MedControl Privacy Policy

Last updated: 12-11-2025

1. Introduction and Commitment to Trust

Welcome to MedControl.

We understand that the information you manage in our application is extremely sensitive. Therefore, our philosophy is based on radical transparency: we want you to understand exactly what data we collect, why we need it for the app to function, and where we draw the red line to protect your medical privacy.

By using the MedControl application («the App»), you accept the practices described in this policy.

Data Controller:

SHELBY CODE SL

Calle Rio Duero 33, 1C, 28913, Leganés, Spain.

Contact email: appmedcontrol@gmail.com

2. What Data We Collect and Where It Is Stored

To offer you synchronization, backup, and caregiver mode features, MedControl operates as a cloud service.

A. Information You Provide to Us (Health and Profile Data)

This data is voluntarily entered by you and is necessary for the main functionality of the App. It is securely stored on our cloud servers (certified providers) to allow you to access it from multiple devices or recover it if you lose your phone.

  • Account Data: Name, email, password (encrypted), and basic profile data (weight, height, gender) for health calculations.
  • Medical and Treatment Data: Medication names, dosages, frequencies, pharmacy stock, intake logs, and adherence.
  • Health Diary: Vital signs records (blood pressure, glucose, etc.), symptoms, and text notes.
  • Multimedia Files and Documents:
    • Images/Photos: Photos of medications, prescriptions, or medical reports you decide to upload.
    • Audio: Voice notes recorded in the symptom diary.
    • Documents: PDF files or analytics imported into the medical library.

Privacy Guarantee: This health data and multimedia files are used exclusively to provide the health management service. We NEVER share your medical history, prescriptions, or health data with advertisers or third parties for commercial purposes.

B. Technical Information Collected Automatically (Device Data)

To keep the application free, secure, and bug-free, we use third-party services (Google AdMob and Google Analytics) that collect technical data.

  • Device Identifiers: Android Advertising ID (AAID), App Instance ID, and IP addresses.
  • Usage and Performance Data: Crash logs, performance diagnostics, app interactions (which screens you visit), and in-app search history (terms searched to find medications).
  • Approximate Location: Derived from the IP address (city/region level), used to show relevant advertising and prevent fraud. We do not collect your precise GPS location.

3. Purpose of Processing: Why Do We Use Your Data?

Purpose

Data Used

Legal Basis (GDPR)

Core Functionality: Cloud synchronization, medication management, backups, and caregiver mode.

Health Data, Account, Multimedia Files.

Performance of contract (Terms of Use).

Advertising (Free Service Maintenance): Show relevant ads and measure their effectiveness via Google AdMob.

Device IDs, IP, Usage Data.

Consent (requested at app launch in regulated regions) or Legitimate Interest.

Analytics and Improvement: Understand how the app is used to fix bugs and improve features (Google Analytics).

Usage Data, Device IDs, Crash Logs.

Legitimate Business Interest.

Communications: Send service emails (password recovery) or support.

Email.

Performance of contract.

Optional Integrations: Synchronization with external calendar.

Reminder data.

Explicit Consent (upon activating the feature).

4. Data Sharing and Third Parties

We want to be very clear on this point. We distinguish between infrastructure, AI services, and advertising.

A. Infrastructure Providers (Data Processors)

We share your data with companies that provide essential technological services (hosting, database). These providers act under our strict instructions and are prohibited from using your data for their own purposes.

  • Google Firebase / Google Cloud Platform: For secure database hosting, user authentication, and file storage (images/PDFs/Audio).

B. Advanced Features and Artificial Intelligence

If you use the «AI Summary» feature, we process your data under strict privacy standards:

  • Technology: We use Google Vertex AI (Enterprise Platform).
  • Data Minimization: We only send health records (values, dates, medication names) from the range you select. We do not send account identifiers (like your email or User ID).
  • No-Training Guarantee: Google contractually guarantees that your data is NOT used to train or improve Google’s or third-party AI models. Your data is processed ephemerally to generate the summary and is not stored for other purposes.
  • Note: We recommend not including personal names or sensitive identifying data in free-text notes that will be processed by AI.

