1. Data Controller
This Asthma Tracker application is designed for personal use. When self-hosted, you are the data controller of your own health data.
2. Data We Collect
We collect and store the following data that you provide:
- Account Data: Username (hashed password stored securely)
- Health Data: Peak flow measurements, symptom severity scores
- Medical Data: Medication information, triggers (encrypted at rest)
3. How We Protect Your Data
- Password Security: Passwords are hashed using industry-standard algorithms (Werkzeug/PBKDF2)
- Data Encryption: Sensitive health data (medications, triggers) is encrypted using Fernet symmetric encryption (AES-128-CBC)
- Local Storage: All data is stored locally in an SQLite database on your server
4. Your Rights (DSGVO/GDPR Articles 15-22)
-
Right of Access (Art. 15):
You can view all your data in the application dashboard.
-
Right to Data Portability (Art. 20):
Export all your data in JSON format via Settings > Export Data.
-
Right to Erasure (Art. 17):
Delete your account and all associated data via Settings > Delete Account.
-
Right to Rectification (Art. 16):
Edit or delete any entry directly in the application.
5. Data Retention
Your data is stored indefinitely until you choose to delete individual entries or your entire account. There is no automatic data deletion.
6. Third-Party Services
This application uses the following external resources:
- Tailwind CSS (CDN): For styling - no personal data transmitted
- Chart.js (CDN): For charts - no personal data transmitted
No health or personal data is sent to any third-party service.
7. Browser Notifications
If you enable daily reminders:
- Notifications are scheduled locally in your browser
- No notification data is sent to external servers
- You can disable notifications at any time in Settings
8. Contact
For questions about this privacy policy or to exercise your rights, please contact the application administrator.
Last updated: February 2026