GDPR‑Ready Dr Quack Privacy Policy

Effective Date: March 4, 2026
Controller: Dávid Kelen (“we,” “our,” “us”)
Contact Email: 

support@davidkelen.com

This Privacy Policy explains how we process personal data when you use the Dr Quack mobile application (“App”), in line with the EU and UK General Data Protection Regulation (GDPR).

1. Data We Collect

We collect and process the following categories of personal data:

• Account data: Email address and password (for account creation, login, and security).

• Health and body data: Height and weight (for calorie calculations and progress metrics).

• Doctor or lifestyle data: Either your doctor’s calorie recommendation, or your age and activity level (only one of these data sets is stored at a time).

• Gender: To tailor health and nutritional calculations.

• Meal and reminder data: Meal names and meal times you configure so we can send reminders and push notifications.

• Customization data: Optional name you assign to your in‑app Goose companion.

Because some of this information relates to health, it may be considered special category data under GDPR.

2. Purposes and Legal Bases

We process your personal data for the following purposes under GDPR:

• To create and manage your account, and provide core app functionality (performance of a contract, Article 6(1)(b)).​

• To calculate calorie targets and provide health‑related insights (your explicit consent, Articles 6(1)(a) and 9(2)(a) for health data).

• To send meal reminders and push notifications you enable (consent, Article 6(1)(a)).

• To maintain and improve the App, including security and reliability (legitimate interests, Article 6(1)(f)).​

You can withdraw your consent at any time in the app settings or by contacting us, without affecting the lawfulness of processing before withdrawal.

3. Data Storage, Security, and Firebase

Your data is stored and encrypted in Google Firebase, which acts as our data processor under GDPR.

• We use industry‑standard technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

• Firebase provides GDPR‑ready data processing and security terms, and processes your data only on our documented instructions.

Your information is never shared or sold to third parties for their own marketing or commercial purposes, and will only be shared or disclosed if you give prior written consent or where required by law.

4. Data Sharing and International Transfers

• We may share data with service providers strictly necessary to operate the App (such as Firebase), who act as processors and are bound by data protection agreements.

• Some data may be stored or processed outside the EU/EEA (for example, on Google’s servers), in which case appropriate safeguards such as Standard Contractual Clauses are used to protect your data.

We do not allow processors to use your data for their own purposes.

5. Data Retention and Deletion

We retain your personal data only for as long as your account is active or as needed to provide the App, or as required by law.

You can delete all personal information immediately at any time by entering your password and using the deletion option in the app’s Settings. Once you confirm deletion:

• Your account and associated data are flagged for permanent deletion from our systems.

• We instruct Firebase to delete the corresponding data in line with their deletion procedures.

6. Your GDPR Rights

If you are in the EU/EEA or UK, you have the following rights over your personal data:

• Right of access (to know what data we hold and how we process it).

• Right to rectification (to correct inaccurate or incomplete data).

• Right to erasure (“right to be forgotten”), including via in‑app deletion.

• Right to restriction of processing in certain circumstances.

• Right to data portability (to receive your data in a structured, commonly used format).

• Right to object to certain processing based on legitimate interests.

• Right to withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at 

support@davidkelen.com

. You also have the right to lodge a complaint with your local data protection authority.

7. Children’s Data

Dr Quack is not intended for children under the minimum age required by local law to consent to data processing without parental authorization (typically 16, or lower if allowed by a member state). If we learn we have collected data from a child without appropriate consent, we will delete it.

8. Changes to This Policy

We may update this Privacy Policy to reflect app changes, legal requirements, or guidance from data protection authorities. The latest version will always be available in the App. If we make material changes, we will notify you in the App or by email before they take effect.

9. Contact

If you have any questions or requests about this Privacy Policy or your personal data, you can contact us at:
Email: 

support@davidkelen.com