Terapeuta - Privacy Policy

Last updated: 2026-05-13

Provider: Jakub Wolański (sole trader, trade name JETWARE)

Legal contact email: jetware.software@gmail.com

Address of establishment: Wierzbowa 26B, 05-408 Lipowo

Country of establishment: Poland

Public register: CEIDG (sole trader), REGON 142568348

NIP / VAT ID: PL5213360216

Privacy contact: Jakub Wolański

Privacy Policy

This Privacy Policy explains how Terapeuta ("we", "us") collects, uses, stores, and shares data when you use the Terapeuta app (domain logopeda.app).

Terapeuta is a Polish speech-therapy application with role-based access for therapists (speech-language pathologists), parents/guardians, and child patients. The app uses Supabase (Auth, Postgres, Edge Functions), Firebase Cloud Messaging (push), Firebase Crashlytics (crash reporting), and RevenueCat + Apple App Store / Google Play (in-app subscriptions). For users in the therapist or parent role the app additionally uses Amplitude (product analytics, EU data center) - see section 4. In the child-patient mode the app does not initialise the Amplitude SDK.

1) Data we collect

Therapist account: name, email, contact information, authentication data, subscription metadata.
Parent/guardian account: name, email, contact information, password-reset data, relationship to the child.
Child patient data: first name (or pseudonym), year of birth/age, speech-therapy diagnosis, therapy plan, exercise progress, session history, optional caregiver or therapist notes. This data is "health-related data" within the meaning of Article 9(1) GDPR (a special category of personal data).
Therapist-entered patient data: diagnosis, exercise selection, progress evaluations, reports.
Device and usage data for users in the therapist or parent role: app version, crash logs (Firebase Crashlytics), region settings, pseudonymised product event logs in Amplitude (e.g., screen opened, section used). In the child-patient role the app does not send product events to Amplitude - the mere fact that a person participates in speech therapy is health-related data under Art. 9(1) GDPR and stays solely within the Supabase EU infrastructure. Crashlytics and technical device logs (without patient-role metadata or diagnosis) may also be collected in the child-patient mode.
Support and feedback messages you send us.

2) How we use data

To authenticate and secure accounts.
To deliver therapy: create and edit therapy plans, exercises, progress entries, reports.
To render correct UI, language, notifications and exercise reminders.
To improve reliability, fix bugs, and improve product quality.
To verify subscription status and access rights.
For transactional communication: reminders, confirmations, subscription status.

3) Legal basis

Processing of ordinary account data (therapist, parent) is based on performance of the service contract (Art. 6(1)(b) GDPR) and our legitimate interests (Art. 6(1)(f) GDPR) - security, fraud prevention, product diagnostics.
Processing of child-patient health-related data (diagnosis, therapy plan, progress) is based on the explicit consent of the parent/guardian (Art. 9(2)(a) GDPR) given at child enrolment in the app, and where applicable in the context of healthcare provided by the therapist (Art. 9(2)(h) GDPR).
Any marketing communication is based solely on consent (Art. 6(1)(a) GDPR), which can be withdrawn at any time.

4) Sharing and processors

We share personal data only with service providers needed to run Terapeuta:

Supabase (PostgreSQL, Auth, Edge Functions, EU region - Frankfurt) - primary application data host, including patient health-related data.
Amplitude (EU data center) - product analytics only for users in the therapist or parent role (pseudonymised identifiers; no patient_id, no diagnosis content, no child data, no user_role=patient). The app does not initialise the Amplitude SDK in the child-patient context - this follows from the contractual restriction in the Amplitude DPA Annex I regarding the transfer of special categories of personal data (Art. 9 GDPR).
Firebase Cloud Messaging + Crashlytics (Google LLC) - push notifications and crash reports. Crashlytics collects technical data (stack trace, device model, OS version) and does not receive therapeutic content or patient identifiers.
RevenueCat - subscription-metadata processing.
Apple App Store / Google Play - billing and refunds for in-app subscriptions.

