1. Introduction

Welcome to GrowTracker (the "App", "Service", "we", "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our application.

GrowTracker is a tracking tool for managing growth hormone injections. The App is not a medical device and does not provide medical advice. It is designed to help families organize and track injection schedules.

Entity identification: GrowTracker is operated by Asaf Bahat, Israeli authorized dealer (osek murshe) no. 60957693. Privacy contact: privacy@growtracker.app

2. Information We Collect

Account Information

• Full name
• Email address
• Password (stored in encrypted form)
• Account type (Parent or Teen)

Child Profiles

• Child's name
• Date of birth
• Medication name and dosage amount
• Custom injection sites
• Injection and fridge removal times

Tracking Data

• Injection history (dates, times, injection sites)
• Syringe inventory (quantities, capacity, low-stock alerts)
• Growth measurements (height, weight)
• Daily schedule status

Technical Data

• Timezone (automatically detected from your browser)
• Notification preferences (on/off)
• Language preference
• Display mode preference (light/dark)

3. How We Use Your Information

We use your information solely for the following purposes:

• Providing the Service — Displaying the injection tracking dashboard, managing schedules, and monitoring inventory
• Sending Reminders — Push notifications for injection times, fridge removal, and parent reminders
• Account Management — Login, authentication, and password recovery
• Service Improvement — Understanding usage patterns to improve the user experience

We do not use your information for advertising, third-party marketing, or any purpose not directly related to providing the Service.

4. Data Storage and Security

We implement industry-standard security measures to protect your information, including password encryption, encrypted communication (HTTPS), and secure data storage. Your passwords are never stored in plain text.

Storage location: Your data is stored on Render cloud servers located in the United States.

Security level: We maintain the security level required by the Protection of Privacy (Data Security) Regulations, 5777-2017.

4a. Cross-Border Data Transfers

In the course of operating the Service, personal data is transferred to and stored outside of Israel:

• Render (USA) — The database and application servers are hosted on Render cloud servers in the United States. All personal data is transferred to and stored in the USA.
• Google OAuth (USA) — When signing in via Google, authentication data is transferred to Google servers in the USA.
• Gmail SMTP (USA) — Password reset and notification emails are sent via Google's SMTP servers in the USA. Only the email address and message content are transmitted. Legal basis: legitimate interest for account security.
• Push Services (USA and others) — Push notifications are routed through browser vendor services (Google FCM, Mozilla autopush, Apple APNs). Payloads are encrypted end-to-end per RFC 8291 and contain only initials, not full names. Legal basis: explicit user consent (notification opt-in).
• Google Fonts CDN — Font files are loaded from Google servers. Only the IP address is exposed; no personal data is transmitted.

Legal basis: Data transfers are conducted based on informed user consent at registration and the necessity of providing the Service, in accordance with the Protection of Privacy Law, 5741-1981.

5. Push Notifications

The App requests permission to send push notifications to your browser. These notifications are used exclusively for:

• Medication fridge removal reminders
• Injection time reminders
• Parent reminders

You can disable notifications at any time through the App settings or your browser settings. Notifications are never sent without your explicit consent.

6. Data Sharing

We do not share, sell, or transfer your personal information to third parties. Specifically:

• No data sharing with advertisers
• No selling of data to third-party companies
• No sharing of health-related information with any party

We will only disclose information if required by law or court order.

7. Children's Privacy

We are aware of the sensitivity of information related to children and take special measures:

• Teen accounts require parental consent
• Parents maintain full access and oversight of their children's accounts
• Child profiles contain only the minimum information necessary for tracking
• Children cannot create an account without being linked to a parent account

8. Data Retention and Deletion

We retain your information for as long as your account is active. You can delete your account at any time through the account settings in the App.

Retention periods:

• Active account — Data is retained while the account is active
• After deletion — Children's data (injection history, growth measurements, inventory) is permanently deleted. The account record is anonymized (email and personal identifiers are removed) and retained for legal compliance. Database backups are purged within 7 days
• Consent records — Retained for 7 years (legal requirement)
• Authentication tokens — Auto-expire after 30 days

When an account is deleted:

• Child profiles, injection history, growth data, and inventory are permanently deleted
• Account details are anonymized (email replaced, name removed)
• Consent records are preserved for legal compliance
• This action is irreversible

8a. Breach Notification

In the event of a security breach affecting your personal data, we commit to:

• Notifying affected users and the Privacy Protection Authority "without delay" per Israeli law
• Informing you via email and in-app notification within 72 hours of discovery
• Providing information about the nature of the breach, data exposed, and steps taken

8b. Database Registration

Registration in process.

9. Cookies and Local Storage

The App uses browser local storage (localStorage/sessionStorage) for:

• Authentication tokens — to maintain your login session
• Language preference — Hebrew or English
• Display mode — light or dark theme
• "Remember Me" preference — to control login persistence

We do not use third-party tracking cookies or external analytics tools.

10. Your Rights

Under the Protection of Privacy Law, 5741-1981, you have the following rights regarding your information:

• Access and Export — View all personal data and export it as JSON via Settings > Account Security > Privacy & Data
• Correction — Update or correct inaccurate information through the App settings
• Deletion — Delete your account and all associated data through account settings
• Portability — Full export of your data in a structured format
• Objection to direct marketing — We do not engage in marketing communications. Nevertheless, you have the right to object to any direct marketing
• Consent withdrawal — You may withdraw consent to data processing at any time via Settings > Privacy & Data. Note: withdrawing consent will deactivate your account

To exercise any of these rights, you can use the account settings in the App or contact us at privacy@growtracker.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. In the event of material changes, we will notify you via an in-app notification or email. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions or requests regarding your privacy, you can reach us at:

Email: privacy@growtracker.app