Skip to main content
Medova

This site is currently implementing core features and is not ready for patient use yet.

How We Protect Your Data

Our privacy principles

We want you to understand what data is needed — and why.

Data minimization

We only collect what is needed to operate features, compare information, and handle inquiries.

Secure processing

We apply standard security measures and best practices to limit the risk of unauthorized access.

Access control

Data access is restricted by roles and the principle of least privilege.

Transparency and choice

We explain what we do with data — and how you can manage your settings.

Your rights

Under the GDPR (Articles 15–22), you have a number of rights regarding your personal data.

Right of access

You can obtain confirmation of whether we process your data and receive a copy.

Right to rectification

You can request correction of inaccurate or completion of incomplete data.

Right to erasure

You can request deletion of data when it is no longer necessary for processing purposes.

Right to restriction of processing

You can request restriction of processing in certain situations.

Right to data portability

You can receive your data in a structured format and transfer it to another controller.

Right to object

You can object to processing based on legitimate interest.

Right regarding automated decisions

You have the right not to be subject to decisions based solely on automated processing.

Health data

Special category data: Information about vaccinations and traveler health status constitutes health data under Article 9 GDPR.

We process health data solely on the basis of your explicit consent (Art. 9(2)(a) GDPR) or when necessary for reasons of public interest in the area of public health. We apply additional technical and organizational safeguards.

Automated processing

We use algorithms to assess travel health risks and generate vaccination recommendations. We do not make decisions producing legal effects based solely on automated processing. You can always request human review.

Data processors

NamePurpose
Supabase Inc.Database and authentication
Stripe Inc.Payment processing
Google LLCMaps and geolocation
Anthropic PBCAutomated translations
Vercel Inc.Hosting and content delivery

Data Protection Officer (DPO)

For matters related to personal data protection, you can contact our Data Protection Officer:

Email: dpo@medova.health

EPKO SP. Z O.O., ul. Podleśna 2, 05-270 Marki, Poland

Supervisory authority (PUODO)

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the supervisory authority (Art. 77 GDPR):

President of the Personal Data Protection Office

ul. Stawki 2, 00-193 Warsaw

Phone: +48 22 531 03 00

Website: https://www.uodo.gov.pl

Email: kancelaria@uodo.gov.pl

Language version notice

These legal documents were drafted in Polish. Other language versions may be machine translations and are provided for convenience only. In case of discrepancies, the Polish version prevails.