Datenschutzerklärung

Privacy Policy — GDPR (Articles 12-14)

1. Responsible Party (Verantwortlicher)

[Company Name], [Address], [Email], represented by [Name].
Responsible for data protection: [Name / DPO contact].

2. What Data We Collect

  • Account data: email address (for login).
  • Medical profile: your oncology specialty (LANR), patient volume, treatment experience. This data is encrypted client-side with a key only you hold — we cannot read it.
  • Wallet address: your embedded wallet address (for compensation).
  • Study matches: which studies you matched and participated in, including zero-knowledge proofs.
  • Audit logs: records of data access (retained up to 12 months for security).

3. How We Process Your Data (Art. 13)

  • Profile matching: your encrypted answers are matched against study criteria using zero-knowledge proofs. Your plaintext answers never leave your device.
  • Study participation: when you participate, a proof is generated and stored (score + fields used — no personal data beyond that).
  • Compensation: processed via your wallet address.

4. Legal Basis (Art. 6)

  • Consent (Art. 6(1)(a)): you explicitly consent to profile processing, study matching, and compensation.
  • Special category data (Art. 9): medical profile data is processed under your explicit consent.

5. Your Rights (Art. 15-22)

  • Right of access (Art. 15): download all your data in Settings → "Download my data".
  • Right to erasure (Art. 17): delete your account in Settings → "Delete my account". Your proofs will be anonymized.
  • Right to withdraw consent (Art. 7(3)): withdraw consent in Settings at any time.
  • Right to rectification (Art. 16): correct your data via your profile.
  • Right to data portability (Art. 20): export your data in JSON format.
  • Right to object (Art. 21): contact us to object to specific processing.

6. International Data Transfers (Art. 44-49)

Your data is processed by:
Vox Medica servers (hosted on Vercel, EU region).
Database (Neon, Frankfurt / eu-central-1).
Privy (authentication provider, US-based) — your email is sent for login verification. Standard Contractual Clauses are in place. TODO: LEGAL REVIEW — confirm SCCs.

7. Data Retention

  • Profile + participations: deleted when you delete your account.
  • Proofs: anonymized (not deleted) to preserve verifiability for pharma clients.
  • Audit logs: retained up to 12 months, then purged.
  • Inactive accounts: TODO: LEGAL REVIEW — define inactivity period.

8. Data Security (Art. 32)

Medical profiles are encrypted with AES-256-GCM using keys derived from your wallet (zero-knowledge-to-server architecture). Authentication via Privy JWKS verification. Audit logging on all data access.

9. Contact

For privacy questions or to exercise your rights: [privacy@voxmedica.de]
Supervisory authority: [TODO: insert relevant Landesdatenschutzbehorde]

va677da12