SelfQ

Privacy Policy

Last updated: 6/30/2026 · Version v1

This is a structured draft. Before going live, it must be reviewed by a lawyer and supplemented with the specific details of the controller.

1. Controller

AR Laurenz Partheymüller Schönberg 14 96257 Marktgraitz Germany Email: laurenz.copywriting@gmail.com

2. Data processed

  • Account data: first name, last name, email, password (hashed).
  • Health data (special category under Art. 9 GDPR): the symptoms you describe to generate your Qode.
  • Usage data: generated Qodes, activations, token allowance, consent logs.
  • Payment data: processed by the payment service provider Stripe. We only store customer number, subscription status and billing period.

3. Legal bases

  • Art. 6 (1) (b) GDPR — performance of contract for account and subscription.
  • Art. 9 (2) (a) GDPR — explicit consent for the processing of your health data (symptoms). This is obtained separately during onboarding and before the first symptom entry, and is logged in the app for every entry.
  • Art. 6 (1) (c) GDPR — statutory retention obligations for billing records.

4. Recipients / processors

  • Database, authentication: hosted within the EU on AWS in eu-central-1 (Frankfurt am Main, Germany). Encryption at rest and access only via Row-Level Security bound to your user ID. DPA pursuant to Art. 28 GDPR in place.
  • Qode generation (Edge Function): your symptom input is processed exclusively within the EU — in an Edge Function in eu-central-1 (Frankfurt am Main, Germany). There is no transfer to external AI providers outside the EU. The calculation is algorithmic without the use of third-party AI.
  • Stripe (payment processing): Stripe Payments Europe Ltd. (Ireland) and Stripe Inc. (USA). DPA and standard contractual clauses in place.
  • Lovable (application hosting): Cloudflare Workers / Lovable Cloud. DPA pursuant to Art. 28 GDPR.

5. Retention period

Account and health data are stored as long as your account exists. After account deletion, personal data is removed without delay. Billing and payment data is retained for up to ten years pursuant to § 147 AO / § 257 HGB.

6. Your rights

You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21), as well as the right to withdraw your consent with effect for the future (Art. 7 (3)). In the Account settings you will find the functions “Download my data” (Art. 20), “Revoke consent” (Art. 7) and “Delete account and all data” (Art. 17).

Settings

7. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is that of your habitual residence or place of work.

8. Cookies and local storage

We only use technically necessary cookies and local storage entries to maintain your sign-in and to store your cookie banner decision. There is no tracking or analysis by third parties.

9. No medical advice

SelfQ does not provide medical diagnosis and does not replace medical advice or treatment. If you have health concerns, please consult a doctor.

10. Contact

Please direct privacy inquiries to: laurenz.copywriting@gmail.com. Further contact details can be found in the Imprint. Imprint.