Privacy Policy

Privacy information for the CARWatch apps, website, and Study Manager.

Privacy Policy

Effective date: 1 April 2026

This privacy policy describes how privacy-relevant data is handled in connection with the CARWatch software framework, including the Android app, the iOS app, the project website, and the Study Manager.

This policy is intended to provide the public privacy-policy URL required for app-store distribution. It covers the CARWatch software and project pages themselves. It does not replace the study-specific privacy information that must be provided by the research institution running a particular saliva sampling study.

1. Controller and Contact

Current project contact for the public CARWatch release:

If you have questions about this policy or about the handling of data in the CARWatch software framework, please contact the address above.

2. Scope of This Policy

This policy applies to:

  • the CARWatch Android app
  • the CARWatch iOS app
  • the CARWatch project website
  • the browser-based CARWatch Study Manager

This policy does not govern the independent research processing carried out by universities, clinics, laboratories, or other institutions that use CARWatch in their own studies. In such cases, the institution conducting the study is usually responsible for informing participants about the study-specific collection and use of their research data.

3. What CARWatch Does

CARWatch is an open-source framework designed to support objective saliva sampling workflows in field studies. Depending on the configured study workflow, the software may process:

  • study configuration information
  • barcode identifiers assigned to sampling materials
  • timestamps for app-based events such as setup, awakening reports, reminders, and barcode scans
  • log files exported from the app by the user
  • information voluntarily provided when contacting the project team by email

The purpose of these functions is to support study preparation, participant guidance during data collection, and structured post-study processing of exported logs.

4. Data Processed in the Mobile Apps

Depending on the study setup, the mobile apps may process the following categories of data on the device:

  • study parameters encoded in QR codes, such as sampling schedules or study identifiers
  • locally stored reminder and alarm settings
  • participant interaction data needed for the sampling workflow, such as awakening reports and barcode-based sample-event records
  • timestamps generated when relevant events occur in the app
  • exported log files created by the app for later review by study personnel

The CARWatch apps are designed as research-support tools. Based on the documented standard workflow of this project, data is generally processed locally on the device first and is not uploaded any CARWatch-operated servers as part of the basic app workflow.

5. Data Processed in the Study Manager

The CARWatch Study Manager can be used to:

  • define study settings
  • generate barcodes and QR codes
  • process exported CARWatch log files after data collection

According to the documented standard project setup, these processing steps are intended to remain client-side in the browser. In other words, uploaded study files are processed locally in the user’s browser and are not sent to any CARWatch-operated backend servers for central processing.

6. Data Processed on the Project Website

When you access the public CARWatch website, technical access data may be processed by the hosting provider in order to deliver the website securely and reliably. This may include, for example:

  • IP address
  • date and time of access
  • requested URL
  • browser and device metadata

The project website itself is not intended to use advertising technologies, user profiling, or analytics tools as part of the standard setup described in this repository.

7. Data Sharing and Recipients

Under the standard CARWatch workflow described in this project:

  • app data is not automatically transmitted to CARWatch-operated servers
  • exported app log files are shared only if the user or the responsible study team exports and transfers them
  • processed study data is handled by the study operator responsible for the respective research project

Possible recipients or processing contexts may include:

  • the research institution conducting a specific CARWatch study
  • the hosting provider for the project website
  • app-store operators such as Apple and Google in connection with app distribution

If a specific deployment of CARWatch adds other services, integrations, or server-side processing, the responsible operator of that deployment must provide additional privacy information.

8. Third-Party Services

Based on the currently documented project setup, the following third-party services may be relevant:

  • Apple App Store / App Store Connect for iOS app distribution
  • Google Play / Play Console for Android app distribution
  • GitHub / GitHub Pages for source-code hosting and public project-site hosting

The standard CARWatch workflow described in this repository is not intended to rely on advertising SDKs, third-party analytics, or crash-reporting services. If such services are added in a future release or in a study-specific deployment, this policy must be updated accordingly.

9. Purposes of Processing

Data may be processed for the following purposes:

  • providing and operating the CARWatch apps
  • configuring study workflows
  • generating study materials such as barcodes and QR codes
  • documenting sampling-related app events with timestamps
  • exporting and processing log files for later study evaluation
  • maintaining the public project website
  • responding to support or contact inquiries

Where European data-protection law applies, processing may be based in particular on:

  • Art. 6(1)(f) GDPR for the technically necessary provision and security of the public website and for handling project-related inquiries
  • Art. 6(1)(b) GDPR where processing is necessary to provide requested software functionality to the user
  • Art. 6(1)(a) GDPR where a user voluntarily provides information, for example by contacting the project team

For study-specific research processing, the applicable legal basis is determined by the institution conducting the respective study, not by this general project-site policy alone.

11. Storage, Retention, and Deletion

Under the standard CARWatch workflow:

  • app-generated records remain on the user’s device until they are deleted, the app is removed, or the data is exported and managed elsewhere
  • exported logs are retained by the party that stores them after export, for example the study operator
  • website-related server logs are retained by the hosting provider according to its own operational retention rules
  • emails sent to the project contact may be retained for as long as necessary to handle the inquiry and any follow-up communication

Because CARWatch can be used in different study contexts, retention periods for study data are mainly determined by the responsible study institution.

12. International Transfers

If project pages or source code are hosted through service providers located outside your country, personal data such as technical access logs may be processed in other jurisdictions. Where relevant, such processing is governed by the applicable terms and safeguards of the respective provider.

13. Your Rights

Where applicable law grants you such rights, you may have the right to request:

  • access to personal data
  • correction of inaccurate data
  • deletion of data
  • restriction of processing
  • objection to processing
  • data portability
  • withdrawal of consent for future processing, where processing is based on consent

You may also have the right to lodge a complaint with a competent data protection authority.

To exercise privacy-related rights with respect to the CARWatch project website or general software framework, contact richer@portabiles.de. For study-specific research data, please contact the institution conducting the respective study.

14. Children

CARWatch is a research tool and is not directed to children as a consumer service. If a specific study involves minors, the responsible study institution must ensure that all required participant information, consent, and legal safeguards are provided.

15. Changes to This Privacy Policy

This privacy policy may be updated if CARWatch changes technically, if new integrations are added, or if legal requirements change. The version published at this URL is the current version.

16. App-Store Transparency Note

Apple and Google may require additional structured privacy disclosures during app submission, for example in App Store Connect or the Google Play Data safety form. Those store-specific submission fields must be completed consistently with the actual behavior of the released app version.