Privacy Policy – SteadyTemp App

1. Introduction and Scope

This Privacy Policy describes how SteadySense GmbH (“SteadySense”, “we”, “us”, “our”) collects, uses, and protects personal and health-related data when you use the SteadyTemp App (“App”) - a mobile application designed for Home use by lay users in combination with the SteadyTemp continuous temperature sensing patch (“Patch”).

The App is a certified medical device, approved under:

EU Medical Device Directive (MDD) – CE-marked device
- GTIN iOS App: 09120095900151
- GTIN Android App: 09120095900168
US FDA 510(k) – cleared for use in the United States
- GTIN iOS App: 09120095900410
- GTIN Android App: 09120095900427

The App operates locally on your mobile device. No personal or health data are transmitted to SteadySense or any third parties.

This Policy applies globally and explains how data are handled within the App.

2. Controller and Contact

SteadySense GmbH

Johann-Schreiner-Strasse 3,

8074 Raaba-Grambach,

Austria

Tel: +43 316 232004

E-Mail: gdpr@steadysense.at

Website: https://www.steadysense.at

SteadySense is the manufacturer and responsible entity for the SteadyTemp App under EU and US regulatory frameworks.

3. Data Processed by the App

The App allows users to create a local user profile (e.g. nickname or identifier) and record body temperature data measured by the SteadySense patch. The app offers the option of adding personal information (date of birth, social security number, height, weight, etc.) to the user profile, but these entries are optional and are not required to use the app. Optionally, users can add notes such as symptoms, medication intake or activities.

All data categories are processed locally on your device only:

Data Category	Description	Where Stored
User Profile	Artificial username, nickname, or identifier	Locally on the device
User Profile (optional)	Date of birth, social security number, gender, height, weight	Locally on the device
Health Data	Temperature readings, symptoms, medication notes, activities	Locally on the device
Technical Data	Device type, app version, operating system, anonymized error logs	Locally or transmitted anonymously to error-monitoring tools

No real name, email address, or location data are required for App operation.

4. Data Processing Purpose and Legal Basis

EU Users

Processing of data on your device is based on:

Art. 6(1)(b) GDPR – performance of the contract (App functionality).
Art. 6(1)(f) GDPR – legitimate interest in ensuring App security and performance (for anonymized error reporting and analytics).
Art. 9(2)(a) GDPR – explicit consent for processing of health data (when entering temperature or health notes).

Your data never leave your device unless you manually export or back them up using the App’s export feature or your own tools (e.g. device backup).

US Users

Under applicable US regulations (FDA 510(k), FTC consumer protection standards), the App processes data only locally. SteadySense does not collect, receive, or store any identifiable information from US users.

5. Data Transmission and Storage

The App operates without transmitting identifiable or health-related data.
No cloud synchronization or remote backup is performed.
All information is stored within the App’s local storage on the device and not accessible from the outside.
Any manual export of data (e.g. PDF report generation) is under the user’s full control.

5a. Research Configuration

The App contains a research configuration that can be enabled for specific clinical investigations or research projects (e.g. clinical studies, validation trials). This research configuration can only be enabled on an individual device level by research personnel following instructions provided by SteadySense. This research configuration cannot be activated without user consent.

When activated:

Encrypted data transmission to a secure SteadySense research server located in the European Union via HTTPS.
Processing is limited to the scope of the study and complies with GDPR and applicable national research ethics laws.
Participants are informed separately and need to provide study-specific consent.
After the study, research data are anonymized or deleted according to the research protocol.

For all regular users of the SteadyTemp App, data transmission is permanently disabled.

6. Diagnostic and Performance Monitoring

To ensure technical stability, security, and proper regional configuration of the App, SteadySense uses the following third-party tools. None of these services collect or process health data or other information that could directly identify individual users.

All processing is limited to anonymous or pseudonymous technical data and serves legitimate interests in accordance with Art. 6(1)(f) GDPR — maintaining the App’s safety, quality, and regulatory compliance.

6.1 Sentry (Error Monitoring)

We use Sentry, a service operated by Functional Software, Inc. (USA), to collect anonymous technical information about App crashes and software errors. This helps us identify malfunctions, analyze performance, and improve App stability.

Sentry may receive anonymized technical data such as device model, operating system version, and error stack traces.
No health data, user-entered content, or personal identifiers (e.g., name, email, patient ID) are transmitted.
IP addresses are truncated and not stored in full.
The data are used solely for error diagnosis and system maintenance.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring App reliability). Privacy information: https://sentry.io/privacy/

6.2 Firebase Analytics (Usage Analytics)

The App uses Google Firebase Analytics, provided by Google Ireland Ltd., to gather aggregated, pseudonymized statistics on general App usage (for example, feature activation rates, navigation patterns, and session duration).

