au au
Your buddy whenyou're feeling sick
au au - your buddy when you're feeling sick - app logo for explaining medical reports

Privacy Policy

Effective from: August 20, 2025

Trust is key. That's why in the au au app we protect your privacy with maximum care. These policies describe how we handle your personal data – especially that which relates to your health.

1. Who are we?

The au au app is operated by Lucid Solutions Designers, s.r.o., ID 23715065, with registered office at č.p. 11, 507 71 Úhlejov, as the controller of personal data within the meaning of Article 4(7) GDPR.

The controller of your personal data is Lucid Solutions Designers s.r.o., ID 23715065, Úhlejov 11, 507 71 Úhlejov (hereinafter referred to as the "Controller").

Contact for questions regarding personal data protection:

Email: lucidsolutiondesigners@gmail.com

Address: č.p. 11, 507 71 Úhlejov

2. What data do we process?

We only process data that is necessary for the app and services to function:

Basic identification and contact:

email, display name/nickname, account ID.

Usage and device data:

logs, IP, device type/OS, language, telemetry necessary for operation.

Health data (sensitive, Art. 9 GDPR):

content of uploaded medical reports and attachments, diagnoses, medications, recommendations, your notes and timeline.

Optional preferences:

e.g. medication reminders, dietary restrictions, etc.

3. What we use data for and on what legal basis
PurposeLegal basisWhat it means
Creating and managing account, providing app features (translation/explanation of reports, timeline, notifications, sharing)Contract performance (Art. 6(1)(b))service doesn't work without this data
Processing health data (uploaded reports, AI explanation)Explicit consent (Art. 9(2)(a)) + Art. 6(1)(a)consent can be withdrawn anytime in Settings
Security, abuse prevention, logging, availability testingLegitimate interest (Art. 6(1)(f))minimal impact, right to object
Fulfilling legal obligations (accounting, IT security)Legal obligation (Art. 6(1)(c))e.g. tax documents
4. How AI works and data minimization

Reports you submit for processing go through preprocessing (removal of identifiers where possible) and are passed to a contractual processor providing AI computing services.

During processing we use pseudonymization (GDPR Art. 4(5)). We therefore do not consider the data anonymous.

You can save the original uploaded document to your account (if the feature is active) or choose one-time processing without saving. If you save, the original is encrypted and stored on our servers in EU/EEA.

We do not train AI models on your personal data. Outputs are exclusively for your information.

AI processing does not replace medical care and is supportive in nature.

5. Who has access to data (recipients / processors)

Our employees and contractual collaborators on a "need-to-know" basis.

Processors (hosting, databases, AI computing, email): [to be completed with list/types, location, EU/EEA]. All have DPAs concluded per Art. 28 GDPR.

We do not transfer outside EEA unless: an adequacy decision applies (Art. 45) or standard contractual clauses (Art. 46). In such case we will inform you in this section.

6. Retention period

Account and app data: for the duration of the service, then deletion within 30 days.

Security and operational logs: 90–180 days.

Tax and accounting documents: 5–10 years per Czech law.

Data processed based on consent: until consent is withdrawn (immediate stop) + archival record of consent.

7. Your rights

Access, rectification, erasure, restriction, objection, portability (Arts. 15–21).

Withdraw consent anytime in Settings or by email.

Complaint to ÚOOÚ (www.uoou.cz).

Procedure: write to lucidsolutiondesigners@gmail.com. For data protection reasons we may request identity verification. We will respond within 30 days.

8. Children

The service is not intended for persons under 18 years of age. If we find that a child's account has been created, we will immediately delete it (also immediately upon request from a legal representative).

9. Security

Encryption at rest and in transit, separate storage of identity and health data, access control, audit logs, regular security testing (Art. 32).

In case of an incident we will assess impacts and if necessary notify ÚOOÚ within 72 hours and affected persons (Arts. 33–34).

10. Cookies and similar technologies

We use necessary cookies for login and security (without consent).

Optional (analytical/functional/marketing) only with consent; settings can be changed anytime in the Cookie bar.

11. Sharing explanations

Sharing (e.g. with a loved one or doctor) is fully under your control. You can revoke permissions anytime in the app; revocation takes effect immediately.

12. Impact assessment (DPIA) and records

For processing health data and AI we conduct DPIA (Art. 35) and maintain records of processing activities (Art. 30). These documents are available to the supervisory authority.

13. Policy changes

Current version is always in the app. For material changes we will notify you at least 30 days in advance (in-app + email).

Effective date: August 20, 2025

Privacy contact

Lucid Solutions Designers s.r.o.

lucidsolutiondesigners@gmail.com

Úhlejov 11, 507 71 Úhlejov, ČR