This policy complies with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Spanish data-protection law. BUNIN is operated from Spain and is designed as a local-first application: your health data is created, stored, and processed only on your own device, under your control, and is never stored on or accessible to our servers. This policy explains that design and the limited operational data the service handles.
1. Provider, roles, and scope
Who provides BUNIN
BUNIN is developed and operated from Spain by:
- Konstantin Bunin
- N.I.E. Y2703732G
- calle Felipe Menéndez, 11, 3A, 33206, Gijón, Asturias, Spain
- Contact: support@thebunin.app
What BUNIN is
BUNIN processes personal medical information as a user-controlled health record platform — a tool that helps you collect, normalize, review, and manage your own medical data on your own device.
Roles under the GDPR
Because BUNIN is designed as a local-first application, Konstantin Bunin is responsible for providing the BUNIN software and operating it securely — not for controlling, storing, or accessing your health data.
Konstantin Bunin does not act as the data controller of your health data within the meaning of Article 4(7) GDPR: he never determines the purposes and means of processing your health data and cannot access it, because that data is created, stored, and processed only on your own device, under your sole control. In relation to your own health data, you are the controller.
BUNIN — and Konstantin Bunin — does not collect, store, or have server-side access to the health data of its users, including users residing in the European Union / European Economic Area. Any processing carried out on our servers is limited to transient, in-memory technical operations performed on your instruction (for example, recognizing text in a document you choose to upload), after which nothing is retained (see Section 6).
For the limited operational, non-health data strictly necessary to run the service — such as wallet-authentication tokens and marketplace/consent metadata — Konstantin Bunin acts as controller (or, for transient technical processing performed on your instruction, as processor) and applies the safeguards described in this policy. This policy describes how the app and backend handle profile data, medical documents, normalized health records, wallet-based consent metadata, and support communications.
2. Data categories
We may process:
- account and device data needed to operate the app;
- profile fields entered by the user, including health and lifestyle context — stored only locally on your device, never on our servers;
- uploaded documents and OCR-derived candidate values — processed transiently in server memory to recognize and normalize values, then discarded; never written to a database or disk on our servers;
- normalized health records and export snapshots — stored only locally on your device, encrypted at rest;
- wallet addresses used for authentication and consent signing;
- legal identity data only when the user explicitly provides it for lawful attribution or ownership — likewise stored only locally on your device;
- non-health operational data needed to run the service: wallet-authentication session tokens, marketplace pricing/request/consent metadata (which does not contain health content), and on-chain event-indexing checkpoints;
- technical logs needed for reliability, abuse prevention, and support.
Health-related data (lab results, diagnoses, medical history, and similar) is a special category of personal data under Article 9 GDPR. We only process it on the basis of your explicit consent, given when you create your profile, upload a document, or otherwise choose to enter medical information into the app. As described in Section 6, this data never leaves your control in stored form — it exists only on your own device.
3. Legal basis for processing (GDPR Article 6 and Article 9)
BUNIN relies on the following legal bases, according to the type of data:
- Explicit consent (Art. 9(2)(a) GDPR) is the basis on which you enter, upload, and process your own health data in the app, and for any consent you give via wallet signature for a specific sharing/marketplace request. Because your health data stays on your device under your control, you direct this processing yourself; any transient technical step on our servers is performed only on your instruction (see Sections 1 and 6).
- Performance of a contract (Art. 6(1)(b) GDPR) to provide the core app functionality you request (profile management, OCR ingestion, exports).
- Legitimate interest (Art. 6(1)(f) GDPR) for security logging, abuse prevention, and service reliability, balanced against your rights and freedoms.
- Legal obligation (Art. 6(1)(c) GDPR) where we must retain or disclose data to comply with applicable law.
You may withdraw consent at any time through the support channel or in-app controls, without affecting the lawfulness of processing carried out before withdrawal.
4. Purpose of processing
We process data to:
- let the user create, review, and export a structured health record;
- run OCR, normalization, encryption, and storage workflows;
- generate AI-ready dossiers and briefs requested by the user;
- verify typed consent for data sharing requests;
- operate support, monitoring, and incident response;
- comply with legal and security obligations.
5. Data separation
BUNIN keeps direct legal identity separate from portable medical content.