C. Optional Integrations

Google Calendar: Our application offers the optional functionality of synchronizing medical reminders with your Google Calendar.

  • What we share: If you activate this feature, the application will send limited information (reminder title, time, and notes) to the Google Calendar API to create events in a secondary calendar.
  • Limited Use Compliance: The use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

D. Advertising and Analytics Partners

To fund the free version of MedControl, we share only technical identifiers and device data (never health data) with:

  • Google AdMob: Advertising platform. May use your device’s advertising ID and approximate location to show you personalized or non-personalized ads, depending on your choice.
  • Google Analytics for Firebase: Analysis tool. Helps us detect on which screens the app crashes or which features are most popular.

You can check how Google uses data here: How Google uses information from sites or apps that use our services.

5. Data Security

We implement robust security measures to protect your information:

  • Encryption in Transit: All data traveling between your device and our servers (including photos, audio, and medical data) is transmitted encrypted using secure HTTPS/TLS protocol.
  • Encryption at Rest: Your data is stored encrypted on our servers.
  • Access Control: Access to servers is restricted and protected.

However, remember that no system is 100% infallible. We recommend protecting your account with a strong password and not sharing it.

6. Data Deletion and Your Rights

You have total control over your information.

Account Deletion:

You can request the complete deletion of your account and all associated data (medical history, files, images) at any time.

  • From the App: Go to Settings/Profile > Access and Security > Delete Account.
  • Via Web: Use our request form at https://medcontrol.es/remove-user-data/.
  • Consequence: Upon confirmation, your data will be permanently deleted from our active servers.

Region-Specific Rights:

  • Europe (GDPR): You have the right to access, rectify, port, and erase your data, as well as to limit or object to its processing. You have the right to lodge a complaint with a supervisory authority (such as the AEPD in Spain).
  • Brazil (LGPD): In accordance with the Lei Geral de Proteção de Dados, you have the right to confirm the existence of processing, access your data, correct incomplete or outdated data, anonymize, block, or delete unnecessary data, and revoke your consent at any time.
  • Mexico (ARCO Rights): You have the right to Access, Rectify, Cancel, or Oppose the processing of your personal data (ARCO Rights). To exercise these rights, you must submit a request via our contact email indicated below.
  • USA (CCPA/California): You have the right to know what data we collect, request its deletion, and opt-out of the «sale» of data (for advertising). MedControl will not discriminate against users who exercise these rights.
  • Asia and Rest of the World: We are committed to offering you the same high standard of protection required by the European GDPR. You can request access, correction, or deletion of your data by contacting us directly.

To exercise any of these rights, contact us at appmedcontrol@gmail.com.

7. International Transfers

Our servers may be located outside your country of residence (mainly on Google’s global infrastructure). By using MedControl, you consent to the transfer of your information to these facilities, which operate under high security standards and standard contractual clauses to ensure the protection of your data.

8. Children’s Privacy

MedControl is not designed to be used directly by children under 13 (or the minimum age in your jurisdiction). If you use the app to manage the health of a minor (Caregiver Mode), you, as the parent/guardian, are responsible for the data you enter about them.

9. Medical Disclaimer

IMPORTANT: MedControl is an information and reminder management tool.

  • Not a Doctor: The App does NOT provide medical advice, diagnosis, or treatment.
  • No Guarantees: While we strive for accuracy, we do not guarantee that the drug library or interaction analysis is error-free.
  • Consult a Professional: Never ignore professional medical advice or delay seeking it because of information seen in this App. For any doubts about your health or medication, always consult your doctor or pharmacist.

10. Contact

If you have questions about this Privacy Policy, wish to exercise your rights, or have any complaints about how we handle your data, please contact our team and Privacy Officer (Grievance Officer):

Email: appmedcontrol@gmail.com

Address: SHELBY CODE SL, Calle Rio Duero 33, 1C, 28913, Leganés, Spain.

 

en_USEnglish
es_ESEspañol en_USEnglish