§ Privacy
Privacy Policy
Effective date: 2026-06-05 · Operator: DJUMP, MB · Klaipėda, Lithuania
1. Information We Collect
| Data type | Purpose |
|---|---|
| Waitlist email | Notify you when the iOS and Android apps launch (pre-launch only) |
| Contact-form name, email, message | Reply to your inquiry |
| Account email | Account creation and authentication (after launch) |
| Display name | User profile display inside the app |
| Blood pressure readings | Core functionality — recording BP history, trends, and reports |
| BP goal settings | Personalized health targets |
| Push notification token | Measurement reminders (opt-in only) |
| Device information | Anonymous analytics to improve the app (via PostHog) |
| Website usage (page views, referrer) | Aggregate, cookieless website analytics (via Vercel Web Analytics) |
2. Information We Do Not Collect
- We do not collect payment or credit card information. All payments after launch are processed by Apple (App Store) or Google (Google Play) through RevenueCat.
- We do not collect or share your health data with third parties. Your blood pressure records are private and accessible only to you.
- We do not collect location data, contact lists, or photos.
- We do not sell health data to insurers, advertisers, or data brokers — full stop.
3. How We Use Your Information
- Provide core app functionality (recording BP readings, AHA categorization, trend analysis).
- Authenticate your account and sync data across devices.
- Store your BP history for trend analysis and the doctor-export PDF.
- Send the opt-in twice-daily measurement reminder.
- Send the one-time launch notification if you joined the pre-launch waitlist.
- Analyze anonymous usage patterns to improve the experience.
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Consent — You provide consent when joining the waitlist, creating an account, and opting into notifications.
- Contract performance — Processing is necessary to provide the blood pressure tracking service you requested.
- Legitimate interest — We use anonymous analytics to improve app performance and the user experience.
5. Data Storage and Security
Your data is stored securely using Supabase with row-level security (RLS), meaning only you can access your own blood pressure records. All data is transmitted over HTTPS. We use industry-standard security practices to protect your information. We do not sell, rent, or share your personal data with third parties for marketing purposes.
Waitlist email addresses are handled by our transactional email provider Resend — used to deliver the confirmation reply and to send the one-time launch announcement. Your address is stored in our Resend contact list for that single purpose. We do not sell, share, or remarket waitlist addresses to anyone. To unsubscribe or remove yours at any time, email start@djump.io.
6. Third-Party Services
- Supabase — Authentication, database hosting, and data storage with row-level security (EU region).
- Resend — Transactional email (waitlist confirmations, contact-form delivery).
- RevenueCat — Subscription and payment management (processes payments through Apple/Google) after launch.
- PostHog — Anonymous usage analytics to improve the app.
- Vercel — Website hosting and privacy-friendly, cookieless website analytics (aggregate page views and referrers; no cookies, no cross-site tracking, no personal data).
- Apple / Google — OAuth sign-in providers and payment processing.
7. Data Retention
- Account data is retained for as long as your account is active.
- If your account is inactive for 24 months, we may delete your data after providing notice.
- When you delete your account, all associated data (blood pressure readings, profile information, goals, settings) is permanently removed within 30 days.
- Anonymous, aggregated analytics data may be retained for product improvement.
8. International Data Transfers
Your data is primarily stored in the EU via Supabase. Some sub-processors (PostHog, Resend, RevenueCat) may process limited data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.
9. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the following rights:
- Right of access — Request a copy of your personal data.
- Right to rectification — Correct inaccurate personal data.
- Right to erasure — Request deletion of your personal data.
- Right to data portability — Receive your data in a structured, machine-readable format.
- Right to restrict processing — Request limitation of how we process your data.
- Right to withdraw consent — Withdraw consent at any time without affecting prior processing.
After launch you can delete your account directly within the app under Settings, which will permanently remove all your blood pressure records and personal information. You can also contact us at start@djump.io for any data-related request. You have the right to lodge a complaint with a supervisory authority (in Lithuania, the State Data Protection Inspectorate).
10. Children's Privacy
BPTally is not intended for children under 14 (the digital age of consent in Lithuania). We do not knowingly collect personal data from children under 14. If you believe a child under 14 has provided us with personal information, please contact us so we can remove it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by updating the effective date above.
12. Contact
| Data Controller | DJUMP, MB |
|---|---|
| Address | Šilutės pl. 35G-36, LT-94105 Klaipėda, Lithuania |
| start@djump.io |