Portable health packages should not include full identity fields unless a specific lawful workflow requires them. Consent and monetization events are linked by references rather than by embedding unnecessary identity data in the medical record.
6. Storage, hosting, and international transfers
BUNIN is designed so that our servers never store your health data — not even in encrypted form. Your profile, medical documents, normalized health records, and exports are stored exclusively on your own device, encrypted at rest using a key protected by your device's biometric security (Face ID / Secure Enclave or equivalent). We have no server-side copy to lose, be breached, or be compelled to disclose in bulk. This applies equally to all users, including those residing in the European Union / European Economic Area.
When you upload a document (e.g. a lab report) for recognition, the file and its extracted text are processed only transiently, in server memory, for the single purpose of recognizing and normalizing values; the result is returned directly to your device for you to save locally, and the server-side copy is automatically discarded (held for at most a short processing window, typically under 30 minutes, and never written to a database or disk).
Our backend infrastructure (hosted within the European Union) is used only for: (a) this transient document-processing step; (b) wallet-based authentication; (c) off-chain marketplace pricing, sharing-request, and consent metadata, which never contains health content; and (d) indexing on-chain consent/settlement events. On-chain data itself is limited to consent, audit, and settlement references — never raw medical content.
The service may use external processors for hosting, analytics, support, e-mail delivery, IPFS pinning, or wallet infrastructure when configured. Where a processor is located outside the European Economic Area, we rely on an adequacy decision, Standard Contractual Clauses, or another valid transfer mechanism recognized under Chapter V GDPR, and we will identify such processors on request.
7. Sharing and disclosure
The user decides when to share records or sign consent for a specific request. We do not sell raw medical payloads or publish personal health data on public blockchain state.
We may disclose information when required by law, to protect the security of the service, or to respond to user requests.
8. Automated processing
BUNIN's AI-generated dossiers, briefs, and deviation/anomaly flags are informational aids only. We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing without the possibility of human review, as described in Article 22 GDPR. You always control whether generated content is created, exported, or shared.
9. Retention and deletion
We do not retain your health data on our servers at all: your profile, records, documents, and exports exist only locally on your device, under your direct control, for as long as you choose to keep them — you can view, edit, export, or permanently delete them at any time directly in the app, and deleting the app or its local data removes them completely with no server-side copy remaining.
Documents submitted for OCR/normalization are held in server memory only for the brief window needed to complete that single processing request (see Section 6), then automatically discarded.
Non-health operational data — wallet-authentication session tokens, marketplace pricing/request/consent metadata, and on-chain indexing checkpoints — is retained only as long as needed for those specific purposes, applying the data minimization and storage limitation principles of Article 5 GDPR. Users may request review or deletion of this non-health account-level data through the support workflow at any time.
10. Your rights under GDPR
If you are located in the EU/EEA, you have the right to:
- access the personal data we hold about you (Art. 15) — for your health data this is immediate and self-service, since it already lives only on your device and is fully viewable in the app; for the limited non-health operational data described in Section 9, contact us;
- rectify inaccurate or incomplete data (Art. 16) — directly in the app for health data (edit and re-save), or via the support channel for account-level data;
- erase your data ("right to be forgotten") (Art. 17) — for health data, delete it directly in the app or remove the app/its local data, which leaves no server-side copy to erase; for account-level data, contact us;
- restrict processing in certain circumstances (Art. 18);
- data portability — receive your data in a structured, commonly used, machine-readable format (Art. 20), which BUNIN already supports through its export/backup feature;
- object to processing based on legitimate interest (Art. 21);
- withdraw consent at any time, without affecting prior lawful processing (Art. 7(3));
- lodge a complaint with a supervisory authority — in Spain, the Agencia Española de Protección de Datos (AEPD), or the supervisory authority of your own EU/EEA member state.
To exercise any of these rights, contact us through the support channel. We will respond within the timeframes required by applicable law.
11. Children
BUNIN is not directed at children. We do not knowingly collect personal data from individuals under 16 years of age. If you believe a child has provided us with personal data, contact us so we can delete it.
12. Changes
This policy may be updated as the product evolves. Material changes will be reflected on this page, in app-store metadata, and in release notes, with the "Last updated" date above kept current.