Privacy Policy

PflugTech is a software company founded by Thomas Pflug, headquartered in São Paulo, Brazil. We design, develop and operate the Uberlingen apps and a portfolio of AI automation services.

Data controller: PflugTech / Thomas Pflug
Contact: pflugthomas04@gmail.com

We only collect data that is necessary to operate the service:

• Account data: name, email address and password (stored hashed). For doctors, also CRM number and medical specialty.
• Profile data: optional profile picture, display name, level, achievements and progress on the gamified habit tracker.
• Health and habit data: daily check-ins, goals defined by you or by your linked physician, weekly summaries and progression history. This data is only visible to you and to a physician you explicitly connect with.
• Communications: messages you exchange with your linked physician through the in-app chat.
• Technical data: IP address, device type, operating system version and basic application logs used for security and debugging.

• Operate, maintain and improve the Uberlingen apps and our services.
• Authenticate you, secure your account and prevent fraud or abuse.
• Allow patients and physicians to connect, share progress and communicate.
• Send service-related emails (account confirmation, password reset, important changes).
• Comply with legal obligations and respond to lawful requests.

We do not sell your personal data and we do not use your health data to train AI models or run advertising.

We process your data on the following legal bases:

• Consent — when you create an account and accept this policy.
• Performance of a contract — to provide the service you signed up for.
• Legitimate interest — for security, fraud prevention and product improvement.
• Legal obligation — when required by law or by competent authorities.

We share data only with infrastructure providers strictly required to operate the service. These providers act as data processors on our behalf and are bound by data protection agreements:

• Supabase — authentication, database and file storage.
• Vercel — web application hosting and analytics.
• Resend — transactional email delivery (account confirmation, password reset).
• Apple App Store and Google Play — mobile distribution and crash reporting on the respective platforms.

Some of these providers may store data outside of Brazil. We rely on standard contractual clauses and adequate safeguards to ensure your data remains protected.

We keep your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we must retain certain records to comply with legal obligations.

Backups containing residual copies are rotated and erased on a recurring schedule.

Under LGPD and GDPR you have the right to:

• Confirm whether we process your data and access a copy of it.
• Correct inaccurate, incomplete or out-of-date data.
• Request deletion or anonymization of your data.
• Request data portability to another service provider.
• Withdraw your consent at any time.
• Object to specific processing or request review of automated decisions.
• Lodge a complaint with the Brazilian National Data Protection Authority (ANPD).

To exercise any of these rights, contact us at pflugthomas04@gmail.com. We respond within 15 business days.

We use industry-standard practices to protect your data, including HTTPS encryption in transit, encryption at rest at the storage layer, hashed passwords and row-level security policies that restrict access at the database level.

No system is completely secure. If a data breach occurs and creates significant risk to you, we will notify affected users and the ANPD in accordance with the law.

Our web applications use only essential cookies required for authentication and core functionality. We do not use advertising or cross-site tracking cookies.

We collect anonymized usage analytics through Vercel Analytics, which does not use cookies and does not track you across sites.

The Uberlingen apps are not intended for children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we update the “Last updated” date at the top and notify users through the app or by email when appropriate.

For privacy questions, requests or complaints: