DIOPTRA · Legal

Privacy notice

Last updated: 2026-04-27

1. Data controller

PatientEd Saad
Amr Saad
Brauerstrasse 87, 8004 Zürich, Switzerland
Email: amr@dioptra.amrsaad.de

A data protection officer is not legally required given the size of the business. Privacy enquiries are answered directly by the owner.

2. What we collect

2.1 When you visit the site (landing)

  • Server logs (technically necessary, hosted by Vercel Inc., USA): IP address (anonymised after 14 days), user agent, requested URL, referrer, timestamp. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operation and security). Retention: maximum 14 days.
  • No tracking, no cookies on the landing page beyond what is technically necessary.

2.2 On signup / Free Preview

  • Email address. Legal basis: Art. 6(1)(b) GDPR (preparing to enter into a contract). Stored at Supabase Inc. (USA, EU Frankfurt region). Deleted on request.
  • No password for Free Preview (magic-link login).

2.3 On purchase (Exam Bundle or Annual)

  • Payment data are passed directly to Stripe Payments Europe Ltd. (Ireland). We do not process card details ourselves; we only see the Stripe customer ID, purchase date, amount, and invoice metadata.
  • Selected exam date (used for bundle expiry logic). Institution or training centre is optional.

2.4 When using the app (after login)

  • Review data (which cards you answered when, your self-rating, FSRS intervals, evaluator scores) are stored primarily in the browser (IndexedDB / Dexie).
  • Sync to Supabase (EU region) is optional and on by default. It can be turned off in Settings.
  • For Deep Review (Construct): your typed answer is transmitted encrypted to Anthropic PBC (USA) and processed there under the Anthropic API terms. Anthropic does not use API traffic for model training by default. We do not retain your answer beyond the session, only the score and a brief feedback string.

2.5 Technical logs

Error logs (no personal data) at Vercel, 30-day retention.

3. Processors (Article 28 GDPR)

We work with the following providers under EU Standard Contractual Clauses or an adequacy decision:

  • Vercel Inc. - landing and app hosting, USA / EU region, EU SCCs.
  • Supabase Inc. - auth and database (sync), USA / EU Frankfurt, EU SCCs.
  • Stripe Payments Europe Ltd. - payment processing, Ireland, intra-EU transfer.
  • Anthropic PBC - answer evaluation (Claude Haiku), USA, EU SCCs plus Anthropic Commercial Terms (no training on API traffic).

Vercel and Supabase are GDPR compliant and operate under the EU-US Data Privacy Framework. Data processing at Anthropic relies on Standard Contractual Clauses plus the contractual commitment that API data is not used for training.

4. Cookies and local storage

  • IndexedDB (Dexie): stores your cards, review logs, and settings locally in the browser. Not a cookie, not transmitted.
  • localStorage: a technical kill-flag for the service-worker lifecycle, plus the auth session token (Supabase standard).
  • No third-party tracking cookies.
  • No advertising cookies.
  • No analytics cookies.

5. Your rights

You have the right at any time to:

  • Access your stored data (Art. 15 GDPR / Art. 25 revFADP).
  • Rectification of inaccurate data (Art. 16 GDPR / Art. 32 revFADP).
  • Erasure(Art. 17 GDPR / Art. 32(2) revFADP), available self-service in Settings under "Delete account".
  • Restriction of processing (Art. 18 GDPR).
  • Data portability(Art. 20 GDPR), via the JSON export under Settings > "Export your data".
  • Object to processing (Art. 21 GDPR).
  • Lodge a complaint with a supervisory authority. In Switzerland: the Federal Data Protection and Information Commissioner (edoeb.admin.ch). In the EU: your respective national data protection authority.

To exercise any of these rights, send an email to amr@dioptra.amrsaad.de.

6. Security

  • All connections over HTTPS (TLS 1.3) only.
  • Auth tokens via Supabase Auth (JWT, HttpOnly).
  • Database access only via Supabase row-level security with user-id scoping.
  • Anthropic API key kept server-side only, never in client code.

7. Retention

  • Free Preview signups: until deletion request or 24 months of inactivity.
  • Paid accounts: for the active subscription term plus 30 days, after which review data is automatically deleted. Invoicing data is retained for 10 years per Swiss CO requirements.
  • Server logs: 14 days.

8. Changes to this notice

We may update this privacy notice as the technical setup or processor list changes. Users are notified by email (paid accounts) or by an in-app banner (free tier).

Last updated: 2026-04-27 · © PatientEd Saad · CHE-472.347.315