- Who we are
- Scope of this policy
- Information we collect
- How we use information
- Legal basis (GDPR)
- Third-party services
- International data transfers
- Retention periods
- Security
- Your rights
- Children's privacy
- Cookies & tracking
- Medical disclaimer
- No endorsement / affiliation
- Use for children
- Translations
- Non-diagnostic notice
- Limits of ancillary features
- Disclaimer of warranties
- Limitation of liability
- Indemnification
- Force majeure
- Changes to this policy
- Pre-litigation notice
- Governing law & jurisdiction
- Contact
1. Who we are
ShuntCare ("ShuntCare", the "App", "we", "us", or "our") is published, owned, and operated by:
T3D2 Software Solutions (sole proprietorship, Republic of Serbia)
Owner / Data Controller: Damir Gojović
Contact email: [email protected]
Website: https://shuntcare.com
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, T3D2 Software Solutions acts as the data controller for the limited personal data processed through the App and website. Where we engage third parties (such as Google Firebase, RevenueCat, OpenStreetMap), those parties act either as our processors under contract or, in their own right, as independent controllers — as described in section 6.
2. Scope of this policy
This policy applies to:
- the ShuntCare mobile application for Android (and, when published, iOS); and
- the public website at https://shuntcare.com and its subpages.
It does not apply to third-party websites or services we link to (for example Google Play, Apple App Store, OpenStreetMap, social media). Those services have their own privacy policies, which you should review independently.
3. Information we collect
3.1 Information you provide directly
When you use the App, you may choose to enter the following types of information. All of it is stored locally on your device unless explicitly noted otherwise.
| Category | Examples | Where stored |
|---|---|---|
| Medical profile | Patient name, date of birth, country, shunt model, valve setting, placement date, revision history, allergies, current medications, comorbidities | On-device only (encrypted at OS level) |
| Symptom log | Daily symptom check-ins, temperatures, notes, dates | On-device only |
| Medication adherence | Doses taken / skipped, timestamps | On-device only |
| Imaging files | MRI / CT / ultrasound photos or PDF reports you attach | On-device only |
| Doctor & hospital directory | Contact details you enter for your own clinicians | On-device only |
| Reminders & visit prep | Appointment dates, custom reminders, prep questions | On-device only |
3.2 Account information
If you create an account, the App uses Google Firebase Authentication to manage sign-in. Depending on the method you choose, the following data is processed and stored on Google Cloud servers:
- Email + password: your email address, a securely hashed password, and an account creation timestamp.
- Sign in with Google: your Google account email and unique Google user ID.
- Sign in with Apple: your Apple user ID and, if you choose, a forwarded email address (Apple may give you a private relay email instead of your real one).
We do not see or store your Google or Apple password.
3.3 Subscription information
If you start a paid subscription or free trial, the following information is processed:
- Through Google Play Billing or Apple App Store (depending on platform): payment data, transaction identifiers, and subscription status. We do not see your full payment card details — those stay with Google or Apple.
- Through RevenueCat (a third-party subscription-management service): your anonymous app user ID (linked to your Firebase account), purchase history, entitlement status, and store-receipt validation data.
3.4 Promo code redemptions
When you redeem a promo code distributed by us or by a partner organization, the App records the following in Google Cloud Firestore:
- The redeemed code identifier
- An anonymous device-bound hash (not your name, email, or account ID)
- A timestamp
- The code's batch origin (e.g. partner association identifier)
This ledger exists to prevent the same code being redeemed twice on different devices. It does not contain medical information.
3.5 Location information
The App requests permission to access your device location only when you open the Hospital Finder. Your approximate coordinates are sent to the OpenStreetMap Overpass and Nominatim APIs to find hospitals near you. We do not store your coordinates on our servers, and we do not track your location in the background or when the App is closed.
3.6 Analytics and device information
The App uses Google Firebase Analytics to understand how features are used in aggregate (for example, which screens are opened, how often the Doctor PDF report is generated, where users abandon onboarding). The following categories of data are collected automatically by Firebase Analytics:
- App events (screen views, button taps, feature usage)
- Device model, operating system version, app version
- Approximate country (derived from IP address; we do not store the IP itself)
- Preferred language
- An anonymous Firebase installation ID
We do not use Firebase Analytics to collect, profile, or share your medical data, symptom entries, or identifying account details.
