Privacy policy for the Streamcheck app & services

Status: 29/04/2026

As Streamcheck GmbH, we appreciate your interest in our Streamcheck app and our products. The protection of your personal information, in particular your health-related data, is our top priority. Below we explain in detail what data we collect, how we process it and what rights you have.

1. Identity and contact information of the controller

Responsible for the collection and processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is

Streamcheck GmbH Arnsdorf 26, 02894 Vierkirchen, Germany

E-Mail: support@streamcheck.io Webseite: https://streamcheck.io

2. What is the subject of data protection

Data protection refers to personal data. This refers to all information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). In particular, this includes your health data that is collected when you use the app, as well as your address, payment and technical usage information.

3. Required app authorisations

To fully utilise the Streamcheck app, the application requires access to certain functions of your end device. These access rights are requested before the first use and can be managed by you at any time in the device settings.

Push notifications: This authorisation is required to remind you of upcoming measurements or to send you important messages about your account or our services. The legal basis for this is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Bluetooth: Bluetooth access is technically necessary to establish a connection between your smartphone and the Streamcheck measuring device and to transmit the measurement data securely. The legal basis for the processing of the associated data is the fulfilment of our contract with you (Art. 6 para. 1 sentence 1 lit. b GDPR).

4. Scope, purpose and legal basis of data processing

4.1 During registration and acquisition

When you create a user account or purchase products in our shop, we process the following data:

Address information: Name, address, e-mail address.
Payment information: Depending on the payment method selected (e.g. credit card information, bank account details). These are processed directly by our payment service providers.
Device detection and IP address: To prevent fraud and ensure account security.

Purpose: Conclusion of the contract, delivery of goods, invoicing, customer communication and administration of your user account.

Data transfer: Your address information (name, address, e-mail address) is transmitted to our service providers Stripe (for payment processing) and Silver ERP (for order processing and customer management).

Legal basis: The processing is necessary for the fulfilment of the purchase and usage contract with you (Art. 6 para. 1 sentence 1 lit. b GDPR).

4.2 When using the app (health data)

When using the app with the measuring device, the following health data (special category of personal data according to Art. 9 GDPR) is collected and processed:

Uroflowmetry-Measurement data: Urine flow data (e.g. volume, flow rate, duration).
Biomarker data: Results of the analysis of the test strips in the test cup.
IPSS questionnaire: Your answers to the "International Prostate Symptom Score" questionnaire.

Purpose: The purpose of this processing is to enable you to analyse, document and track your measured values and to present the results to you clearly in the app.

Legal basis: The processing of your health data takes place exclusively on the basis of your explicit consent, which you give separately during the ordering process (Art. 9 para. 2 lit. a GDPR). Without this consent, the main function of the app cannot be used.

4.3 Automatically recorded technical data

Every time you use the app and our website, certain technical data is automatically processed:

Logfiles: IP address, date and time of access, amount of data transferred, information about your smartphone (device type, operating system and version).

Purpose: Ensuring operation, guaranteeing system security and stability, data backup and technical error analysis.

Legal basis: Our legitimate interest in the secure and functional operation of our services (Art. 6 para. 1 sentence 1 lit. f GDPR).

4.4 Anonymised statistical analysis (post-market surveillance and research)

For the purposes set out in this section, we process aggregated and anonymized uroflowmetry and biomarker measurement data. No directly identifying information (such as name, e-mail, address, or account ID) is included in this processing. The data is anonymized prior to aggregation, access is restricted to the persons within Streamcheck GmbH responsible for these activities, and re-identification of individual users is not pursued and is technically prevented.

4.4a Post-market surveillance in accordance with the Medical Devices Regulation

As the manufacturer of a CE-marked medical device, Streamcheck GmbH is required under the EU Medical Device Regulation (MDR 2017/745) to operate a Post-Market Surveillance system (Art. 83 MDR) and to perform trend reporting for statistically significant changes in device performance and safety (Art. 86 MDR). Fulfilling these obligations requires the statistical aggregation of measurement data collected during normal device use.

Purpose: § 27 BDSG (processing of special categories of personal data for scientific or statistical purposes) in conjunction with Art. 9(2)(j) GDPR. The processing is necessary to fulfil our obligations under Art. 83 and Art. 86 MDR.

