End User License Agreement (EULA)

1. Introduction

Welcome to Finito Medicine ("we," "our," or "the App"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile application and related services.

Finito Medicine is an AI-powered educational platform designed for medical students. By using our App, you agree to the collection and use of information in accordance with this Privacy Policy.

IMPORTANT: This App is intended for users aged 18 years and older. By using Finito Medicine, you confirm that you are at least 18 years of age.

2. Information We Collect

2.1 Personal Information You Provide

When you register and use our App, we may collect the following personal information:

• Account Information: Full name, email address, password (encrypted)
• Profile Information: Medical school name, country, semester, preferred language
• Authentication Data: Authentication tokens, session information
• User-Generated Content:
  • Chat messages and conversations with AI assistant
  • Voice recordings and transcriptions
  • Flash cards you create or import
  • Quiz responses and test results
  • Comments and ratings on shared content
  • Medical dictionary search queries

2.2 Automatically Collected Information

We automatically collect certain information when you use our App:

• Device Information: Device type, operating system, device identifiers (IDFA on iOS, Advertising ID on Android)
• Usage Data: App features used, time spent, interaction patterns, session duration
• Technical Data: IP address, browser type, app version, crash reports
• Location Data: Approximate location based on IP address (not precise GPS location)
• Analytics Data: User behavior, feature engagement, conversion metrics

2.3 Files and Media

When you use certain features, we may process:

• Audio Files: Voice recordings for transcription and summarization
• Documents: PDF, PPTX, DOCX files for AI-powered flash card and quiz generation
• Images: Photos and images attached to chat messages or flash cards

2.4 Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to enhance user experience, remember preferences, and analyze App usage.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Service Provision

• Account Management: Creating, maintaining, and authenticating your account
• AI Features: Providing AI-powered chat assistance, voice note transcription, flash card generation, and quiz creation
• Content Storage: Saving your flash cards, notes, chat history, and quiz results
• Personalization: Customizing content and recommendations based on your medical field and preferences

3.2 Service Improvement

• Analytics: Understanding how users interact with the App to improve features
• Performance Monitoring: Identifying and fixing technical issues, crashes, and bugs
• Feature Development: Developing new features based on user behavior and feedback

3.3 Communication

• Service Updates: Sending notifications about new features, updates, and announcements
• Customer Support: Responding to your inquiries and providing technical assistance
• Marketing: Sending promotional content about premium features (with your consent)

3.4 Legal and Security

• Fraud Prevention: Detecting and preventing fraudulent activity and abuse
• Legal Compliance: Complying with legal obligations and enforcing our Terms of Service
• Safety: Moderating user-generated content to maintain a safe educational environment

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services (Article 6(1)(b) GDPR)
• Consent: Where you have given explicit consent for specific purposes (Article 6(1)(a) GDPR)
• Legitimate Interests: For analytics, service improvement, and fraud prevention (Article 6(1)(f) GDPR)
• Legal Obligations: To comply with applicable laws and regulations (Article 6(1)(c) GDPR)

5. How We Share Your Information

We share your information only in the following circumstances:

5.1 Third-Party Service Providers

We use trusted third-party services to operate our App. These providers have access to your data only to perform specific tasks on our behalf:

Essential Services

• Supabase (Database, Authentication, File Storage): Data stored in Frankfurt, Germany
• OpenAI (AI Processing): For chat assistance, voice transcription, content generation, and medical dictionary features

Analytics and Performance

• Firebase Analytics & Crashlytics (Google): App usage analytics and crash reporting
• Mixpanel: User behavior analytics and engagement tracking
• Facebook Analytics: Campaign performance and attribution (only for users who authorize App Tracking Transparency)

Subscription Management

• RevenueCat: Managing in-app purchases and premium subscriptions
• Apple App Store / Google Play Store: Payment processing

Communications

• OneSignal: Push notifications and user engagement messages

Advertising (Premium Users Exempt)

• Google AdMob: Displaying ads to free-tier users (only for users who authorize App Tracking Transparency)

5.2 Data Sharing Limitations

Important:

We only share data with third-party advertising and analytics services for users who:

1. Have authorized App Tracking Transparency (ATT) on iOS
2. Have not opted out of personalized ads on Android

Users can control tracking preferences through device settings or in-app settings.

5.3 Community Features

When you share flash cards publicly:

• Your display name, school, and profile image (if provided) become visible to other users
• Other users can view, import, and rate your shared flash card sets
• You retain ownership of your content, but grant other users a license to use it for educational purposes

5.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Enforce our Terms of Service

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change via email or prominent notice in the App.

6. Data Storage and Security

6.1 Data Location

Your data is primarily stored on Supabase servers located in Frankfurt, Germany. This ensures compliance with European data protection standards.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict authentication and authorization protocols
• Secure Authentication: JWT tokens with automatic refresh mechanisms
• Regular Security Audits: Periodic security assessments and vulnerability testing
• Secure File Storage: Supabase Storage with access control policies
• Password Protection: Passwords hashed using industry-standard algorithms

6.3 Data Retention

• Active Accounts: We retain your data for as long as your account remains active
• Account Deletion: When you delete your account, all personal data is permanently deleted and cannot be recovered
• Legal Requirements: We may retain certain data if required by law or for legitimate business purposes (e.g., fraud prevention)

6.4 Data Deletion Process

When you request account deletion:

1. All chat messages, flash cards, voice notes, and quiz results are deleted
2. Your authentication credentials are permanently removed
3. Shared flash cards remain visible to users who imported them, but your authorship information is anonymized
4. Backup copies are deleted within 30 days

7. Your Privacy Rights

7.1 Rights Under GDPR (EU/EEA Users)

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting lawful processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt-out of the sale of personal information (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@finitoai.app. We will respond to your request within 30 days.

