Note: this privacy policy applies to the Chronic Insights mobile app, not this website
Effective from 25th July 2024
Hi, my name is James Allen, I'm the founder, CEO and Data Protection Officer at Chronic Insights Ltd. This privacy policy outlines what data the Chronic Insights symptom diary app collects, why, and it is stored. I hope you find it clear and informative, but if you have any questions at all please don't hesitate to contact me:
Who I am
When this policy talks about "I", "me" or "my", it means James Allen, the sole founder, developer and Data Protection Officer of Chronic Insights Ltd and author of the Chronic Insights app. Chronic Insights Ltd is a private limited company with one director (me), registered in England, UK with company registration number 11543455. When I refer to the "app", I mean the Chronic Insights symptom diary app available on the Google Play Store and Apple App Store.
Overview
I founded Chronic Insights Ltd after living with ankylosing spondylitis (AS) for over 20 years. AS is an invisible, painful and long-term health condition which I find difficult to describe, and difficult to figure out what helps and triggers it. I created the Chronic Insights app to help myself and others live better with chronic illness, and to give us the choice of using a truly private symptom diary app.
I have designed Chronic Insights to be as private as possible, while still allowing me to resolve errors and bugs in the app. This is why the app does NOT collect or sell any health data or personally identifying information (data which can be linked to you personally). For example, it does not collect email addresses, names, telephone numbers, IP addresses, location / GPS, and it doesn't use trackers of any kind. I believe we deserve to keep our private health data private, and out of the hands of data brokers and other 3rd parties who make money from personal data.
However, in order to rectify errors and bugs in the app, if an unexpected error or crash occurs, the app does collect information about your device, and what caused the error. This does NOT include any health data or personally identifying information.
Data I collect
Crash Data
All Crash Data is anonymous. Crash Data contains the following information which is collected if the app suffers a crash or error:
What time the app crashes or develops an error
Technical details of the crash or error
The version of the app
Information about your device which can help identify the cause of the error. This includes:
Make and model of the device
A randomly generated anonymous identifier
What accessibility settings are enabled on the device
What permissions you have granted to the app
The timezone and locale set on the device
The battery level on the device
The boot time of the device
Whether or not the device was charging at the time of error
The amount of storage space and memory available
The orientation of the device
The screen size
The battery temperature of the device
The internet connection type (wifi or cellular)
How I collect crash data
Crash data is encrypted in transit and sent from your device to Sentry Inc, a GDPR-compliant data processor who provide crash analytics services. Sentry Inc collect, categorise and store the data on my behalf. I use Sentry because they provide a way to efficiently catalogue, analyse, manage and resolve error reports from mobile devices.
How I use crash data
Crash Data collected by me will only be used to investigate, fix and patch software bugs and design flaws.
Sharing data
Crash Data
Crash Data are collected, stored and processed by a data processor called Sentry Inc (address: 132 Hawthorne St, San Francisco, CA 94107). Sentry is a GDPR-compliant data processor certified under the EU-US Privacy Shield Framework. You can request a copy of the data processing agreement between Chronic Insights Ltd and Sentry Inc by emailing me at:
Google Places API
The app offers the optional ability to search for a geographical location using an auto-complete text search query. This feature allows you to select a location to use when downloading weather data. The location auto-complete feature is implemented using the Google Places API (part of the Google Maps API), and involves sending the search query you enter to Google for auto-completion (for example, if you enter 'Trie', this text is sent to Google, so that it can match locations such as 'Trieste, Italy' or 'Trier, Germany'). Further details about this data transfer can be found in Google's Privacy Policies.
The location you select is NOT collected by Chronic Insights Ltd. It is only used by the app to download the correct weather data.
Backup Data
The app includes an optional feature to backup your data to the following 3rd party GDPR-compliant cloud storage providers (Data Processors):
Dropbox, provided by Dropbox Inc. headquartered in 185 Berry St. Ste. 400 San Francisco, CA, U.S.
Google Drive, provided by Google LLC headquartered in 1600 Amphitheatre Parkway in Mountain View, California, U.S.
OneDrive, provided by Microsoft Corporation headquartered in One Microsoft Way, Redmond, Washington, U.S.
If you enable the optional backup feature, when you trigger a backup, your symptom diary data (excluding weather and any fitness and activity data from Health Connect or Apple Health) is sent to a private folder in your cloud storage of choice.
I do not collect this Backup Data and have no access to it.
You can request the Data Protection Agreements I have with Dropbox, Google and Microsoft by contacting me at:
Use of the backup feature requires that you have a Dropbox, Google or Microsoft account. The first time you use the backup feature within the app to backup your app data, you must login to your account to provide the access permissions required to backup and restore your data to and from your cloud storage account, and access permission for the app to see the cloud provider account username (this is normally your email address). Your account account provider username is used in the app for display purposes only, to make it easier to remember which account you have logged into. Your username it remains only on your device and is not collected by me. After login, an authentication token is stored securely within the app for subsequent use.
Your Backup Data is sent securely to your cloud provider of choice and stored according to the terms and conditions you agreed to when you signed up for your Dropbox / Google / Microsoft account. Your relationship with your cloud storage provider is entirely separate to your relationship with Chronic Insights. Chronic Insights is in no way affiliated or partnered with Dropbox, Google or Microsoft. The relevant privacy policies for the cloud providers can be found in the following links:
Dropbox: Dropbox Privacy Policy
Google Drive: Google Privacy Policy
OneDrive: Microsoft Privacy Policy
It is your responsibility to control access to your cloud storage account, and to take appropriate measures to protect access to it (for example, by using a strong password which you do not reveal to others). Anyone who you intentionally or accidentally provide access to the backup folder in your cloud storage account will also have access to the data you have entered into the app.
Data I do NOT collect
For clarity, I also outline here what data I do NOT collect:
Backup Data
I DO NOT collect your Backup Data or your cloud provider account login details, and have no access to it. Your Backup Data is sent directly from your device to the cloud storage provider of your choice when you enable the backup feature.
Fitness Tracker Data
The app offers the optional ability to sync Fitness Tracker Data (such as steps taken, heart rate, activity level) into the symptom diary from various fitness vendors, for example Fitbit, Google Fit, Health Connect and Apple Health. This is to allow you to gain insight into whether activities correlate with their symptoms. All Fitness Tracker Data remains on your device. No Fitness Tracker Data is collected by Chronic Insights. No Fitness Tracker Data is shared with any 3rd parties. You can remove all Fitness Tracker Data from the app by clicking on the 'Sign Out' button in the Fitness Tracker integration settings page in the app.
Weather Location Data
The app offers the optional ability to download weather data for a location you enter into the app. This location is NOT collected by Chronic Insights Ltd. It remains on your device and is only used to download the correct weather data.
Retention periods
Crash data are only retained for as long as necessary to fulfil the purposes for which I process this data for. This includes rectifying the software error causing the crash, verify that the problem has been resolved, and determining if subsequent errors are new or regressions of previous bug fixes.
Your rights
Because crash data is anonymous, by design I am physically unable to identify which crash data originated from you or your specific device. By agreeing to this Privacy Policy and EULA when installing the app, you agree that any crash data collected by the app cannot be deleted on request.
For more information about your rights under the GDPR, you can contact the Information Commissioners Office (the data protection regulator in the UK) at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
Changes to this policy
I may update this policy from time to time and, if I make any material changes, I will notify you when I do so. By continuing to use my app after any changes are made and I have notified you of them, the way I use your data will be subject to the terms of the updated policy.
Contact me
For any questions or concerns, you can contact me by sending an email to: