GlobalID

Privacy Policy

Last updated: Version 1.0

In short. GlobalID only collects what's needed to run the app: your identity, scanned prescriptions, and medical data you enter. Everything is hosted in Switzerland. No ads, no tracking, no resale. You can delete your account at any time from inside the app.

1. Data controller

GlobalID is published by:

Elie‑Henri Martin
Geneva, Switzerland
Contact: privacy@globalid.ch

2. What we collect

All data below is tied to your account and used solely to run the app. None of it is used for advertising tracking.

Identity
First name, last name, date of birth, email, phone number (optional).
Health data
Content of scanned prescriptions (exam type, body region, medical indication), allergies, blood type, medical notes, emergency contact — only what you enter yourself.
Photos
Prescription scan and insurance card image, stored encrypted.
Insurance card
Card number, AHV number, insurer name, validity dates.
Apple ID
If you use "Sign in with Apple", an anonymous Apple identifier is sent to us to authenticate your session.
Location
Approximate position, only while in use, to sort imaging centres by proximity. This data is never tied to your account or stored on our servers.

3. How we use this data

  • Authenticate your account and secure access to your record.
  • Analyse scanned prescriptions to automatically extract useful info (exam type, prescriber).
  • Transmit your appointment request to the imaging centre you choose.
  • Keep history of your exams and insurance cards for future appointments.

We never use your data for advertising, commercial profiling, or resale to third parties.

4. Processors and third parties

The following providers process some of your data on our behalf:

Infomaniak (Switzerland)
Database and API hosting. Data centres in Geneva. Infomaniak privacy policy.
Google Gemini (Google Ireland Ltd.)
Optical recognition of prescriptions. The prescription image is sent via API for analysis; the result is returned to our servers. Google does not retain queries beyond the analysis duration. Google privacy policy.
Apple Inc.
If you use "Sign in with Apple", Apple processes your identifier to authenticate your session. Apple privacy policy.
Recipient imaging centre
When you confirm an appointment request, your name, date of birth, medical indication and prescription image are sent by email to the centre you chose.

5. Hosting location and transfers

Your data is stored in Switzerland, in Infomaniak's data centres in Geneva. Some occasional operations (OCR analysis via Google Gemini) involve a temporary transfer to the European Union. These transfers are governed by the European Commission's Standard Contractual Clauses and by the data protection commitments of the processor.

6. Retention

Your data is kept for as long as your account is active. If you delete your account from the app (Profile → Delete my account), all associated personal data is permanently erased from our servers within 30 days, except for items the law requires us to keep (for example anonymised security logs for up to 12 months).

7. Your rights

Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the GDPR, you have the following rights:

  • Access: get a copy of the data we hold about you.
  • Rectification: correct inaccurate data (editable directly in the app).
  • Erasure: delete your account and all associated data ("Delete my account" button in the Profile tab).
  • Portability: receive your data in a structured, readable format.
  • Objection: object to a specific processing.

To exercise these rights, write to privacy@globalid.ch. We respond within 30 days.

8. Security

We take reasonable technical and organisational measures to protect your data:

  • End-to-end encryption of communications (HTTPS / TLS 1.2+).
  • Passwords stored as bcrypt hashes with high cost factor.
  • Authentication tokens stored only in the iOS Keychain.
  • Server access limited to the publisher, via SSH key.
  • Encrypted backups, kept in Switzerland.

9. Cookies and trackers

The iOS app uses no cookies or advertising trackers. This website uses Plausible Analytics, an EU-hosted, cookie-less, no-personal-identifier analytics tool — fully FADP/GDPR compliant.

10. Minors

GlobalID is not intended for people under 16 without parental consent. If you represent a minor, you can create a child profile inside your parent account.

11. Changes

We may update this policy to reflect technical or legal changes. The last-updated date appears at the top of the page. For substantial changes, we notify you in the app.

12. Supervisory authority

If you believe your data is not being processed lawfully, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC):

Feldeggweg 1, 3003 Bern
www.edoeb.admin.ch

13. Contact

For any question about this policy or our processing of your data:

privacy@globalid.ch