Privacy Policy – MINSAS (My Insurance Assistance)
📄 Download PDF Version1 · What data we process
Only information necessary to run the app and handle insurance-related actions:
| Category | Description | When collected |
|---|---|---|
| Account data | Email address, name, phone number | When you create or update your profile |
| Claim content | Photos, videos, PDF or image documents, text fields, sketches, finger-drawn signatures | When you create a claim |
| Location | Precise GPS coordinates only when you tap Save Location or sign on the map | By your action |
| Device info | Phone model and OS version (collected during signature step) | Automatically at that moment |
| Injury toggle | "Was anyone injured?" (Yes/No) — used only to suggest calling 112 (emergency). No medical details are stored. | When you answer |
| Logs / security | Basic Supabase backend logs for reliability and fraud prevention | Automatically |
| Analytics (performance) | Anonymized usage patterns for app performance monitoring only — screen views, session duration, device type, app version, and approximate country-level location. Not linked to your identity or claim content; no names/emails/phone numbers/photos/precise GPS. | When you use the app |
2 · Why we use the data and our legal basis
| Purpose | Legal basis (GDPR Art.) |
|---|---|
| Provide and operate the app — create claims, generate PDFs, send to insurers | 6(1)(b) Contract performance |
| Location and map signing | 6(1)(a) Consent (you choose to save location or sign) |
| Logs and security monitoring | 6(1)(f) Legitimate interests (service integrity) |
| Legal and tax records (e.g. subscriptions) | 6(1)(c) Legal obligation |
| App performance monitoring, bug detection, and user experience improvement (analytics) | 6(1)(f) Legitimate interests |
We do not intentionally store special-category ("health") data or link such data to an identified person.
Note: Analytics is not based on consent and is part of our legitimate interest in operating a stable, secure, and performant app. You retain the right to object (see Section 5).
3 · Processors and data storage
We use a limited set of processors acting under contract:
- Supabase (hosting, database, storage)
- Google Gemini (OCR for document text extraction)
- Google Maps (geocoding)
- Resend (email)
- PDFShift (PDF generation)
- Stripe (payments)
- Branch.io (deep links)
- Google Analytics (Google LLC, USA) — performance analytics under EU Standard Contractual Clauses (SCCs).
Some providers are in the U.S.; data transfers use EU Standard Contractual Clauses.
4 · Retention and deletion
Personal data are kept only as long as needed to operate the service and meet legal obligations.
When you delete your account:
- Access is immediately blocked.
- A 30-day finalization removes shares and invites, anonymizes your profile, deletes avatar files, and cancels subscriptions at period end.
- Full details: minsas.app/minsas_data_deletion.html
Analytics events are not linked to your identity or claims and are retained only for technical performance needs.
5 · Your rights
You may request access, correction, erasure, restriction, or portability, and object to processing.
Contact legal@minsas.com for any request. You can also delete your account in the app under Profile → Settings → Delete Account.
You have the right to complain to the Lithuanian State Data Protection Inspectorate or your local EU authority.
Right to object to analytics (Art. 21 GDPR). You may object to analytics processing at any time by contacting legal@minsas.com. If you object, we will stop sending further analytics events from your app instance as soon as reasonably possible. This does not affect the core claim functionality.
6 · Electronic signatures
Finger-drawn signatures captured in MINSAS are simple electronic signatures under Regulation (EU) 910/2014 (eIDAS). They are valid for evidence but not qualified electronic signatures (QES).
7 · Changes
We may update this policy and will notify users through the app before changes take effect.
8 · Cookies and tracking technologies
What we use
MINSAS uses Google Analytics which relies on cookies or similar technologies (e.g., app instance identifiers) to measure technical performance (screen views, session duration, device type, app version, country-level location).
What we don't do
We do not use analytics to collect names, emails, phone numbers, claim content, photos, precise GPS coordinates, or other personal identifiers. Analytics events are kept separate from claims data and not linked to your identity.
Control
Analytics runs under Legitimate Interest (GDPR Art. 6(1)(f)) to keep the app reliable and improve performance. If you do not want analytics, email legal@minsas.com and we will stop sending analytics events from your app instance going forward. This does not affect your ability to use core features.
Legal basis
Analytics runs under Legitimate Interest (GDPR Art. 6(1)(f)) to keep the app reliable, monitor performance, and fix bugs.
International transfers
Google Analytics is provided by Google LLC (USA) under EU Standard Contractual Clauses.