3.7 Diagnostic and crash information
If the App crashes or encounters a serious error, your operating system (Android or iOS) may send a crash report to Google or Apple in accordance with your device settings. We may also enable Firebase Crashlytics in future versions to receive anonymized stack traces. No medical data is included in crash reports.
3.8 Doctor sharing snapshots
If you use the "Doctor Sharing" feature, the App generates a snapshot of your data (medical profile, last 30 days of symptoms, etc.) as a PDF or JSON file and gives you a one-time link or file to share with your clinician. This file is generated on your device. We do not store the snapshot on our servers; once you have shared it, it is your and the recipient's responsibility.
3.9 Information collected by our website
The website shuntcare.com is a static informational site. It does not set tracking cookies, does not run third-party advertising tags, and does not require sign-in. Web server access logs (containing IP addresses and timestamps) may be retained by our hosting provider (Cloudflare) for short-term security and abuse-prevention purposes.
4. How we use information
We use the categories of data described above strictly to:
- provide the App's features (informational symptom tracking, appointment-prep PDF reports, reminders, hospital finder, doctor sharing);
- authenticate your account and keep it secure;
- process and validate your subscription or promo code;
- understand aggregate usage so that we can improve features;
- diagnose technical problems and fix bugs;
- communicate with you when you write to us; and
- comply with legal obligations.
We do not use your data to build advertising profiles, sell to data brokers, train AI/ML models, or feed third-party marketing platforms.
5. Legal basis for processing (GDPR)
Where the EU or UK GDPR applies to you, we rely on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the App's features, manage your account, and deliver your subscription.
- Legitimate interest (Art. 6(1)(f) GDPR): aggregate analytics to improve the product, fraud prevention for promo codes, security logging. Where we rely on legitimate interest, we have balanced our interests against your privacy rights.
- Consent (Art. 6(1)(a) GDPR): location access for the Hospital Finder; any future optional features that require additional data.
- Legal obligation (Art. 6(1)(c) GDPR): retention required by tax, accounting, or fraud-prevention laws.
Because medical information you enter is stored on your device and not transmitted to us, we do not process special-category health data under Art. 9 GDPR on our servers. If that changes in a future version of the App, we will update this policy and seek your explicit consent first.
6. Third-party services
To deliver the App, we rely on the following third-party services. Each operates under its own privacy policy, which we encourage you to review:
| Service | Purpose | Data shared | Provider & policy |
|---|---|---|---|
| Firebase Authentication | Account sign-in | Email, hashed password, federated identity tokens | Google LLC — firebase.google.com/support/privacy |
| Cloud Firestore | Promo code claim ledger | Code ID, anonymous device hash, timestamp | Google LLC — firebase.google.com/support/privacy |
| Firebase Analytics | Aggregate usage analytics | Anonymous events, device info, approximate country | Google LLC — policies.google.com/privacy |
| RevenueCat | Subscription management | Anonymous app user ID, purchase receipts, entitlement state | RevenueCat Inc. — revenuecat.com/privacy |
| Google Play Billing | Android in-app purchases | Payment, account, transaction data | Google LLC — policies.google.com/privacy |
| Apple App Store | iOS in-app purchases (when released) | Payment, account, transaction data | Apple Inc. — apple.com/legal/privacy |
| OpenStreetMap (Overpass & Nominatim) | Hospital search | Query coordinates and search terms (no account) | OpenStreetMap Foundation — osmfoundation.org |
| Cloudflare | Website hosting & CDN | Visitor IP addresses, request logs (short-term) | Cloudflare Inc. — cloudflare.com/privacypolicy |
| FormSubmit | Organization contact form relay | Form fields you submit (name, organization, email, message) | FormSubmit.co |
7. International data transfers
Most of our third-party providers (Google, RevenueCat, Apple, Cloudflare) are based in the United States and may process your data on servers located outside the European Economic Area, the United Kingdom, or Serbia. Where this happens, transfers are governed by:
- the EU Commission's Standard Contractual Clauses (Art. 46 GDPR);
- the providers' participation in the EU–US Data Privacy Framework where applicable; and/or
- equivalent safeguards under the UK International Data Transfer Agreement.
You acknowledge that data transferred outside your home jurisdiction may, in narrow circumstances, be subject to lawful access requests by foreign authorities.
8. Retention periods
| Category | Retention |
|---|---|
| On-device medical data, symptom logs, imaging | Until you delete the App, clear app storage, or delete it inside the App |
| Firebase account | Until you request deletion (see section 10) |
| Subscription / billing records | As required by Serbian tax and accounting law (up to 10 years for invoice records) |
| Promo code claim ledger entries | Up to 24 months after redemption (fraud prevention), then anonymized |
| Firebase Analytics events | 14 months (default Firebase setting) |
| Website / hosting access logs | Up to 30 days (Cloudflare default) |
| Email correspondence with us | Up to 24 months after the matter is closed |
9. Security
We apply industry-standard technical and organizational measures, including:
- HTTPS / TLS for all network traffic between the App, our website, and third-party services;
- OS-level encryption (Android Keystore / iOS Keychain) for on-device sensitive storage;
- password hashing (handled by Firebase Authentication);
- UID-prefixed storage namespaces inside the App so that one account cannot read another account's data on a shared device;
- HMAC-signed and server-validated promo codes;
- least-privilege access to administrative consoles and Firebase project settings;
- incident logging and review.
10. Your rights
Where the GDPR or UK GDPR applies to you, you have the following rights:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — ask us to delete your account and associated data. See also Delete Account.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — export your medical data via the in-app PDF / JSON export.
- Right to object (Art. 21) to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — for example, by revoking location permission in your device settings.
- Right to lodge a complaint with a supervisory authority. For Serbian users, this is the Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti (poverenik.rs). EU users may contact their national authority; UK users may contact the ICO.
To exercise any of these rights, email [email protected]. We respond within 30 days. We may need to verify your identity before fulfilling the request.
11. Children's privacy
ShuntCare is not intended for use by children under the age of 13 (under 16 in some EU member states) without the supervision and verifiable consent of a parent or legal guardian. The App is designed primarily for adults living with hydrocephalus and for parents or caregivers tracking a child's condition on the child's behalf. We do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data without proper consent, please contact us so we can delete it.
12. Cookies & tracking technologies
The website does not use cookies, web beacons, pixel tags, third-party advertising tags, or persistent client-side trackers. The App may use OS-level identifiers required by Firebase, RevenueCat, and the platform stores (Google Play / Apple App Store) for the technical operation of those services; you can reset advertising identifiers in your device settings if you wish.
13. Medical disclaimer
The information presented by the App — including but not limited to red/yellow/green informational bands, symptom-pattern summaries, the "urgent triad" description, fever-threshold information, NPH-triad explanations, paediatric symptom-combination descriptions, and the appointment-prep PDF — is provided for informational and self-organisation purposes only. It is derived from publicly available patient-education literature on hydrocephalus, including NIH NBK459351 and other open-access materials. It is not personalised medical advice, not a clinical assessment, and not a substitute for the judgment of your treating clinician.
You must always consult a qualified neurosurgeon, paediatrician, or other licensed clinician for any medical decision. In any suspected emergency — including, without limitation, the urgent triad of headache + vomiting + vision change, severe fever with headache, sudden lethargy, seizure, sudden behaviour change, or any change you find alarming — contact your neurosurgical team or your local emergency number immediately. Do not rely on the App to determine whether an emergency exists or to time a call to your clinician.
You expressly acknowledge:
- the absence of an in-app notification does not mean no medical event is occurring;
- the presence of an in-app notification is not a diagnosis;
- any informational band, summary, trend, or pattern shown is computed from data you entered manually, and inaccuracies in that data propagate to the output;
- delays in opening the App, missing data, device failure, or App or third-party outage may mean no informational band appears even when symptoms are present;
- any decision you take, or refrain from taking, based on the App's output is your sole responsibility.
You agree that you understand and accept these limitations and that you will not use the App as your sole source of medical decision-making.
