We understand privacy policies can be overwhelming. Here's what matters most:
This Privacy Policy ("Policy") outlines the practices and procedures of DawaTime™ ("we," "us," or "our") regarding the collection, use, and disclosure of personal and sensitive information through our mobile application (the "App") and its related services (collectively, the "Service"). Our commitment is to ensure the transparent and secure handling of your data.
By creating an account, accessing, or using the Service, you signify your acknowledgment and agreement to the terms of this Policy.
"Service" refers to the DawaTime™ mobile application and its related functionalities.
"Personal Data" refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, your name and email address.
"Sensitive Data" (or "Special Category Data" under GDPR) refers to health-related information provided by the user, including medication details.
"Data Controller" refers to the entity responsible for determining the purposes and means of processing personal data. For the purposes of this Policy, the Data Controller is Hamad AlKhalaf.
"Data Processor" refers to a natural or legal person who processes personal data on behalf of the Data Controller. In the context of our Service, our primary data processor is Google (for its Firebase services).
2.1. Applicability: This Policy applies to all users of the Service.
2.2. Governing Principles: This policy incorporates principles from major international data privacy regulations, including the General Data Protection Regulation (GDPR) and is intended to meet the requirements of app store platforms, including the Apple App Store and Google Play Store.
2.3. Local Regulations (Kuwait): This Policy is designed to comply with all applicable local laws, including Kuwait's Data Privacy Protection Regulation (No. 26 of 2024).
3.1. Account Information: To create and maintain an account, we collect your name and email address. Account authentication is managed by our Data Processor, Google Firebase Authentication. Passwords are hashed and are never stored in a readable format by us.
3.2. Medication Information (Sensitive Data): If you choose to provide it, you may provide specific details about your medications, including the medication's name, unit of measurement, dosage, frequency, current stock amount, refill alert thresholds, start dates, and adherence history (such as timestamps of when medications are marked as taken).
3.3. User Communications: We collect the content of any voluntary messages or feedback you submit through the Service.
3.4. Technical Information: To ensure functionality, security and service availability, we and our third-party service providers may process certain non-personally identifiable technical information, such as a unique device identifier, device type, operating system (including specific permission statuses required for core functionality, such as 'Exact Alarms' on Android), IP address and/or Geolocation data, version, and anonymized crash reports via Firebase Crashlytics. Additionally, we automatically collect and store your "App Version Number" and "Last Accessed Timestamp" when you open the App. This data is essential for managing system updates, troubleshooting compatibility issues, and ensuring safe data migration.
3.5. System Data and Compliance Tracking: In addition to the above, we collect and store specific data points to enhance user experience and ensure legal compliance:
(a) FCM Tokens (Firebase Cloud Messaging): To enable the delivery of push notifications, specifically for app update notifications.
(b) Language Preferences: We store your selection ("preferredLanguage") (Arabic or English) to ensure the App interface persists in your chosen language.
(c) Legal Acceptance Records: To track your agreement to our legal documents, we record the "acceptedTermsVersion", "acceptedPrivacyVersion", and the "legalAcceptanceDate" (ISO timestamp).
(d) Refill Preferences: To enable customization, we store your settings for "refillReminderDay" (1-7) and "refillReminderTime" (HH:mm).
Legal Basis: Legitimate Interests (for FCM tokens and Language); Legal Obligation (for Compliance Tracking); and Performance of a Contract (for Refill Preferences).
4.1. Performance of a Contract: The legal basis for processing your Account Information is the necessity to perform the contract established with you when you agree to our Terms and Conditions. This is necessary for the creation, management, and provision of the Service.
4.2. Explicit Consent: The processing of Sensitive Data (Medication Information) is based on your explicit and informed consent. You provide this consent through a clear, affirmative action (e.g., ticking a checkbox or pressing an "Agree" button) before you can enter any health-related data. We do not process any Sensitive Data without this prior consent. You may withdraw this consent at any time by deleting your account, at which point the processing of this data will cease.
4.3. Legitimate Interests: We process your email address for essential account communications and technical information and user communications for the legitimate interests of maintaining and improving the Service, (b) providing customer support, (c) ensuring the security of the platform, (d) protecting our legal rights, and (e) monitoring app version adoption rates to plan system maintenance and safe migrations.
4.4 Location and IP-Based Access Restrictions: We may use your IP address and/or Geolocation data to determine your location for purposes including, but not limited to, compliance with regional legal requirements, service availability, and security protocols. Access to our app and its services is strictly prohibited for users or individuals located in, or accessing from, the State of Israel or attempting to access the app from an IP address originating in that region. This includes individuals who are physically present in Israel or whose IP addresses are identified as originating from Israel. If we detect access attempts from such locations, we may block or restrict your access, and use of our app and its services immediately.
