Privacy Policy
Last updated: April 2026
Unless stated otherwise, capitalized terms not defined in this Privacy Policy shall have the meaning attributed to them in the Terms and Conditions.
HDS stands for Health Data Safe Foundation, a non-profit foundation incorporated under Swiss private law (articles 80 ff. of the Swiss Civil Code), with its registered seat in Morges, Canton de Vaud, Switzerland.
The Foundation’s purpose is to act for public health, quality of care, and scientific progress, placing the fundamental rights of patients at the center of its action. The Foundation has no lucrative purpose. In case of dissolution, all personal data entrusted to the Foundation must be destroyed or migrated to a service offering similar guarantees — personal data is never considered an asset of the Foundation.
1. Purpose
Section titled “1. Purpose”HDS provides this Privacy Policy to describe its procedures regarding the collection, use, and disclosure of Personal Data collected or received from Users of the HDS Platform (including the HDS mobile application “Health Data Safe”, available on iOS and Android, and the HDS web application). Personal Data has the meaning set forth in the Swiss Federal Act on Data Protection (FADP/nDSG) and, according to your place of residence, additional data protection laws and regulations (including the EU GDPR) may be applicable.
Health Data Safe Foundation, Morges, Switzerland, shall be the data controller.
This Privacy Policy does not apply to services provided by third parties, including when said services are provided as part of, or are integrated in, the HDS Platform.
2. Acceptance
Section titled “2. Acceptance”By using the HDS Platform, you agree to this Privacy Policy.
In case of a modification, you will be informed by your registration e-mail and the new Privacy Policy will be available on this website. You have the right to accept or decline the changes. If you decline, you may back up and export your data; your account will then be deleted. Without any action from you within 30 days, the Privacy Policy will be considered as accepted.
3. International Transfer
Section titled “3. International Transfer”You acknowledge and agree that Personal Data you submit to HDS will be hosted on servers located in Switzerland. Different privacy laws may apply depending on the chosen hosting location, your country of residence, and the place from which you access the HDS Platform.
HDS may transfer your data to another hosting service within Switzerland.
Accessing or sharing your data requires transfer via the Internet. Depending on the network configuration, your data may transit through other countries. All transfers are encrypted with TLS/SSL.
4. What Data We Collect and How We Use It
Section titled “4. What Data We Collect and How We Use It”We identify a user only with a serial ID, an e-mail address, and a username. You will not be identified if you are not a registered user.
Metrics we collect from your account:
- Your amount of network usage
- Your last connection date
- The apps connected to your HDS account
- The number of API requests made
What we do NOT collect, access, or share without your explicit request:
- The content of your health data
- Any statistical information not listed above
4.1 Usage-Related Data
Section titled “4.1 Usage-Related Data”To improve the quality and ergonomics of the HDS Platform, we may collect information about your device, such as your IP address, operating system, browser, and device type. We use server-side and client-side cookies that may carry personal information and identifiers.
We may collect anonymized user-interface usage metrics (e.g., how often a feature is used).
4.2 Mobile Application Data
Section titled “4.2 Mobile Application Data”When you use the HDS mobile application, we may additionally collect:
- Push notification tokens — device identifiers used to deliver notifications. These tokens are stored on our servers and associated with your account. You can disable notifications at any time in your device settings or the app’s settings page.
- Health platform data (with your explicit permission) — if you grant the app access to Apple HealthKit or Android Health Connect, the app reads health data (such as body temperature, menstrual flow, weight, and other supported types) and syncs it to your HDS account. This data is transmitted directly to your personal HDS storage and is never shared with third parties unless you explicitly request it.
The HDS app does not use health data for advertising, data mining, or any purpose other than storing it in your personal health record.
4.3 User Content-Related Personal Data
Section titled “4.3 User Content-Related Personal Data”You are the sole owner of your Personal Data, and HDS processes it on behalf of your explicit requests. When you store, provide, or otherwise use content on the HDS Platform, you may provide Personal Data in the form of the content itself. You are the sole data controller for said Personal Data.
4.4 Other Uses of Personal Data
Section titled “4.4 Other Uses of Personal Data”HDS will collect, use, and communicate such data to and from third parties only on your explicit request.
5. Interactions with Other Users and Services
Section titled “5. Interactions with Other Users and Services”When you share data with healthcare professionals or other users through the HDS Platform, only the data you explicitly authorize is shared. You can revoke access at any time from the app’s Connections page.
6. Information Sharing and Disclosure
Section titled “6. Information Sharing and Disclosure”We may share aggregated information that does not include Personal Data with third parties for analysis. Any aggregated information shared will not contain Personal Data.
At your explicit request, we may transfer your Personal Data to a third party for hosting or processing.
7. Right to Access Your Personal Information
Section titled “7. Right to Access Your Personal Information”You may at any time:
- Request access to your Personal Data collected by HDS
- Request that inaccurate information be amended
- Request that your Personal Data be erased
- Export your data
Some actions may be taken directly with tools provided by the HDS Platform. Requests can also be sent to support@healthdatasafe.org.
8. How to Delete Your Account
Section titled “8. How to Delete Your Account”See our Data Deletion page for detailed instructions.
All users may review, update, correct, export, or delete their Personal Data within their account. Information in back-up storage may remain for a limited period after your deletion request. Any content you have shared with a third party may also persist according to their own data retention policies.
9. Links to Other Services
Section titled “9. Links to Other Services”If any part of the HDS Platform links to or integrates with third-party services, those services operate under their own privacy policies. We do not exercise control over third-party services and recommend you review their privacy statements.
10. Security
Section titled “10. Security”We make our best effort to ensure that your Personal Data is protected and under your sole control. All data is encrypted in transit (TLS/SSL) and at rest.
11. Compliance with Laws
Section titled “11. Compliance with Laws”HDS cooperates with government and law enforcement officials as required by law. We will only disclose Personal Data if required to respond to legal process, protect the rights of HDS, protect public safety, or prevent illegal activity. You will be informed of any such disclosure to the extent HDS is not prohibited from doing so.
12. Applicable Law and Jurisdiction
Section titled “12. Applicable Law and Jurisdiction”This Privacy Policy shall be governed by the substantive laws of Switzerland. Any dispute shall be subject to the exclusive jurisdiction of the ordinary courts at the seat of HDS Foundation.
13. Contact
Section titled “13. Contact”If you have any questions about this Privacy Policy, please contact us at support@healthdatasafe.org.