Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how Roli Poli Canarias SL (“we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use the MediSnap mobile application (the “App”) and visit www.rolipolicanarias.com (the “Site”). We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

The data controller responsible for your personal data is:

• Roli Poli Canarias SL
• Tenerife, Canary Islands, Spain
• General enquiries: support@rolipolicanarias.com
• Privacy & data rights: privacy@rolipolicanarias.com

2. What data we collect

We only collect personal data that is necessary to operate MediSnap and respond to your enquiries.

2.1 When you use the MediSnap app

• Account information — email address, name (optional), encrypted password or third-party sign-in token (Apple ID, Google).
• Medical documents you upload — images and PDFs of prescriptions, lab reports, discharge notes, insurance papers, and similar health-related documents that you choose to capture or import.
• OCR-extracted text — text recognised by the app from the documents you upload, used to make your library searchable and to build summaries.
• Translation data — text you submit to the translation feature and the resulting translated output.
• Folder and timeline metadata — labels, dates, family-member tags, and other organisational data you add to your documents.
• Sharing activity — records of reports you share via the app (recipient, timestamp), to provide an audit trail for you.
• Device and diagnostic data — device model, operating system version, app version, crash reports, and anonymised usage analytics to keep the app stable. No advertising identifiers are collected.

2.2 When you use the website

• Information you submit through the contact form (name, email, message).
• Hosting server logs (IP address, request timestamps) kept for security and reliability.

We do not collect special-category health data beyond what you voluntarily upload, and we do not infer diagnoses or medical conclusions from your documents.

3. Why we collect it (purposes and legal basis)

• Providing the MediSnap service — storing, organising, translating, and exporting your documents at your request. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and, for health data specifically, your explicit consent (Art. 9(2)(a) GDPR).
• Securing your account and the app — fraud prevention, abuse detection, security logging. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
• Improving the product — anonymised, aggregated usage analytics. Legal basis: legitimate interests (Art. 6(1)(f) GDPR), where permitted by law.
• Responding to enquiries — emails and contact-form messages. Legal basis: your consent (Art. 6(1)(a)) and pre-contractual steps (Art. 6(1)(b)).
• Complying with legal obligations — tax, accounting, and lawful requests. Legal basis: legal obligation (Art. 6(1)(c)).

4. Cloud storage and security

Medical documents and account data are stored on cloud infrastructure provided by reputable processors located within the European Economic Area where possible. We protect your data with:

• Encryption in transit — all communication between the app and our servers is encrypted with TLS 1.2 or higher.
• Encryption at rest — documents and OCR-extracted text are encrypted on our storage backend.
• Access controls — only you (and people you explicitly share with) can access your documents. Roli Poli Canarias staff do not access user documents except where strictly necessary to investigate a reported issue, fix a bug, or comply with a legal obligation.
• Backups — encrypted backups are retained for disaster recovery and purged on the same schedule as the source data.

No system is perfectly secure. If a data breach affects your personal data, we will notify you and the Spanish Data Protection Authority (AEPD) in line with Articles 33 and 34 GDPR.

5. Who we share data with

We do not sell your personal data and we do not share it with third parties for marketing or advertising. We share data only with:

• Cloud hosting and storage providers — to operate the service.
• OCR and translation processors — to perform the features you request, under data-processing agreements that prohibit using your data for any other purpose.
• Authentication providers — Apple and Google, only if you choose Sign in with Apple or Google.
• Law enforcement — where compelled by a valid legal order under Spanish or EU law.

Where any processor is located outside the European Economic Area, we ensure appropriate safeguards under Chapter V GDPR (standard contractual clauses or an adequacy decision).

6. Your rights

Under the GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of your data.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure / “right to be forgotten” (Art. 17) — request deletion of your account and data.
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20) — receive your data in a portable format.
• Right to object (Art. 21).
• Right to withdraw consent (Art. 7(3)) at any time, without affecting prior lawful processing.
• Right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.

To exercise any of these rights, email privacy@rolipolicanarias.com. We respond within one month.

7. Account deletion

You can delete your MediSnap account at any time:

• In the app: Profile > Settings > Delete account.
• By email: send a deletion request from the email address linked to your account to support@rolipolicanarias.com.

When you delete your account, your documents, OCR-extracted text, translations, and account data are permanently erased within 30 days. Encrypted backups containing your data are purged within an additional 60 days. Anonymised, aggregated analytics that cannot be linked back to you may be retained. Full instructions are also available on our Delete account page.

8. Data retention

• Active accounts: data is retained for as long as your account is active.
• Inactive accounts: if you do not log in for 24 months, we will email you a reminder and, if there is no response within 90 days, delete the account.
• Contact-form messages: retained for up to 12 months unless an ongoing relationship arises.
• Tax and accounting records (where applicable): retained for the period required by Spanish law.

9. Children

MediSnap is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact privacy@rolipolicanarias.com and we will delete it.

10. Medical disclaimer

MediSnap is a document-management tool. It helps you scan, organise, translate, and share medical documents. MediSnap is not a medical device. It does not diagnose, treat, cure, monitor, or prevent any disease or medical condition, and it does not replace professional medical advice. Always consult a qualified healthcare professional for medical decisions. Do not rely on MediSnap for medication dosing, emergency care, or clinical interpretation of your reports.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page reflects the most recent revision. We will notify you of material changes by email or through the app before they take effect.

12. Contact

• General enquiries: support@rolipolicanarias.com
• Privacy & data rights: privacy@rolipolicanarias.com
• Postal: Roli Poli Canarias SL, Tenerife, Canary Islands, Spain

This Privacy Policy is provided as a comprehensive template for a medical document app. It is not a substitute for legal advice. Before launch you should have a qualified data-protection lawyer in Spain review it against your actual data flows, processor list, and cloud regions.