13a. No endorsement or affiliation
ShuntCare and T3D2 Software Solutions are not endorsed by, affiliated with, sponsored by, or approved by any medical association, professional body, patient organisation, hospital, clinic, regulatory authority, or government agency. References in the App, on the website, or in marketing materials to organisations such as the NIH, or any other organisation are made solely as citations to publicly available patient-education or academic literature, on a fair-citation basis. No association, partnership, accreditation, or co-marketing arrangement should be inferred from any such reference unless we have specifically confirmed it in writing on a dedicated partnership page. All third-party trademarks remain the property of their respective owners.
13b. Use of the App for children
When ShuntCare is used to track a child's shunt-related symptoms — for example, by a parent or legal guardian on the child's behalf — the responsible adult is solely accountable for: supervising all data entry, interpreting any output in light of the child's actual condition, escalating to the child's clinical team where appropriate, and obtaining medical care without delay when concerned. The App does not substitute for paediatric clinical advice. Paediatric thresholds shown in the App (for example, lower fever cut-offs) are summaries of publicly available patient-education materials and may not reflect your specific child's clinical situation. Always defer to the child's paediatric neurosurgical or paediatric team.
13c. Translations and localised content
The App is offered in multiple languages for the convenience of users in different markets. Translations may contain inaccuracies, omissions, or out-of-date information. The English version is the canonical version of both this Policy and the in-app content; in case of any discrepancy with a translation, the English version prevails. Medical terminology in particular may not translate one-to-one between languages. In any clinical conversation, you should confirm critical information with your treating clinician in the language of clinical care, regardless of how the App displays it in your chosen interface language.
14. Non-diagnostic notice
ShuntCare does not measure, sense, analyse, or interpret biological signals. It does not connect to medical sensors or implantable devices. It does not transmit data to clinical systems or electronic health records. Any value presented in the App (informational band, summary, trend) is computed solely from data you have manually entered and rules derived from publicly available patient-education literature. The output is not a clinical assessment, not a triage decision, and must not be treated as one. The App is not a "software as a medical device" (SaMD) within the meaning of EU MDR 2017/745, US FDA guidance, or any equivalent regulatory framework.
14a. Limits of ancillary features
Several features of the App rely on data or services we do not control, and you must not rely on them for time-critical or safety-critical decisions:
- Hospital Finder: uses OpenStreetMap data, which is community-maintained and may be incomplete, out of date, or wrong about a hospital's capabilities. Always verify the hospital and its capabilities before relying on it for emergency or specialist care.
- Appointment-Prep PDF / Doctor Sharing: the file is a structured printout of your own entries, not a clinical record. Accuracy depends entirely on the data you entered. Confirm all key facts (medication names, doses, dates, shunt details) with the recipient clinician in person.
- Reminders: local device notifications. They may not fire if your device is off, in airplane mode, low-battery, has notifications disabled, or if the operating system kills the App. Do not rely on them as your sole reminder for time-critical medication.
- Lost or shared device: if you lose your device, share it, or fail to lock it, anyone with access can see your data. We are not responsible for unauthorised access caused by device-side failures.
15. Disclaimer of warranties
To the maximum extent permitted by applicable law, the App and the website are provided "as is" and "as available", with all faults and without warranty of any kind, whether express, implied, statutory, or otherwise. We specifically disclaim all warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy of data, and uninterrupted or error-free operation.
Without limiting the foregoing, we do not warrant that:
- the App or website will meet your requirements or expectations;
- the App's warning rules will detect, predict, or prevent any specific medical event;
- the content of the App, including translations, will be free from inaccuracies, omissions, or outdated information;
- the App will be compatible with any particular device, operating system version, or accessibility setting;
- data you enter will be backed up, recoverable, or preserved against device failure, OS resets, or accidental deletion; or
- third-party services (including Firebase, RevenueCat, OpenStreetMap, Cloudflare, Google Play, and Apple) will be uninterrupted, secure, or free of defects.
16. Limitation of liability
To the maximum extent permitted by applicable law:
- In no event shall T3D2 Software Solutions, its owner, employees, contractors, partners, or licensors be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including without limitation damages for loss of profits, loss of revenue, loss of business, loss of goodwill, loss of data, medical injury, emotional distress, or any other intangible loss, arising out of or in connection with your access to or use of, or inability to access or use, the App, the website, or any content therein.
