Back to Home

Privacy Policy

KidneyBuddy

Last Updated: October 16, 2025

1. Introduction

Welcome to Kidney Buddy, a health management application designed to help users with IgA Nephropathy and Chronic Kidney Disease (CKD) track their health.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, available at kidneybuddy.app. Your privacy is critically important to us. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about this policy, or our practices with regards to your personal information, please contact us at info@kidneybuddy.com.

By using the Kidney Buddy application, you agree to the collection and use of information in accordance with this policy.

2. What Information We Collect

We collect several different types of information for various purposes to provide and improve our service to you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This includes:

  • Account Information: Username, Email Address (collected during registration).
  • Contact Information: WhatsApp Number (not required, but recommended for medication reminders).
  • Authentication Information: We use Google OAuth for user registration and sign-in. We receive your basic profile information from Google, such as your name and email address.

Health Data (Special Category Data)

As a health application, we collect sensitive health-related information. Under the GDPR, this is considered "special category data." We only collect this data with your explicit consent.

  • Kidney Health Data: CKD Stage, eGFR, Serum Creatinine, 24h Proteinuria, and physician notes from your lab results.
  • General Health Information: Allergies, current weight, height, fitness goals, and activity level.
  • Medication Information: Medication names, dosages, and scheduled times.
  • Tracked Health Metrics: Blood pressure readings, meal details (food, portion, protein, sodium, calories), exercise logs, and weekly weight.

Usage Data

We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

3. How We Use Your Information

We use the collected data for various purposes:

  • To Provide and Maintain our Service: To create and manage your account, and to provide the core features of the app, such as tracking your health data and displaying it on your dashboard.
  • To Personalize Your Experience: To provide you with personalized health tips and motivational messages.
  • To Provide AI-Powered Features: To generate personalized AI diet plans and to scan and extract data from your medical documents. Your data is shared with OpenAI's GPT-4 for these features.
  • To Send Reminders: To send you medication reminders via WhatsApp, if you provide your number.
  • To Communicate With You: To respond to your support requests and to send you important updates about the application.
  • To Improve Our Service: To analyze usage data to understand how our app is used and to identify areas for improvement.

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

  • Consent: We process your personal and health data based on your explicit consent, which you provide when you register for the service and when you input your health information. You have the right to withdraw your consent at any time.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests, such as for improving our Service.

5. Third-Party Services

We use third-party services to operate our application. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  • MongoDB: Our database provider, where all your personal and health data is stored.
  • OpenAI (GPT-4): Our AI service provider for generating diet plans and scanning documents. We send relevant health data to OpenAI's API to perform these tasks.
  • Google OAuth: For user authentication. We do not receive or store your Google password.
  • WhatsApp: For sending medication reminders. We share your WhatsApp number and medication schedule with their service.

6. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

As we use services from US-based companies like Google, OpenAI, and MongoDB, your data will be transferred to the United States. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of data from the EEA, we rely on appropriate safeguards, such as Standard Contractual Clauses.

7. Your Data Protection Rights

We are committed to ensuring you have full control over your data. You have the following data protection rights:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure: You have the right to request that we erase your personal data. We will delete your entire account and all associated data upon request.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA). If you are a resident of China, you have rights under the Personal Information Protection Law (PIPL). We extend these rights to all our users. To exercise any of these rights, please contact us at support@kidneybuddy.com.

8. Data Security

The security of your data is a top priority. We use administrative, technical, and physical security measures to help protect your personal information. We use encryption in transit (HTTPS) and at rest to protect your data. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

9. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies. You can delete your account at any time, and all your data will be permanently deleted from our servers.

10. Children's Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Return to Home