Privacy Policy

Last updated: April 1, 2026

This Privacy Policy describes how Hia Medical Translator (“we”, “our”, “us”) collects, uses, and shares information when you use the app. By using the app, you agree to this policy.

Important: The app is educational language assistance. It is not medical advice, diagnosis, or treatment.

1. Summary

We help you look up and learn medical terms (text, optional voice input, and optional camera/image use for term extraction).
We use Supabase for authentication, database operations, and backend functions.
We sign you in with anonymous authentication (no email/phone required for core use).
Full access features may be enabled after payment confirmation; verification is handled through our backend services.
We may log analytics events (best-effort) such as searches and feature usage to improve the app.
Text you search and related results may be stored on our servers as part of providing the service.
Voice and images are used on your device to obtain text; see the sections below for how that data is handled.
Local app data (search history, cache, study queue) may be stored on your device.

This summary is not a substitute for the full policy below.

2. Information we collect

2.1 Account and device identity

When you use online features, the app may create or use an anonymous Supabase Auth session. This assigns a stable random user identifier used to enforce security rules and associate data with your installation.
We may store a row for that identifier in our database (for example, an access status flag).

We do not require email or phone number for this anonymous sign-in flow.

2.2 Medical terms and learning content you submit

The terms or phrases you enter/select (including via speech-to-text or image-based extraction, when you use those features) are sent to our backend so we can look up and provide explanations, examples, and related learning content.
This content and associated metadata may be stored in our database (for example, in caching and study-queue related tables).

2.3 Analytics

We may log app events to our database, for example:

Term searches (which may include the search string, input source, locale/language tag, and app build identifier).
Study queue actions and other feature usage events (including image scan outcomes when applicable).

Analytics are best-effort and should never break normal use of the app.

Analytics events are not linked to a named identity; they are associated only with an anonymous session identifier.

2.4 Purchases and access unlock

If you complete a payment to unlock access features:

Payment is handled by the payment channel selected by the user.
We may process transaction references and account identifiers in our Supabase backend services so we can verify payment and unlock access status.

We do not receive full payment card details when processing is handled by third-party payment providers.

2.5 Data stored on your device

Search history, cached term results, study queue items, favorites, and similar app data stored locally.
Settings and flags (for example, onboarding and prompt-related preferences).

Local data remains on your device unless it is also synced or otherwise sent to our servers as described in this policy.

2.6 Permissions (Android)

Microphone: voice input to convert speech into text for term lookup.
Camera: capturing images for term extraction when you choose this feature.
Notifications: optional reminders or updates you enable.
Vibrate: light feedback for certain interactions.

You can deny permissions where the OS allows; some features may not work without them.

2.7 Technical and network data

Like most apps, when you use online features our servers and service providers may process technical data such as IP addresses, timestamps, and request metadata (and related error logs).

3. How we use information

Provide and maintain the app’s features (lookups, explanations, sync, and full-access unlock status).
Authenticate requests and enforce access rules (for example, via Row Level Security).
Verify subscriptions and prevent abuse.
Understand aggregate or event-level usage to improve the product.
Comply with law and respond to valid legal requests.

4. AI and third-party processing

OpenAI (or similar) may be used on our servers (for example, via Supabase Edge Functions) to generate or enrich medical term content. In that case, the text you submit for a lookup may be sent from our backend to that provider according to their terms and our configuration.

The mobile app is designed to not call those AI APIs directly for core term enrichment.

Other infrastructure providers:

Supabase — authentication, database, storage, and serverless functions.
Google (Google Play) — in-app purchases and related verification.

We do not sell your personal information to third parties in the conventional sense of selling for money.

5. Sharing

We share information only as needed to operate the app, including:

With service providers (such as Supabase and any AI providers used on the backend) who process data on our behalf.
With Google as part of Play Billing and device services.
When required by law, or to protect rights, safety, and integrity of users or the service.

6. Retention

We retain server-side data for as long as needed to provide the app and for legitimate business purposes (for example security, analytics aggregation, and legal compliance).

Local data remains on your device until you clear app data, uninstall the app, or delete it inside the app where available.

You can delete your data directly from within the app: go to Settings → Manage My Data to clear favorites, search history, or failed searches individually, or tap "Delete All My Data & Account" to permanently remove all server-side data linked to your account. For deletion requests outside the app, contact us at the email below.

How to Delete Your Data

Open the Hia Medical Translator app
Go to Settings
Tap "Manage My Data"
Choose to clear specific data (favorites, search history, failed searches), or tap "Delete All My Data & Account" to remove everything permanently

You may also request deletion by emailing us at the address in the Contact section.

6A. WhatsApp and Meta (WhatsApp bot)

If you use our WhatsApp bot, we process the information Meta sends us via the WhatsApp webhook so we can respond to your messages. This may include:

WhatsApp identifiers (for example your phone number, used as an identifier for the conversation).
Message content you send (for example term queries and commands such as /start and /speed).
Delivery metadata used for deduplication and tracking (for example a message id).
WhatsApp bot subscription state when enabled through our flow.

We store WhatsApp-related records in our database (for example, whatsapp_users, whatsapp_term_searches, and whatsapp_webhook_updates) as needed to operate the service.

For pronunciation audio, we may synthesize speech on the backend and store the resulting audio in our Supabase Storage so both platforms can reuse generated audio. We do not publish the storage publicly. When WhatsApp needs an audio link, the bot uses a time-limited signed URL.

Third parties: WhatsApp bot delivery and webhook calls are provided through Meta’s WhatsApp Business Platform (Meta Graph API). Backend services such as Supabase and any AI providers used for enrichment/TTS process data on our behalf.

For security and legitimate service protection interests, we may process abuse-related behavioral signals (such as repeated invalid inputs, limit overuse, and automated message patterns) to enforce temporary restrictions or permanent suspension for repeated violations.

By using the WhatsApp bot, you consent to the processing described in this policy.

Dedicated WhatsApp legal pages: WhatsApp Bot Privacy Policy, WhatsApp Bot Terms of Use, and Data deletion instructions.

7. Security

We use industry-standard measures appropriate to the nature of the service (for example encryption in transit and backend access controls). No method of transmission or storage is 100% secure.

8. Children’s privacy

The app is not directed at children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children.

9. International users

If you use the app from outside the country where our servers or providers are located, your information may be transferred and processed in other countries (including where Supabase or AI providers operate). Those countries may have different data protection laws.

10. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing, or to object or port data. To exercise these rights, contact us using the email below.

11. Changes

We may update this policy from time to time. We will post the new effective date at the top. Continued use after the effective date means you accept the updated policy.

12. Contact

Privacy requests: privacy@hiamedicaltranslator.com

We wrote this policy to be clear and readable. It is not personalized legal advice; email us at the address above if you have questions about how we handle your data.