1) Controller & contacts

Controller: NOCODEYET SRL (“we”, “us”).

Applies to any ForDementiaAI and Dokia brands, including the mobile apps and the websites fordementia.ai and dokia.ai.

2) Data we collect

• Account data: name, email, password hash, role (caregiver/clinician/patient).
• Care diary data (entered by caregivers/clinicians): notes, events, attachments; may include health data such as basic vitals (e.g., temperature, heart rate/heartbeat).
• Device & usage: IP address, device identifiers, app version, logs, crash reports/diagnostics.
• Analytics: Google Analytics (usage metrics and performance).
• Location: we do not collect precise location by default.

3) Purposes & legal bases (GDPR)

• Provide and operate the Services — Contract (Art. 6(1)(b)).
• Improve, monitor, and secure the Services (including crash logs and analytics) — Legitimate interests (Art. 6(1)(f)).
• Special‑category data (health) — Explicit consent (Art. 9(2)(a)).
• Legal obligations (e.g., tax/records) — Art. 6(1)(c).

4) How we process data

• Data minimization: collect only what is necessary.
• Security: encryption in transit and at rest; access controls; monitoring.
• Automated decision‑making: none that produce legal or similarly significant effects.
• Retention: upon account deletion or a valid erasure request, we delete or anonymize personal data within 30 days, except records we must retain.

Legal & billing records (e.g., invoices, audit logs) are retained for up to 10 years to comply with applicable law.

5) Sharing & processors

We share data with service providers under data processing agreements and appropriate safeguards:

• Hosting & storage: European Union (EU).
• Analytics: Google Analytics.
• Crash reporting: Crash logs/diagnostics (e.g., Firebase Crashlytics or similar).

International transfers are protected by adequacy decisions and/or Standard Contractual Clauses where applicable.

6) Your rights

You have rights of access, rectification, erasure, restriction, objection, data portability, and to withdraw consent at any time. You may also complain to your local supervisory authority (in Romania: ANSPDCP).

How to exercise: Email [email protected]. We will verify your identity and respond within one month (extendable in complex cases).

7) Children’s data

The Services are intended for caregivers and clinicians. Direct use by minors is allowed only with parent/legal guardian or clinician involvement. Caregiver accounts require users to be 16+.

8) Data storage & deletion

• Primary storage region: European Union (EU).
• Backups are retained for operational integrity and are purged or overwritten on a rolling basis; deleted account data is removed from active systems within 30 days.

9) Cookies & SDKs

We use cookies and mobile SDKs that are necessary for operation, analytics, and crash diagnostics.

• Strictly necessary: authentication, security, load balancing
• Analytics: Google Analytics
• Crash & diagnostics: crash logs/diagnostics (e.g., Crashlytics)

You can manage cookie/SDK preferences via your device settings and, where available, in‑app controls.

10) Disclosures

• We may disclose information to comply with legal obligations or to protect rights, property, or safety.
• In corporate transactions (merger, acquisition), data may transfer subject to this Policy and user notice.

11) International users

If you access the Services from outside the EU/EEA, data may be processed in jurisdictions with different laws; we apply appropriate safeguards.

12) Changes to this Policy

We may update this Policy and will update the “Effective” date above. Material changes will be notified in‑app or by email.

13) Contact

Email: [email protected] · Postal: Strada Valea Gârbăului 113, Cluj-Napoca, 407280, Romania