase Analytics.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest)

6. Data Storage

  • Local storage on the device for usability and offline support
  • Cloud storage in Google Firestore (EU region) to prevent data loss and enable features such as profile sharing

7. Third-Party Processors

7.1 OpenAI (OpenAI Ireland Ltd.)

  • Data processing agreement (DPA) and SCCs in place
  • No training of AI models on tio data
  • No use for OpenAI’s own purposes
  • Maximum retention: 30 days

 

**Images in Chat**
Uploaded images are transmitted to OpenAI Ireland Ltd. solely to analyze and respond to the user’s request.

  • No biometric identification
  • No facial recognition
  • No permanent storage by OpenAI
  • Images stored by tio health only within the Health Log
  • Users can delete images at any time

 

7.2 Firebase (Google Ireland Ltd.)

  • Authentication, Firestore, Cloud Messaging
  • Analytics strictly anonymized

 

Push notifications do not contain health data.

8. Subscriptions, In-App Purchases and Payment Processing

8.1 Paid Use and Subscription Models

The app is offered as a paid service. Users may choose between:

  • a **monthly subscription**, or
  • a **yearly subscription**.

Both subscription models include a **7-day free trial**. No charges apply during the trial period. Unless cancelled before the end of the trial, the subscription will automatically convert into the selected paid plan.

 

8.2 Billing via App Stores (In-App Purchases)

Subscriptions are billed exclusively via **in-app purchases** through the respective app stores:

  • Apple App Store (Apple Inc.)
  • Google Play Store (Google LLC)

 

The respective platform terms apply in addition:

 

tio health does **not** process or store any payment or credit card information.

 

8.3 Payment Processing via RevenueCat

For the technical handling, validation, and management of subscriptions, we use the third-party provider **RevenueCat**.

RevenueCat acts as a data processor within the meaning of the GDPR and communicates with both the app stores (Apple / Google) and tio health in order to:

  • verify subscription status,
  • manage trial periods,
  • correctly assign renewals, cancellations, or restorations.

 

Only data strictly necessary for subscription management is processed (e.g. anonymized user identifiers, product identifiers, subscription status).
**Payment data itself is not processed by tio health.**

Processing takes place in a secure environment in compliance with data protection requirements.

 

8.4 Legal Basis

Processing related to subscriptions is based on:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(f) GDPR (legitimate interest in secure and reliable payment processing)

9. No Further Data Sharing

No personal data is shared with insurers, doctors, employers, researchers, or other third parties.

10. Anonymized Evaluations

Fully anonymized and aggregated data may be used in the future for statistical or scientific analysis. No personal identification is possible.

11. Retention and Deletion

  • Data is retained as long as the account exists.  
  • Deletion requests are processed in accordance with GDPR requirements and result in full data removal.

12. Data Subject Rights

You have the rights under Arts. 15–21 GDPR, including access, rectification, deletion, and withdrawal of consent.

Contact: privacy@tiohealth.care

13. Supervisory Authority

You may lodge a complaint with a supervisory authority, in particular the Berlin Commissioner for Data Protection.

Legal notice

Privacy policy

Cookie settings

info@tiohealth.care

LinkedIn

©  2026. tio health UG