Arabic version

Privacy Policy

Last updated: May 20, 2026

This Privacy Policy describes how Hia Medical Translator (“we”, “our”, “us”) collects, uses, and shares information when you use the app. By using the app, you agree to this policy.

Important: The app is educational language assistance. It is not medical advice, diagnosis, or treatment.

1. Summary

• We help you look up and learn medical terms (text, optional voice input, and optional camera/image use for term extraction).
• We use Supabase for authentication, database operations, and backend functions.
• We sign you in with anonymous authentication (no email/phone required for core use).
• Full access features may be enabled after payment confirmation; verification is handled through our backend services.
• We may log analytics events (best-effort) such as searches and feature usage to improve the app.
• Text you search and related results may be stored on our servers as part of providing the service.
• Voice and images are used on your device to obtain text; see the sections below for how that data is handled.
• Local app data (search history, cache, study queue) may be stored on your device.

This summary is not a substitute for the full policy below.

2. Information we collect

2.1 Account and device identity

• When you use online features, the app may create or use an anonymous Supabase Auth session. This assigns a stable random user identifier used to enforce security rules and associate data with your installation.
• We may store a row for that identifier in our database (for example, an access status flag).
• On the website checkout page, you may sign in with Google via Supabase Auth to link payment to your account (email and user identifier).

We do not require email or phone number for free app use with anonymous sign-in.

2.2 Medical terms and learning content you submit

• The terms or phrases you enter/select (including via speech-to-text or image-based extraction, when you use those features) are sent to our backend so we can look up and provide explanations, examples, and related learning content.
• This content and associated metadata may be stored in our database (for example, in caching and study-queue related tables).

2.3 Analytics

We may log app events to our database, for example:

• Term searches (which may include the search string, input source, locale/language tag, and app build identifier).
• Study queue actions and other feature usage events (including image scan outcomes when applicable).

Analytics are best-effort and should never break normal use of the app.

Analytics events are not linked to a named identity; they are associated only with an anonymous session identifier.

2.4 Website checkout (Google sign-in and crypto)

When you subscribe via the checkout page on our website:

• You may sign in with Google (via Supabase Auth). We receive your email and user identifier to link your subscription.
• If you choose Pay with crypto, our servers create an invoice through payment provider CryptoCloud. CryptoCloud processes the payment; we do not receive your wallet keys.
• We store transaction references (such as invoice id and order_id) in Supabase to activate access automatically after payment confirmation.

We do not store full bank card numbers on our servers.

2.4.1 Manual activation and payment (WhatsApp / Telegram / transfer)

You may request subscription activation by contacting support from the app (WhatsApp or Telegram). We may process:

• Your activation request key and anonymous app account identifier.
• The channel you chose, app version, and bot-link status when needed.
• The country/region you select for payment routing (stored on our servers with a change log).
• Payment references and proof you send to the admin (text, images, transaction IDs) via support channels.

Off-store payments are handled manually through admin-directed methods (e.g. local transfer, Wise, or USDT). We do not store full card numbers. Temporary access may be granted pending payment confirmation, then confirmed or revoked server-side.

You may cancel activation in Settings. A partial refund estimate may be shown (e.g. 70% of remaining value above a USD threshold); actual refunds are processed manually after admin review, not automatically.

This is not financial advice. Third-party transfer or crypto fees may apply.

2.5 Data stored on your device

• Search history, cached term results, study queue items, favorites, and similar app data stored locally.
• Settings and flags (for example, onboarding and prompt-related preferences).

Local data remains on your device unless it is also synced or otherwise sent to our servers as described in this policy.

2.6 Permissions (Android)

• Microphone: voice input to convert speech into text for term lookup.
• Camera: capturing images for term extraction when you choose this feature.
• Notifications: optional reminders or updates you enable.
• Vibrate: light feedback for certain interactions.

You can deny permissions where the OS allows; some features may not work without them.

2.7 Technical and network data

Like most apps, when you use online features our servers and service providers may process technical data such as IP addresses, timestamps, and request metadata (and related error logs).

3. How we use information

• Provide and maintain the app’s features (lookups, explanations, sync, and full-access unlock status).
• Authenticate requests and enforce access rules (for example, via Row Level Security).
• Verify subscriptions and prevent abuse.
• Understand aggregate or event-level usage to improve the product.
• Comply with law and respond to valid legal requests.

4. AI and third-party processing

OpenAI (or similar) may be used on our servers (for example, via Supabase Edge Functions) to generate or enrich medical term content (explanations, examples, translations, and image term extraction when you use that feature). In that case, the text you submit for a lookup may be sent from our backend to that provider according to their terms and our configuration.