We do not sell personal data for advertising. Product analytics (Amplitude) does not cover the app running in the child-patient mode; patient health-related data is not transferred to any processor other than Supabase EU.

5) Retention and security

Account and operational data is retained as long as needed to provide the service and in line with applicable retention rules.
Child-patient data, including diagnosis and therapy history, is retained while the therapist or parent uses the service. On request, it is deleted; if a therapist keeps a separate external record (outside Terapeuta), that record remains outside our control.
We use role-based access (RLS in Postgres), encryption in transit (TLS), and encryption at rest in line with Supabase standards.

6) Your rights

You can request access, correction, deletion, restriction, or portability of your data; you can object to processing based on legitimate interests. Where consent is the legal basis, you can withdraw consent at any time (withdrawal does not affect processing performed before withdrawal).

Send requests to jetware.software@gmail.com. You can also lodge a complaint with the Polish Data Protection Authority (UODO) or with your local supervisory authority.

7) Children and sensitive data

Terapeuta is an application directed to children (primarily preschool and early school age) using speech therapy under the supervision of a parent or therapist. A child never creates an account on their own - the app is always used on a child's behalf by a parent/guardian or by a therapist.

A child profile is linked to a parent/guardian account (or to a therapist account in their professional practice) and managed by that adult.
Parental consent is required under Art. 8 GDPR for children below the local age threshold (16 in Poland).
Diagnoses, exercises, and progress of the child are health-related data and are protected under Art. 9 GDPR.
The app does not display advertising to children and does not share child data for marketing or advertising purposes. In the child-patient mode the app does not use third-party product analytics (Amplitude or other) - the child's health-related data stays within the Supabase EU infrastructure.

Additional Legal Notice (GDPR/CCPA Baseline)

8) Data controller and processor roles

The Terapeuta provider (above) is the data controller for account data, login data, subscription data, product diagnostics, and security.
For patient data entered by a therapist in their professional practice, the therapist is the data controller of that patient data, and Terapeuta acts as a data processor on the therapist's instructions. The therapist is responsible for obtaining required parental consent.
For parents using the app without a connection to a specific therapist (e.g., to run home exercises), the parent is the data controller of their child's data within the app, and Terapeuta acts as a data processor.

9) International transfers

Primary application data is hosted in the EU (Supabase Frankfurt).
Amplitude hosts project data in its EU data center (Frankfurt). Firebase data (Cloud Messaging, Crashlytics) and RevenueCat subscription metadata may be processed in the United States under the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.
Apple and Google process subscription data under their own policies and store infrastructure.

10) Required data and automated decisions

Some data (e.g., login, child identification) is required to provide the service. Without it, core features will not work.
Terapeuta does not use solely automated decisions that produce legal or similarly significant effects about individuals, including children. All therapy recommendations require a human therapist or parent in the loop.

11) EEA / UK / Swiss privacy rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, and data portability.
Where processing is based on consent, you can withdraw it at any time.
You may lodge a complaint with your local supervisory authority (in Poland: UODO).

12) California notice (CCPA/CPRA)

California residents may request to know, correct, delete, and obtain a portable copy of personal information, subject to legal exceptions.
We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
We process limited sensitive personal information (health-related) only as needed to provide and secure the therapy service.
We do not discriminate against users for exercising privacy rights.
Rights requests may be submitted by emailing jetware.software@gmail.com.

13) App Store / Google Play billing notice

Subscription purchase, cancellation, and refunds are handled by the billing platform you used (Apple App Store or Google Play) according to that platform's terms.

14) Medical disclaimer

Terapeuta is a digital support tool for speech therapy. The app is not a medical device, does not replace a consultation or diagnosis by a qualified speech-language pathologist, and is not intended for self-treatment. Diagnostic and therapeutic content is entered by a therapist or produced as suggestions that require verification by a qualified professional.

15) Contact and complaints

Privacy requests and legal questions: jetware.software@gmail.com.
Supervisory authority (PL): Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.