App Privacy Policy

Loretta Health UG · Berlin, Germany

Effective date: May 6, 2026
Last updated: May 6, 2026
Version: 1.0
Applies to: The Loretta consumer app for iOS and Android (the "App")

1. Who we are and how to contact us

The Loretta App is operated by Loretta Health UG, a company incorporated in Germany with registered office in Berlin (the "Controller", "we", "us").

Registered address: Donaustraße 43, Berlin 12043
Commercial register: Amtsgericht Charlottenburg, HRB 269976
Managing Director: Daniel Townsend
Email: mail@loretta.care

Data Protection Officer (DPO): Daniel Townsend reachable at mail@loretta.care.

Under Article 27 GDPR no EU representative is required as we are established in Germany.

2. Scope of this policy

This policy explains how we process personal data when you download, install, or use the Loretta App. The Loretta App is a wellness and prevention tool. It is not a medical device under Regulation (EU) 2017/745 (MDR). It does not diagnose, treat, cure, or prevent disease and is not a substitute for medical advice from a qualified healthcare professional.

Separate policies apply to our website (loretta-health.com) and to our enterprise product Loretta WorkIntelligence. This policy does not cover them.

3. Summary at a glance

The detail follows in later sections. This summary is provided for clarity and does not replace it.

Topic	Detail
What we collect	Account data, self-reported health information, wearable and sensor data you choose to share, and risk scores generated by our models
Why	To provide the App, generate your prevention insights, secure the service, and (with your consent) improve our models
Legal basis	Your explicit consent under Art. 9(2)(a) GDPR for health data; contract under Art. 6(1)(b) for account data; legitimate interest under Art. 6(1)(f) for security
Where data is stored	Loretta-controlled servers located in the European Union (Germany)
Sharing	Limited processors only (cloud infrastructure, analytics, support). No advertising. No sale of data. No data brokers.
Your rights	Access, rectification, deletion, restriction, portability, objection, and withdrawal of consent at any time

4. What data we process

4.1 Account data

Email address (required for account creation and authentication)
Display name or pseudonym (optional)
Hashed password or, if you use Sign in with Apple / Google, the corresponding identifier
Date of birth or age band (used to calibrate risk models)
Sex assigned at birth or self-described gender (used to calibrate risk models; optional fields where clinically permissible)

4.2 Health and wellness data (special category data, Art. 9 GDPR)

Self-reported symptoms, conditions, and lifestyle inputs you enter into the App
Biomarker values you enter manually (for example, blood pressure, glucose, cholesterol)
Wearable and sensor data you choose to connect, such as heart rate, sleep, steps, and activity from Apple Health, Google Health Connect, or supported third-party devices
Inferred outputs generated by our models, including digital twin states and prevention risk scores

4.3 Device and usage data

Device model, operating system version, App version, and language settings
Crash logs and diagnostic data (truncated, no health content)
App interaction events (screen views, feature usage) used in pseudonymous form for product analytics
IP address (collected at the network level; truncated or hashed before storage where technically possible)

4.4 What we do not collect

We do not collect precise GPS location
We do not collect contacts, photos, or microphone input unless you explicitly initiate a feature that requires them
We do not collect advertising identifiers (IDFA, AAID) and do not request App Tracking Transparency (ATT) permissions

5. Why we process your data and on what legal basis

We rely on the following legal bases under the GDPR. Where the processing concerns health data, we additionally rely on the conditions in Article 9(2) GDPR.

Purpose	What we do	Legal basis
Provide the App	Create your account, authenticate you, sync your data across your devices	Art. 6(1)(b) contract
Process health data to generate insights	Run risk models, produce digital twin states, return prevention recommendations	Art. 9(2)(a) explicit consent
Security and abuse prevention	Detect intrusions, prevent fraud, maintain audit logs	Art. 6(1)(f) legitimate interest
Product improvement and model training	Use pseudonymised or aggregated data to improve our models	Art. 9(2)(a) explicit, separate, opt-in consent
Compliance with legal obligations	Tax, accounting, statutory record retention	Art. 6(1)(c) legal obligation
Customer support	Respond to your enquiries	Art. 6(1)(b) contract or Art. 6(1)(f) legitimate interest

6. Consent and how to withdraw it

Before we process any health data we ask you to give explicit, informed consent through a layered in-App consent screen. We record the time, the version of this policy, and the specific purposes you consented to.

You can withdraw consent at any time in the App under Settings → Privacy → Consents, or by emailing mail@loretta.care. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. If you withdraw consent for the core health processing, we will no longer be able to provide the App's prevention features, and your account may be deactivated on request.

7. Where your data is stored and processed

All personal data is processed on servers physically located in the European Union. Primary storage infrastructure is operated by IONOS Group SE (Germany). LLM-powered chat features are processed on infrastructure operated by Scaleway SAS (France). Voice chat functionality is processed by Mistral AI SAS (France). Each of these sub-processors acts under a data processing agreement in accordance with Art. 28 GDPR. We do not transfer personal data outside the European Economic Area (EEA) for routine processing.

