RheumEd Privacy Policy

Last updated: May 2025

Data Controller

Galiya Education Platform
Galiya H
Poonoor, Calicut, Kerala, 673574, India
Email: info@galiya.io
Data Protection Officer: dpo@galiya.io

Legal Basis for Processing

Access codes: Legitimate interest (providing secure access to medical education content)
Device identifiers: Legitimate interest (preventing unauthorized sharing among medical professionals)
Usage monitoring: Legitimate interest (security and platform integrity)
Email addresses: Consent (collected separately for code delivery)

Data We Collect

Within the app:

Access codes (stored securely with cryptographic validation - visible to administrators for support purposes)
Device session identifiers (randomly generated, unique per device)
Device registration timestamps
Last active timestamps
Login status (stored locally on your device)

Outside the app:

Email addresses (collected separately with your explicit consent for sending access codes)
Legal basis preferences (consent tracking)

Why We Process Your Data

To provide secure access to specialized rheumatology education content
To prevent unauthorized sharing of access codes between medical professionals
To maintain your login session across app restarts
To provide user support and technical assistance
To monitor platform security and prevent abuse
To send you access codes (email processing occurs outside this app)

Data Retention

Access codes: Retained until deactivated by you or us
Device identifiers: Automatically removed when access code is deactivated
Registration timestamps: Retained for security auditing purposes
Login status: Stored only on your device, cleared on logout/uninstall
Email addresses: Retained according to separate consent (managed outside this app)
Failed login attempts: Logged for security, automatically purged after 90 days

Data Security

We implement industry-standard security measures including:

Cryptographic validation of access codes during login (prevents unauthorized use of stolen database data)
Encryption in transit (HTTPS/TLS) and at rest
Row-level security policies preventing unauthorized data access
Device-based access limiting (preventing code sharing)
Administrative access to codes for user support and management
Regular security assessments and database optimization
Incident response procedures

Data Sharing and Transfers

Your data is stored securely using Supabase (hosted in EU data centers). We do not share your personal data with third parties except:

Our hosting provider (Supabase) - under data processing agreement with appropriate safeguards
As required by law or court order
With your explicit consent for specific purposes

Automated Decision Making

The app uses automated systems for:

Access code validation (purely technical, no human intervention needed)
Device limit enforcement (technical security measure)
No profiling or automated decisions affecting your professional standing

Medical Education Context

This platform is designed specifically for invited rheumatology specialists:

Access is invitation-only through professional networks
Content is educational and not patient-related
Users are bound by professional medical ethics
Platform administrators may contact you for educational program updates

Your Rights Under GDPR

You have the right to:

Access your personal data (request a copy)
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing
Data portability (receive your data in a structured format)
Object to processing
Withdraw consent (where processing is based on consent)
Lodge a complaint with your local data protection authority

Note: Exercising these rights may affect your access to educational content.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: dpo@galiya.io
Rescue Email: rheumedolutionsindia@gmail.com
Use the "Data Rights Request" option in app settings
Contact your platform administrator directly

We will respond within 30 days of receiving your request.

Local Device Storage

The app stores minimal data locally on your device:

Login status (to keep you signed in)
App preferences (theme, settings)
Policy acceptance records
No tracking cookies or analytics
All local storage is cleared when you log out or uninstall

Data Breach Notification

In the event of a data breach that may affect your rights and freedoms, we will notify you and relevant authorities within 72 hours of becoming aware of the breach. Our security measures significantly reduce the risk of meaningful data exposure.

Contact Information

For any privacy-related questions or concerns:

Email: info@galiya.io
Data Protection Officer: dpo@galiya.io
Rescue Email: rheumedolutionsindia@gmail.com
Postal address: Galiya H, Poonoor, Calicut, Kerala, 673574, India

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy in the app and updating the "last updated" date above. For significant changes, we may also email registered users.