Firebase Analytics is configured without collection of personally identifiable information or protected health information (PHI).
No data are shared with Google Ads or other Google services.
IP anonymization is enabled, and all identifiers are pseudonymized.
The purpose is to understand App performance and improve usability without profiling or marketing.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in maintaining and improving App functionality). Privacy information: https://firebase.google.com/support/privacy

6.3 Firebase Remote Config (Regional App Configuration)

We use Firebase Remote Config (Google Ireland Ltd.) to dynamically retrieve non-personal configuration parameters that ensure the App operates according to the correct regional regulatory requirements (e.g., CE-marked EU version or FDA-cleared US version).

Remote Config fetches small configuration files from Firebase servers containing flags such as region, language, and feature enablement.
These requests include only standard technical metadata (e.g., truncated IP address, device type) necessary for delivery.
No personal or health data are transmitted to or stored by Firebase through this function.
Processing is limited to the legitimate interest of ensuring proper App behavior per region and regulatory context.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing region-appropriate, compliant App configurations). Privacy information: https://firebase.google.com/support/privacy

6.4 Data Retention for Diagnostic Services

Diagnostic and analytic data from these services are retained only for the minimum period required for technical evaluation, typically no longer than 90 days, after which they are aggregated or deleted.
These data cannot be used by SteadySense to identify or re-associate information with any individual user.

7. Data Retention and Deletion

All information is stored only on your mobile device. You can delete your data at any time by:

Deleting individual user profiles within the App, or
Removing individual entries connected to an individual user within the App, or
Uninstalling the App (which deletes all locally stored data).

SteadySense cannot recover deleted data.

8. User Rights

EU Users (under GDPR)

Even though SteadySense does not receive your data, you have the following rights regarding personal data processing performed on your device:

Right to withdraw consent for health data processing within the App.
Right to access, correct, or delete your data (via in-App functions).
Right to lodge a complaint with your local data protection authority, for example: Austrian Data Protection Authority Wickenburggasse 8–10, 1080 Vienna, Austria E-Mail: dsb@dsb.gv.at

US Users

You control all data stored in the App. No data are transmitted to SteadySense, and thus no centralized data access or deletion request mechanism is necessary. If you uninstall the App and clear App data in the settings of your device, all data are permanently removed.

9. Security

SteadySense applies strict security principles in the App design:

All locally stored data are encrypted and protected by the device’s native security features (e.g. iOS / Android sandboxing and encryption).
The App does not create external network connections or transmit identifiable data.
Diagnostic data (if collected) are fully anonymized.

We recommend keeping your mobile operating system up to date and protecting your device with a secure PIN, password, or biometric authentication.

10. Sharing and Third Parties

The App does not share, sell, or transfer any personal or health data to third parties.
No analytics, tracking, or advertising frameworks are used.
No cookies or identifiers are stored beyond what is essential for local App functionality.

11. International Transfers

Because data remain exclusively on your device, no international data transfers occur. SteadySense does not access or host user data in any country.

12. Children’s Data

The App is designed for adults. If you are under the age of 16 (EU) or under 12 (US), please use the App only under parental or guardian supervision.

13. External Links to Website or Webshop

The App may contain links to SteadySense’s official website or online shop for informational, product, or support purposes. When you follow such a link, you leave the App environment. Any processing of personal data that occurs on those external websites — for example through cookies, contact forms, or online purchases — is governed by the SteadySense Website Privacy Policy, available at:

https://www.steadytemp.health/dataprotection

The App does not transmit any personal or health data to those websites when opening the link.

14. Updates to This Policy

We may update this Policy to reflect technical or regulatory changes. The latest version is always available on https://www.steadytemp.health/dataprotection-home and within the App.

15. Contact

For any privacy-related questions or regulatory matters, please contact:

SteadySense GmbH

Johann-Schreiner-Strasse 3,

8074 Raaba-Grambach,

Austria

Tel: +43 316 232004

E-Mail: gdpr@steadysense.at

Last updated: 2025-11-13

Data Protection Regulation

Privacy Policy – SteadyTemp App

1. Introduction and Scope

2. Controller and Contact

3. Data Processed by the App

4. Data Processing Purpose and Legal Basis

EU Users

US Users

5. Data Transmission and Storage

5a. Research Configuration

6. Diagnostic and Performance Monitoring

6.1 Sentry (Error Monitoring)

6.2 Firebase Analytics (Usage Analytics)

6.3 Firebase Remote Config (Regional App Configuration)

6.4 Data Retention for Diagnostic Services

7. Data Retention and Deletion

8. User Rights

EU Users (under GDPR)

US Users

9. Security

10. Sharing and Third Parties

11. International Transfers

12. Children’s Data

13. External Links to Website or Webshop

14. Updates to This Policy

15. Contact