If a sub-processor in a third country becomes necessary in the future, we will only do so on the basis of a Commission adequacy decision under Art. 45 GDPR or, where unavailable, Standard Contractual Clauses under Art. 46 GDPR together with appropriate supplementary measures, and we will update this policy.

8. Who we share your data with

We share personal data only with carefully selected processors acting on our documented instructions under Art. 28 GDPR. Categories include:

Cloud infrastructure — primary storage (EU-hosted, Germany): IONOS Group SE
LLM chat services infrastructure (EU-hosted, France): Scaleway SAS
Voice chat processing (EU-hosted, France): Mistral AI SAS. Voice input submitted through the App's voice chat feature is transmitted to Mistral AI's API for transcription and processing. Audio data is not retained by Mistral AI beyond the duration of the API call.
Email and transactional messaging: Brevo SAS, France
Customer support tooling: Brevo SAS, France

We do not sell personal data. We do not share personal data with advertising networks. We do not share personal data with data brokers. We do not use your health data for marketing.

9. Federated and research uses

Loretta's broader research and platform infrastructure uses federated learning, where models are trained without raw personal data leaving the controlled environment. The consumer App does not at present participate in such federated training. If we introduce that capability, it will be opt-in, governed by a separate consent flow, and described in an updated version of this policy.

Where we conduct or contribute to scientific research, we comply with the Gesundheitsdatennutzungsgesetz (GDNG, in force 26 March 2024), the European Health Data Space Regulation (EHDS, in force 26 March 2025), Art. 9(2)(j) GDPR, and § 27 BDSG. Any secondary use of your data for research will be either fully anonymised or carried out on the basis of an additional legal authorisation, and you will be informed in advance.

10. How long we keep your data

Category	Retention
Account data	Until you delete your account, plus up to 30 days for backups
Health and wellness data	Until you delete it in-App, or until account deletion
Risk scores and inferred outputs	Until source data is deleted; recomputed on change
Crash and diagnostic logs	Maximum 90 days
Audit and security logs	Up to 12 months
Invoices and accounting records	10 years (§ 147 AO, German Fiscal Code)

11. Your rights

Under the GDPR you have the following rights:

Access (Art. 15) — confirmation of whether we process your data and a copy of it
Rectification (Art. 16) — correction of inaccurate or incomplete data
Erasure (Art. 17) — "right to be forgotten"
Restriction (Art. 18) — limit how we use your data
Portability (Art. 20) — receive your data in a structured, machine-readable format and transmit it to another controller
Object (Art. 21) — to processing based on legitimate interest
Withdraw consent (Art. 7(3)) at any time
Not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Art. 22). The Loretta App does not make such decisions; risk scores are informational and intended to support, not replace, your own decisions and those of your healthcare providers.

To exercise any right, contact mail@loretta.care. We respond within one month (extendable by two further months for complex requests, with notice). All in-App rights actions (export, deletion) are also available under Settings → Privacy.

You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59-61, 10555 Berlin, mailbox@datenschutz-berlin.de.

12. Security

We apply appropriate technical and organisational measures under Art. 32 GDPR. These include:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Pseudonymisation of identifiers in analytics pipelines
Role-based access control with least-privilege defaults and audit logging
ISO 27001-aligned information security controls
Regular penetration testing by an independent third party
Documented incident response procedures including 72-hour breach notification under Art. 33 GDPR

13. Children

The Loretta App is not directed at and may not be used by anyone under 16. We do not knowingly process the personal data of children under 16. If you believe a child has provided us with personal data, please contact mail@loretta.care and we will delete it.

14. Automated decision-making and AI models

Loretta uses AI and statistical models to generate risk scores and prevention recommendations. These outputs are decision-support tools. They do not produce legal or similarly significant effects within the meaning of Art. 22 GDPR. You retain full control over whether and how to act on any output.

Our models are developed in accordance with the EU AI Act (Regulation (EU) 2024/1689). Where applicable obligations apply, including for high-risk AI systems, we will comply within the regulatory timelines, including the December 2027 deadline for high-risk system requirements.

15. Cookies, SDKs, and tracking

The App itself does not use browser cookies. It uses a small number of software development kits (SDKs) for crash reporting, push notifications, and pseudonymous product analytics. Non-essential SDKs are disabled by default and only activated after you give consent on first launch. You can review and change your choices at any time under Settings → Privacy → Tracking & analytics.

16. App Store privacy disclosures

Apple App Store and Google Play require us to declare data collection practices on the store listing. Those disclosures are summaries; this policy is the authoritative document. Where any inconsistency arises, this policy prevails.

17. Changes to this policy

We may update this policy from time to time. Material changes will be notified in-App with a clear summary at least 30 days before they take effect. The current version is always available in the App and at loretta-health.com/legal/privacy.

18. Contact

Loretta Health UG
Donaustraße 43 12043
Berlin, Germany
Email: mail@loretta.care