- In no event shall our aggregate liability to you for all claims arising out of or relating to the App or this policy exceed the greater of (a) the total amount you have paid to us for the App in the twelve (12) months preceding the event giving rise to the claim, or (b) fifty euros (€50).
- The limitations in this section apply whether the claim is based in contract, tort (including negligence), statute, or any other legal theory, and whether or not we have been advised of the possibility of such damages.
- Nothing in this policy excludes or limits any liability that cannot lawfully be excluded or limited under applicable law, including liability for death or personal injury caused by our gross negligence or wilful misconduct, fraud, or fraudulent misrepresentation. Some jurisdictions do not allow the exclusion of implied warranties or the limitation of certain damages; in those jurisdictions, the exclusions and limitations above apply only to the maximum extent permitted by law.
You acknowledge that the App is offered at a low subscription price (or free), that the limitations of liability in this section are a material part of the bargain between us, and that we would not be able to provide the App without these limitations.
17. Indemnification
You agree to defend, indemnify, and hold harmless T3D2 Software Solutions, its owner, employees, contractors, partners, and licensors from and against any and all claims, demands, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in any way connected with:
- your access to or use of the App or the website;
- your violation of this Privacy Policy or any applicable law;
- any decision or action — medical or otherwise — that you, a family member, a caregiver, or any third party takes in reliance on the App's content;
- any data you upload, enter, or share, including imaging files, doctor snapshots, or shared records;
- your infringement of any third-party right, including intellectual property, privacy, or publicity rights; or
- any unauthorized access to your account caused by your failure to keep your credentials or device secure.
18. Force majeure
We are not responsible for any failure or delay in performance caused by events beyond our reasonable control, including but not limited to: outages of Google Firebase, RevenueCat, OpenStreetMap, Cloudflare, Google Play, Apple App Store, or other third-party infrastructure; internet or telecommunications failures; acts of government; war; civil unrest; pandemics; natural disasters; cyber-attacks; or changes in law that materially restrict our ability to operate.
19. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to the App, our services, applicable law, or industry practice. The "Last updated" date at the top of this page indicates when the latest version took effect. Material changes will be communicated through the App (for example, by requiring you to re-accept the policy at next launch) or by a prominent notice on the website. Your continued use of the App or website after a change becomes effective constitutes your acceptance of the updated policy.
19a. Pre-litigation notice
Before initiating any legal proceedings against T3D2 Software Solutions, ShuntCare, or its owner in connection with this Policy, the App, or the website, you must first send a written notice to [email protected] describing the nature of the dispute, the relief sought, and your contact details, and you must allow us at least sixty (60) days from receipt of that notice to investigate and attempt to resolve the matter in good faith. This requirement does not apply (a) where prohibited by mandatory consumer-protection law, (b) to applications for injunctive or equitable relief to prevent imminent harm, or (c) to complaints to a data-protection supervisory authority under section 10.
20. Governing law & jurisdiction
This Privacy Policy and any non-contractual obligations arising out of or in connection with it are governed by and construed in accordance with the laws of the Republic of Serbia, without regard to its conflict-of-law principles. The courts of Belgrade, Republic of Serbia shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy, the App, or the website, subject to your mandatory consumer rights to bring proceedings in the courts of your country of habitual residence under applicable EU consumer-protection rules.
Where you reside in the European Union, the United Kingdom, or another jurisdiction with mandatory data-protection laws, nothing in this section affects your statutory rights under those laws, including your right to lodge a complaint with your local supervisory authority (see section 10).
21. Contact
For any privacy question, request to exercise a right under the GDPR, or report of a security incident, contact:
T3D2 Software Solutions
Attn: Damir Gojović (Owner / Privacy Contact)
Email: [email protected]
Subject line tip: please include "Privacy request" so we can route it quickly.
For account deletion specifically, see Delete Account.
This document is provided in English as the canonical version. Translations may be made available in the App in multiple languages for convenience; in the event of any inconsistency between the English version and a translation, the English version prevails. This Privacy Policy has been drafted by the publisher and has not been formally reviewed by external legal counsel; users in regulated markets should not treat any clause as a substitute for independent legal advice. Capitalised terms used but not defined in this policy have the meanings given to them in the GDPR or, where relevant, applicable Serbian or EU consumer-protection legislation.