Privacy Policy
In short. Global ID collects only the data needed for the app to work: identity, scanned prescriptions, and the medical info you enter. Everything is hosted in Switzerland. No advertising, no tracking, no resale. You can delete your account at any time from inside the app.
1. Data Controller
Global ID is operated by:
Elie‑Henri Martin
Geneva, Switzerland
Contact: privacy@globalid.ch
2. What we collect
All data below is linked to your account and used solely to operate the app. None of it is used for advertising or tracking.
- Identity
- First name, last name, date of birth, email, phone number (optional).
- Health data
- Content of scanned prescriptions (exam type, body region, medical indication), allergies, blood type, medical notes, emergency contact — only what you enter yourself.
- Photos
- The scanned prescription image and your insurance card image, stored encrypted.
- Insurance card
- Card number, AVS number, insurer name, validity dates.
- Apple identifier
- If you sign in with Apple, an anonymous Apple identifier is sent to us to authenticate your session.
- Location
- Approximate location, only while you use the app, to sort imaging centres by proximity. This data is never linked to your account or stored on our servers.
3. Why we collect it
- To authenticate your account and secure access to your record.
- To analyse scanned prescriptions and automatically extract useful information (exam type, prescriber).
- To forward your appointment request to the imaging centre you choose.
- To keep a history of your past exams and your insurance cards for future appointments.
We never use your data for advertising, commercial profiling or resale to third parties.
4. Processors and third parties
The following providers process some of your data on our behalf:
- Infomaniak (Switzerland)
- Hosting of the database and API. Data centres located in Geneva. Infomaniak privacy policy.
- Google Gemini (Google Ireland Ltd.)
- Optical character recognition of prescriptions. The prescription image is sent via API for analysis, then the result is returned to our servers. Google does not retain the requests beyond the analysis. Google privacy policy.
- Apple Inc.
- If you use Sign in with Apple, Apple processes your identifier to authenticate your session. Apple privacy policy.
- Recipient imaging centre
- When you confirm an appointment request, your name, date of birth, medical indication and prescription image are sent by email to the centre you have chosen.
5. Hosting location and transfers
Your data is stored in Switzerland, in Infomaniak data centres in Geneva. Some operations (OCR analysis via Google Gemini) involve a temporary transfer to the European Union. These transfers are governed by the European Commission Standard Contractual Clauses and by the data protection commitments of the processor.
6. Retention
Your data is kept for as long as your account is active. If you delete your account from the app (Profile → Delete my account), all associated personal data is permanently erased from our servers within 30 days, except for items the law requires us to retain (e.g. anonymised security logs for up to 12 months).
7. Your rights
Under the new Swiss Federal Act on Data Protection (FADP) and, where applicable, the GDPR, you have the following rights:
- Access: obtain a copy of the data concerning you.
- Rectification: correct inaccurate data (editable directly in the app).
- Erasure: delete your account and all associated data (the "Delete my account" button on the Profile tab).
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to a specific processing activity.
To exercise these rights, write to privacy@globalid.ch. We respond within 30 days.
8. Security
We take reasonable technical and organisational measures to protect your data:
- End-to-end encryption of communications (HTTPS / TLS 1.2+).
- Passwords stored as high-cost bcrypt hashes.
- Authentication tokens stored only in the iOS Keychain.
- Server access limited to the publisher, by SSH key.
- Encrypted backups, kept in Switzerland.
9. Cookies and trackers
The iOS app uses no cookies or advertising trackers. This website only uses what is strictly necessary for display: no third-party analytics cookies.
10. Minors
Global ID is not intended for individuals under 16 without parental consent. If you act on behalf of a minor, you can create a child profile inside your parent account.
11. Changes
We may update this policy to reflect technical or legal changes. The last-updated date is shown at the top of this page. We will notify you via the app of any substantial change.
12. Supervisory authority
If you believe your data is not being processed in accordance with the law, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC):
Feldeggweg 1, 3003 Bern
www.edoeb.admin.ch
13. Contact
For any question about this policy or about how your data is handled: