← HomeБългарски

Privacy Policy

Last updated: 2026-05-11

1. Who we are

Thyroid Rehab is an informational support tool for thyroid rehabilitation. Through the app, users receive a personalised daily plan, symptom tracking and information on supplements. For any data-related question please contact us at support@thyroidrehab.bg.

2. What data we collect

We collect the following categories of data:

  • Identification: name, email and profile image from the Google account used to sign in.
  • Health data: symptoms, energy, sleep, pain, mood, weight, journal entries, and blood markers (TSH, fT3, fT4, antibodies) when you voluntarily enter them.
  • Gamification: streaks of completed days, experience points and earned milestones.
  • Technical: push-notification tokens, IP address recorded when you acknowledge the health disclaimer, last login timestamp.

3. Why we collect it

The data is used only to generate your personalised plan, compute AI correlations between symptoms and nutrition, send reminders (push notifications) and present progress analytics inside the app. We do not engage in behavioural advertising and we do not profile users for marketing purposes.

4. Encryption of sensitive data

Blood markers are stored encrypted with AES-256-GCM in the database (at rest). All traffic between your device and our servers is protected with HTTPS/TLS (in transit). Access to the encryption key is limited to the server processes that read and write markers for your own account.

5. Who we share data with

We do not sell personal data. We share a limited dataset only with processors who provide the technical infrastructure:

  • Vercel — application hosting.
  • Turso — managed database.
  • Anthropic — processing of requests to the Claude model for recommendation generation. Requests do not contain personally identifiable information and are not used for model training.
  • Stripe — payment processing (for the future subscription). Payment data is handled directly by Stripe and is not stored on our servers.
  • Google — OAuth login and push notifications.

6. Your rights (GDPR)

Under Regulation (EU) 2016/679 (GDPR) you have the following rights:

  • Right of access to your personal data — Art. 15.
  • Right to rectification of inaccurate data — Art. 16.
  • Right to erasure (“right to be forgotten”) — Art. 17.
  • Right to data portability — Art. 20.
  • Right to withdraw consent at any time — Art. 7.

7. How to exercise your rights

You can exercise your rights by sending an email to support@thyroidrehab.bg. We respond within 30 days. For blood markers there is also a direct in-app consent withdrawal available in the “Settings” section, which automatically deletes all stored markers.

8. Data retention

Data is retained while your account is active. After an account deletion request the data is removed within 30 days. Records which we are legally required to retain longer (e.g. financial documents) are processed solely for the relevant purpose.

9. Changes to this policy

For material changes we will notify you by email and via in-app notification at least 14 days before the changes take effect. The current version of this policy is always available on this page.