4.1 Pronunciation audio (ElevenLabs)

To generate pronunciation audio for medical terms in the app and in our Telegram and WhatsApp bots, we use ElevenLabs on our servers (via Supabase Edge Functions). The English term name or a derived speak line may be sent to ElevenLabs to synthesize an audio file. The mobile app does not call ElevenLabs directly — all requests go through our backend.

Disclaimer: AI-generated voice is for educational use only; it may not match clinical or official IPA pronunciation in every case. Do not rely on it alone for diagnosis or treatment decisions.

We may store resulting audio files in Supabase Storage for reuse and cost control. See ElevenLabs Privacy Policy and ElevenLabs Terms of Use.

The mobile app is designed to not call those AI APIs directly for core term enrichment.

Other infrastructure providers:

• Supabase — authentication, database, storage, and serverless functions.
• ElevenLabs — text-to-speech for educational pronunciation (via our servers only).
• Google — OAuth sign-in on the website checkout page (via Supabase).
• CryptoCloud — crypto payment processing on the website.

We do not sell your personal information to third parties in the conventional sense of selling for money.

5. Sharing

We share information only as needed to operate the app, including:

• With service providers (such as Supabase, CryptoCloud, and any AI providers used on the backend) who process data on our behalf.
• With Google when you choose Google sign-in on the website.
• When required by law, or to protect rights, safety, and integrity of users or the service.

6. Retention

We retain server-side data for as long as needed to provide the app and for legitimate business purposes (for example security, analytics aggregation, and legal compliance).

Local data remains on your device until you clear app data, uninstall the app, or delete it inside the app where available.

You can delete your data directly from within the app: go to Settings → Manage My Data to clear favorites, search history, or failed searches individually, or tap "Delete All My Data & Account" to permanently remove all server-side data linked to your account. For deletion requests outside the app, contact us at the email below.

How to Delete Your Data

1. Open the Hia Medical Translator app
2. Go to Settings
3. Tap "Manage My Data"
4. Choose to clear specific data (favorites, search history, failed searches), or tap "Delete All My Data & Account" to remove everything permanently

You may also request deletion by emailing us at the address in the Contact section.

6A. WhatsApp and Meta (WhatsApp bot)

If you use our WhatsApp bot, we process the information Meta sends us via the WhatsApp webhook so we can respond to your messages. This may include:

• WhatsApp identifiers (for example your phone number, used as an identifier for the conversation).
• Message content you send (for example term queries and commands such as /start and /speed).
• Delivery metadata used for deduplication and tracking (for example a message id).
• WhatsApp bot subscription state when enabled through our flow.

We store WhatsApp-related records in our database (for example, whatsapp_users, whatsapp_term_searches, and whatsapp_webhook_updates) as needed to operate the service.

For pronunciation audio, we synthesize speech with ElevenLabs on the backend and store the resulting audio in our Supabase Storage so both platforms can reuse generated audio. We do not publish the storage publicly. When WhatsApp needs an audio link, the bot uses a time-limited signed URL.

Third parties: WhatsApp bot delivery and webhook calls are provided through Meta’s WhatsApp Business Platform (Meta Graph API). Backend services such as Supabase, OpenAI (term enrichment), and ElevenLabs (pronunciation TTS) process data on our behalf.

For security and legitimate service protection interests, we may process abuse-related behavioral signals (such as repeated invalid inputs, limit overuse, and automated message patterns) to enforce temporary restrictions or permanent suspension for repeated violations.

By using the WhatsApp bot, you consent to the processing described in this policy.

Dedicated WhatsApp legal pages: WhatsApp Bot Privacy Policy, WhatsApp Bot Terms of Use, and Data deletion instructions.

7. Security

We use industry-standard measures appropriate to the nature of the service (for example encryption in transit and backend access controls). No method of transmission or storage is 100% secure.

8. Children’s privacy

The app is not directed at children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children.

9. International users

If you use the app from outside the country where our servers or providers are located, your information may be transferred and processed in other countries (including where Supabase or AI providers operate). Those countries may have different data protection laws.

10. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing, or to object or port data. To exercise these rights, contact us using the email below.

11. Changes

We may update this policy from time to time. We will post the new effective date at the top. Continued use after the effective date means you accept the updated policy.

12. Contact

Privacy requests: privacy@hiamedicaltranslator.com

We wrote this policy to be clear and readable. It is not personalized legal advice; email us at the address above if you have questions about how we handle your data.