BUNIN

Privacy Policy

Effective date: 2026-07-06 · Last updated: 2026-07-16

This policy complies with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Spanish data-protection law. BUNIN is operated from Spain and is designed as a local-first application: your health data is created, stored, and processed only on your own device, under your control, and is never stored on or accessible to our servers. This policy explains that design and the limited operational data the service handles.

1. Provider, roles, and scope

Who provides BUNIN

BUNIN is developed and operated from Spain by:

What BUNIN is

BUNIN processes personal medical information as a user-controlled health record platform — a tool that helps you collect, normalize, review, and manage your own medical data on your own device.

Roles under the GDPR

Because BUNIN is designed as a local-first application, Konstantin Bunin is responsible for providing the BUNIN software and operating it securely — not for controlling, storing, or accessing your health data.

Konstantin Bunin does not act as the data controller of your health data within the meaning of Article 4(7) GDPR: he never determines the purposes and means of processing your health data and cannot access it, because that data is created, stored, and processed only on your own device, under your sole control. In relation to your own health data, you are the controller.

BUNIN — and Konstantin Bunin — does not collect, store, or have server-side access to the health data of its users, including users residing in the European Union / European Economic Area. Any processing carried out on our servers is limited to transient, in-memory technical operations performed on your instruction (for example, recognizing text in a document you choose to upload), after which nothing is retained (see Section 6).

For the limited operational, non-health data strictly necessary to run the service — such as wallet-authentication tokens and marketplace/consent metadata — Konstantin Bunin acts as controller (or, for transient technical processing performed on your instruction, as processor) and applies the safeguards described in this policy. This policy describes how the app and backend handle profile data, medical documents, normalized health records, wallet-based consent metadata, and support communications.

2. Data categories

We may process:

Health-related data (lab results, diagnoses, medical history, and similar) is a special category of personal data under Article 9 GDPR. We only process it on the basis of your explicit consent, given when you create your profile, upload a document, or otherwise choose to enter medical information into the app. As described in Section 6, this data never leaves your control in stored form — it exists only on your own device.

3. Legal basis for processing (GDPR Article 6 and Article 9)

BUNIN relies on the following legal bases, according to the type of data:

You may withdraw consent at any time through the support channel or in-app controls, without affecting the lawfulness of processing carried out before withdrawal.

4. Purpose of processing

We process data to:

5. Data separation

BUNIN keeps direct legal identity separate from portable medical content.

Portable health packages should not include full identity fields unless a specific lawful workflow requires them. Consent and monetization events are linked by references rather than by embedding unnecessary identity data in the medical record.

6. Storage, hosting, and international transfers

BUNIN is designed so that our servers never store your health data — not even in encrypted form. Your profile, medical documents, normalized health records, and exports are stored exclusively on your own device, encrypted at rest using a key protected by your device's biometric security (Face ID / Secure Enclave or equivalent). We have no server-side copy to lose, be breached, or be compelled to disclose in bulk. This applies equally to all users, including those residing in the European Union / European Economic Area.

When you upload a document (e.g. a lab report) for recognition, the file and its extracted text are processed only transiently, in server memory, for the single purpose of recognizing and normalizing values; the result is returned directly to your device for you to save locally, and the server-side copy is automatically discarded (held for at most a short processing window, typically under 30 minutes, and never written to a database or disk).

Our backend infrastructure (hosted within the European Union) is used only for: (a) this transient document-processing step; (b) wallet-based authentication; (c) off-chain marketplace pricing, sharing-request, and consent metadata, which never contains health content; and (d) indexing on-chain consent/settlement events. On-chain data itself is limited to consent, audit, and settlement references — never raw medical content.

The service may use external processors for hosting, analytics, support, e-mail delivery, IPFS pinning, or wallet infrastructure when configured. Where a processor is located outside the European Economic Area, we rely on an adequacy decision, Standard Contractual Clauses, or another valid transfer mechanism recognized under Chapter V GDPR, and we will identify such processors on request.

7. Sharing and disclosure

The user decides when to share records or sign consent for a specific request. We do not sell raw medical payloads or publish personal health data on public blockchain state.

We may disclose information when required by law, to protect the security of the service, or to respond to user requests.

8. Automated processing

BUNIN's AI-generated dossiers, briefs, and deviation/anomaly flags are informational aids only. We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing without the possibility of human review, as described in Article 22 GDPR. You always control whether generated content is created, exported, or shared.

9. Retention and deletion

We do not retain your health data on our servers at all: your profile, records, documents, and exports exist only locally on your device, under your direct control, for as long as you choose to keep them — you can view, edit, export, or permanently delete them at any time directly in the app, and deleting the app or its local data removes them completely with no server-side copy remaining.

Documents submitted for OCR/normalization are held in server memory only for the brief window needed to complete that single processing request (see Section 6), then automatically discarded.

Non-health operational data — wallet-authentication session tokens, marketplace pricing/request/consent metadata, and on-chain indexing checkpoints — is retained only as long as needed for those specific purposes, applying the data minimization and storage limitation principles of Article 5 GDPR. Users may request review or deletion of this non-health account-level data through the support workflow at any time.

10. Your rights under GDPR

If you are located in the EU/EEA, you have the right to:

To exercise any of these rights, contact us through the support channel. We will respond within the timeframes required by applicable law.

11. Children

BUNIN is not directed at children. We do not knowingly collect personal data from individuals under 16 years of age. If you believe a child has provided us with personal data, contact us so we can delete it.

12. Changes

This policy may be updated as the product evolves. Material changes will be reflected on this page, in app-store metadata, and in release notes, with the "Last updated" date above kept current.