Privacy Policy

1. Data Controller

The data controller for the processing of your personal data is medtek.ki, a company registered in Norway. For questions about data protection, contact us at support@medtek.ki

2. Data We Collect

Account information:

• Email address
• Name (if provided)
• Country and regulatory region (for relevant guidance)
• Professional role

Usage data:

• Chat conversations (text messages you send and AI responses)
• Photos you upload of device nameplates, error screens, or equipment
• Work order drafts generated from conversations
• Device identifiers extracted from photos (serial numbers, model numbers, etc.)

Technical data:

• Browser type and device information
• IP address
• Usage patterns (pages visited, features used)

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

• Performance of contract (Art. 6(1)(b)) — processing necessary to provide the Service, including sending your messages to our AI provider, storing conversations, and generating work order drafts.
• Legitimate interest (Art. 6(1)(f)) — improving the Service, using past conversation context to provide more relevant AI responses, security monitoring, and fraud prevention.
• Legal obligation (Art. 6(1)(c)) — retaining records as required by applicable law.
• Consent (Art. 6(1)(a)) — where applicable, for optional features or communications. You may withdraw consent at any time.

4. How We Use Your Data

• To provide the Service: your conversations are sent to our AI provider (Anthropic/Claude) for generating responses.
• To improve your experience: past conversation context helps the AI give more relevant suggestions for devices you frequently work on.
• To send you important service-related communications.

5. Third-Party Services (Sub-Processors)

We use the following third-party services to provide and operate the Service. We have data processing agreements (DPAs) in place with these providers where required by GDPR:

• Anthropic (Claude AI) — processes your chat messages and images to generate responses. Based in the United States.
• Supabase — hosts our database and authentication. Data stored in EU region.
• Vercel — hosts our web application. Based in the United States.

6. International Data Transfers

Some of our sub-processors are based in the United States. When your data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework (DPF) certification of the receiving party, or
• Standard Contractual Clauses (SCCs) approved by the European Commission, or
• Other valid transfer mechanisms under GDPR Chapter V.

You may request information about the specific safeguards in place by contacting us at support@medtek.ki

7. Data Storage and Retention

• Account and conversation data is stored in Supabase's EU region infrastructure.
• Conversations and work order drafts are retained as long as your account is active.
• You can delete individual conversations from the app at any time.
• If you delete your account, we will delete your personal data within 30 days, except where retention is required by applicable law.
• Technical logs are retained for up to 90 days for security and debugging purposes.

8. Automated Decision-Making (GDPR Article 22)

The Service uses AI to generate troubleshooting suggestions and work order drafts. This constitutes automated processing but does not produce legal effects or similarly significant effects on you. AI-generated content is advisory only — you make all final decisions about device repairs and work order submissions. No automated decisions are made about your account status or access based solely on automated processing.

9. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure— request deletion of your data ("right to be forgotten")
• Data portability — receive your data in a structured, machine-readable format
• Restriction — restrict processing of your data in certain circumstances
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise these rights, contact us at support@medtek.ki. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with your local data protection authority. For users in the EEA, this includes the supervisory authority in your country of residence.

10. Photos and Images

Photos you upload are:

• Sent to Anthropic for AI analysis during your chat session
• Not stored permanently on our servers after processing
• Your responsibility to ensure they do not contain patient-identifiable information (PHI/PII)

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), row-level security in our database, secure authentication, and access controls. However, no system is 100% secure. You are responsible for keeping your login credentials confidential. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority as required by GDPR Articles 33 and 34.

12. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and do not require consent under GDPR. We do not use tracking, analytics, or advertising cookies.

13. Children

The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice at least 30 days before the changes take effect. The "Last updated" date at the top reflects the most recent revision.

15. Contact

For questions about this Privacy Policy or to exercise your data protection rights, contact us at support@medtek.ki