5.1. Service Provision: To deliver the core functionalities of the App, including setting up and authenticating your account, enabling you to input medication data, providing medication and refill reminders, tracking inventory levels, and synchronizing your data across devices.
Legal Basis: Performance of a Contract; Explicit Consent (for Sensitive Data).
5.2. Customer Support: To respond to your inquiries, provide support, and resolve issues you report.
Legal Basis: Legitimate Interests.
5.3. Account Management & Essential Communications: To send you essential administrative or account-related communications, such as updates to our Terms or Policy, security notices, or other transactional messages. These communications are not for marketing purposes.
Legal Basis: Legitimate Interests; Performance of a Contract.
5.4. Service Improvement and Security: To analyze anonymized and aggregated technical data to identify and fix bugs, understand usage patterns, improve the user experience, monitor the security and integrity of our Service, and tracking active app versions to identify users who may require update support or to prevent service disruptions during system upgrades.
Legal Basis: Legitimate Interests.
6.1. Platform and Security: The Service is built on our Data Processor, Google Firebase. We may also utilize trusted third-party service providers for customer support and network security purposes. All Personal and Sensitive Data is encrypted in transit (using Transport Layer Security - TLS) and at rest on Google's secure servers. We have implemented appropriate technical and organizational measures designed to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
6.2. International Data Transfers: Your data may be processed in jurisdictions outside your country of residence, including the United States and the European Union. Firebase utilizes Standard Contractual Clauses (SCCs) to ensure data protection equivalence to GDPR standards. Your use of the Service constitutes your acknowledgment of and agreement to such transfers.
6.3. User Responsibility: You are responsible for maintaining the confidentiality of your account password. We encourage the use of strong, unique passwords. You agree to notify us immediately of any unauthorized use of your password or account or any other breach of security. Users are encouraged to regularly back up their medication schedule where possible, as the Service is not a system of record.
7.1. Retention Period: We retain your Personal and Sensitive Data only for as long as is necessary to provide the Service to you and for the purposes set out in this Policy, which is generally for the duration that your account is active.
7.2. Account Deletion: Upon your deletion of the account via the in-app feature, we will initiate the process to permanently delete your data from our live systems. This process will be completed within a maximum of 30 days.
7.3. Exceptions: We may retain minimal information post-deletion only if required to comply with our legal obligations, for dispute resolution, or to enforce our Terms. For example, we may retain a record of a deletion request. Anonymized technical data, which cannot be linked to you, may be retained for statistical analysis.
Depending on your location, you may have the following rights concerning your personal data:
The Right to Access: The right to request a copy of the personal data we hold about you.
The Right to Rectification: The right to request that we correct any inaccurate or incomplete data. You can update most of your Account Information directly within the app's settings.
The Right to Erasure (Right to be Forgotten): The right to request the deletion of your account and personal data, which can be exercised via the in-app feature.
The Right to Data Portability: The right to request your data in a structured, commonly used, and machine-readable format.
The Right to Restrict Processing: The right to request a temporary halt to data processing under certain conditions.
The Right to Withdraw Consent: The right to withdraw your consent for processing Sensitive Data at any time by deleting your account. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
The Right to Object: The right to object to our processing of your personal data where we are relying on a legitimate interest as the legal basis.
The Right to Lodge a Complaint: The right to lodge a complaint with a data protection authority in your jurisdiction if you believe our processing of your personal data infringes applicable law.
To exercise these rights (other than those directly available within the app), please contact the Data Controller at the email address provided in Article 10. We may need to request specific information from you to help us confirm your identity before processing your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
The Service is not intended for or directed at individuals under the age of 18 (or the relevant age of majority in their jurisdiction). We do not knowingly collect data from children. Account creation requires self-declaration and confirmation that the user is 18 years of age or older. If we become aware of data collection from a child, we will take immediate steps to delete it.
10.1. Data Controller: The data controller for your personal data is Hamad AlKhalaf, located in Kuwait.
10.2. Contact: For any questions or to exercise your rights under this Policy, please contact the Data Controller at dawatime.legal@hamadalkhalaf.com.
We reserve the right to amend this Privacy Policy. We will notify you of any changes by posting the new Policy within the Service. Material changes will be communicated through a more prominent notice, such as an in-app pop-up notification the next time you use the Service or by sending a notification to the email address associated with your account. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted within the App.