You can also:

• Delete your account directly from the App settings
• Manage notification preferences in-app or device settings
• Control app tracking via iOS ATT or Android ad settings

8. Children's Privacy

Finito Medicine is not intended for users under 18 years of age. We do not knowingly collect personal information from individuals under 18.

If we become aware that we have inadvertently collected data from a user under 18, we will:

1. Delete the account immediately
2. Permanently erase all associated data
3. Take steps to prevent future underage access

Parents or guardians who believe we may have collected information from a minor should contact us at support@finitoai.app.

9. Medical Information and AI Disclaimer

9.1 Educational Purpose Only

IMPORTANT NOTICE:

Finito Medicine is an educational tool designed to assist medical students in their studies. The AI-powered features are NOT intended to provide medical advice, diagnosis, or treatment.

9.2 No Medical Professional Relationship

Use of this App does not create a doctor-patient or healthcare provider-patient relationship. Always consult with qualified healthcare professionals for medical advice.

9.3 AI-Generated Content Limitations

• Accuracy: AI-generated content may contain errors, inaccuracies, or outdated information
• User Responsibility: You are responsible for verifying the accuracy of AI-generated content
• No Guarantee: We do not guarantee the completeness, reliability, or accuracy of AI outputs
• Medical Decisions: Never rely solely on AI-generated content for medical decisions or patient care

9.4 Community-Generated Content

• User Responsibility: Users who share flash cards are responsible for the accuracy and appropriateness of their content
• No Endorsement: Shared content does not represent our views or endorsements
• Moderation: While we moderate shared content for inappropriate material, we cannot verify medical accuracy

9.5 Sensitive Health Information

We do not intentionally collect Protected Health Information (PHI) or sensitive patient data. Do not share:

• Patient names, medical record numbers, or identifiable information
• Personal health conditions (unless for your own educational purposes)
• Any information that could violate HIPAA or patient confidentiality

10. International Data Transfers

While our primary servers are in Frankfurt, Germany, some third-party services may process data in other countries:

• United States: OpenAI, Firebase, Mixpanel, Facebook, RevenueCat, OneSignal
• European Union: Supabase (primary storage)

We ensure that international transfers comply with applicable data protection laws through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy Decisions where applicable
• Data Processing Agreements with all third-party processors

11. App Tracking Transparency (iOS)

11.1 Tracking Disclosure

On iOS devices, we request permission via Apple's App Tracking Transparency (ATT) framework to track your activity across other apps and websites.

11.2 What We Track (If Authorized)

If you grant tracking permission, we may:

• Link your device identifier to analytics data
• Share your advertising identifier with analytics partners (Facebook, Google)
• Measure ad campaign effectiveness
• Provide personalized content and ads

11.3 Opting Out

You can:

• Deny tracking permission when prompted
• Change your preference in iOS Settings > Privacy & Security > Tracking
• Manage preferences in the Finito Medicine app settings

No Penalty: Denying tracking permission does not affect core App functionality.

12. Cookies and Tracking Technologies

We use the following tracking technologies:

12.1 Types of Technologies

• Local Storage: Storing preferences, authentication tokens, and cache data
• Session Storage: Temporary data for current session
• Analytics SDKs: Firebase, Mixpanel, Facebook for usage tracking
• Crash Reporting: Firebase Crashlytics for error monitoring

12.2 Managing Preferences

• Mobile Apps: Clear app data via device settings or within the App
• Analytics Opt-Out: Disable tracking in the App settings
• Ad Personalization: Adjust settings via iOS ATT or Android advertising settings

13. Third-Party Links and Services

Our App may contain links to third-party websites, services, or integrations (e.g., medical schools, external resources). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service features.

14.1 Notification of Changes

We will notify you of material changes by:

• Sending an in-app notification
• Displaying a prominent notice on first app launch after update
• Updating the "Last Updated" date at the top of this policy

14.2 Continued Use

Your continued use of Finito Medicine after changes take effect constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

WOLPHY APPS

Email: support@finitoai.app

Data Protection Inquiries:

For GDPR-related inquiries, please email us with "GDPR Request" in the subject line.

Response Time:

We aim to respond to all inquiries within 30 days.

16. Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of the European Union, particularly the General Data Protection Regulation (GDPR), and the laws of the Federal Republic of Germany.

For disputes related to data protection, you may:

• Contact your local data protection authority
• Seek resolution through applicable courts in the EU
• Contact the German Federal Commissioner for Data Protection and Freedom of Information

17. Data Protection Officer

For data protection inquiries, you may contact our data protection contact at: support@finitoai.app

18. Your Consent

By using Finito Medicine, you consent to this Privacy Policy and the collection, use, and sharing of your information as described herein.

If you do not agree with this Privacy Policy, please do not use our App.