Privacy Policy

1. Data Controller

Data Controller: Mohamad Sakkal

Trading as: MS Systems

Location: Vienna, Austria

The Controller has not appointed a Data Protection Officer as the processing does not meet the thresholds requiring such appointment under Article 37 GDPR.

2. Legal Framework

This policy is governed by:

Regulation (EU) 2016/679 (General Data Protection Regulation - "GDPR")
Austrian Data Protection Act (Datenschutzgesetz - DSG)
Apple App Store Guidelines (including HealthKit requirements)

                 Health Data Notice: This App processes Special Category Data (health data) under Article 9 GDPR. Such processing is only permitted with your explicit consent.
            

3. Age Requirement

This Service is intended for users aged 16 years or older, in accordance with Article 8 GDPR regarding the age of digital consent. By using this App, you confirm that you are at least 16 years of age.

4. Data We Collect

4.1 Data You Provide

Data Category	Examples	Classification
Journal Entries	Daily experiences, moods, symptoms	Health Data
Behavioral Patterns	Sensory overload, energy levels, burnout	Health Data
Mood & Intensity	Mood ratings (1-5), symptom intensity	Health Data
Medication Logs	Names, dosages, timing, effectiveness	Health Data
Life Goals	Personal goals, challenges, strategies	Personal Data

4.2 Apple HealthKit Data

With your explicit permission, we access:

HealthKit Data	Purpose
Sleep Analysis	Correlate rest patterns with symptoms
Step Count	Track activity vs. energy levels
Heart Rate (BPM)	Identify physiological stress markers

                 Apple HealthKit Compliance:

                HealthKit data will NOT be used for advertising, data mining, or sold to third parties. It is used solely to provide health insights within the App.

4.3 Technical Data

Data Type	Purpose	Retention
Error Logs	Debugging and stability	30 days
App Preferences	Store your settings	Until app deletion

5. AI Processing

                 Important: AI analysis is the core functionality of this Service. To use the App, you must consent to the processing of your entries by AI systems.
            

How It Works

When you request AI analysis:

Only recent journal entries are selected (limited to the most relevant entries)
Selected content is transmitted securely to AI services
AI generates insights and recommendations
Data is processed transiently in memory and discarded immediately

What We Send to AI

Sent	NOT Sent
Journal entry text	Your name or identity
Mood scores	Email address
Pattern descriptions	Device identifiers
Contextual notes	Raw HealthKit data

AI Service Providers

Provider	Service	Location
Amazon Web Services	AWS Bedrock (Nova Pro)	EU inference endpoint

                 Data Security:

                Data sent to AI services is processed transiently in memory and discarded immediately after generating a response. It is not stored by AWS, and is not used to train AI models.

6. Data Storage & Security

Local Storage

The majority of your data is stored locally on your device using Apple's Core Data framework with:

iOS Data Protection (encrypted at rest)
Keychain storage for sensitive credentials
No unencrypted export of health data

Security Measures

TLS 1.3 encryption for all API communications
AWS SigV4 request signing
Data minimization (only necessary data transmitted)
Purpose limitation (data used only for stated purposes)

7. Data Retention

Data Category	Retention Period
Journal Entries, Patterns, Medications	Until you delete them
HealthKit Data (cached)	Until you revoke permission
AI-Generated Insights	Until you delete them
Technical Logs	30 days (automatic)

8. Your Rights Under GDPR

Right	How to Exercise
Access (Art. 15)	View all data in-app or request a copy
Rectification (Art. 16)	Edit entries directly in the App
Erasure (Art. 17)	Delete entries in-app or request full deletion
Data Portability (Art. 20)	Export to JSON/CSV in Settings
Withdraw Consent (Art. 7)	Stop using app and contact us for data deletion
Lodge Complaint (Art. 77)	Contact Austrian DPA (see below)

Austrian Data Protection Authority

Österreichische Datenschutzbehörde

Barichgasse 40-42

1030 Vienna, Austria

Email: dsb@dsb.gv.at

Website: www.dsb.gv.at

9. Summary

Who we are	Mohamad Sakkal (MS Systems), Vienna, Austria
What we collect	Journal entries, patterns, mood, HealthKit (with permission)
Why	AI-powered behavioral pattern analysis
Legal basis	Your explicit consent (required for health data)
Where data goes	Stored locally; AI processing is transient (not stored)
Retention	Until you delete; logs for 30 days
Age requirement	16 years or older

10. Contact

For questions or to exercise your rights:

Email: admin@ms-dev.app

We respond within 30 days as required by GDPR.