Legal basis: § Section 27 BDSG (processing of special categories of personal data for scientific or statistical purposes) in conjunction with Art. 9 para. 2 lit. j GDPR. The processing is necessary to fulfil our obligations under Art. 83 and Art. 86 MDR.

4.4b Scientific research and academic cooperation

To advance the scientific understanding of urinary health and uroflowmetry methodology, Streamcheck GmbH uses the same anonymized and aggregated dataset for scientific research purposes. This research is carried out internally and, where appropriate, in cooperation with academic and clinical research partners (for example, universities and university medical centres). Where data is shared with external research partners, it is shared exclusively in anonymized and aggregated form, and is governed by written agreements that prohibit any attempt at re-identification.

Purpose: Scientific research, methodology development, and academic collaboration in the field of urinary health.

Legal basis: § 27 BDSG (processing of special categories of personal data for scientific or statistical purposes) in conjunction with Art. 9(2)(j) GDPR. The technical and organizational safeguards required by Art. 89(1) GDPR (data minimization, anonymization, suppression rules, access controls) are applied.

No consent toggle. This processing does not require your consent and is not subject to a consent toggle in the app. The exercise of certain data subject rights may be limited under § 27(2) BDSG to the extent necessary to achieve the statistical and research purposes, consistent with the safeguards described above.

5. Data recipients and third-party providers

We only pass on your data to third parties if this is permitted by law or if you have given your consent. We use carefully selected technical service providers to provide our services.

5.1 Hosting and data processing: Amazon Web Services (AWS)

Our app and the entire technical infrastructure are hosted by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS for short).

Server location: The processing and storage of your data, including your health data, takes place exclusively in data centres within the European Union (region: EU Central, Frankfurt am Main).
AWS services used: AWS Cognito, Lambda, RDS (MySQL), CloudFront, ElasticBeanstalk, Simple Email Service, Amplify, S3, EC2, CloudWatch.
Legal basis: Our legitimate interest in a secure infrastructure (Art. 6 para. 1 lit. f GDPR) and the conclusion of an order processing contract (Art. 28 GDPR).

5.2 Payment processing: Stripe

For the secure processing of your purchases we use the services of:

Stripe: Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Legal basis: Contract fulfilment (Art. 6 para. 1 lit. b GDPR).

5.3 App analysis and stability: Google Firebase

To improve and analyse our app, we use services from Google Firebase (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Firebase Analytics & Crashlytics: To analyse user behaviour and app crashes in order to optimise the app and increase stability.
Firebase Cloud Messaging: For the technical processing of push notifications.
Firebase App Distribution: For managing test versions of the app.
Processed data: Pseudonymised IP address, log files, smartphone data. No health data is transmitted to Firebase.
Legal basis: Our legitimate interest in a user-friendly and stable app (Art. 6 para. 1 lit. f GDPR). It cannot be ruled out that data will be transferred to the USA. We have concluded standard contractual clauses with Google to ensure an adequate level of data protection.

6. Storage duration

We only store your personal data for as long as is necessary for the respective purposes.

Contract data (purchase): Are stored in accordance with statutory retention obligations (e.g. under commercial or tax law, usually 6-10 years).
Health data and account data: Will be stored as long as your user account is active with us. If your account is deleted, this data will be deleted, provided there are no legal obligations to retain it.
Technical log files: Are stored for a maximum of 14 days for security reasons and then deleted or anonymised.
Anonymised data for post-market surveillance and research (see section 4.4): Once measurement data has been anonymized and aggregated for the purposes described in Section 4.4 (4.4a and 4.4b), it no longer qualifies as personal data within the meaning of the GDPR. The anonymized dataset is retained for as long as required by our obligations under the Medical Device Regulation, in particular Art. 10(8) MDR (a minimum of 10 years after the last device of the relevant type has been placed on the market), and, where used for scientific research purposes, for the additional period required for scientific reproducibility and good research practice. Deletion of your user account ends any further extraction from your account into the anonymized dataset, but does not retroactively remove anonymized aggregates generated beforehand, since those no longer constitute personal data.

7. Your rights as a data subject

You have the following rights in relation to your personal data:

Right to information (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to cancellation (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw your consent to the processing of health data at any time with effect for the future. Withdrawal of your consent under Art. 9(2)(a) GDPR affects the processing of your health data for the purposes described in Section 4.2 only. It does not affect the anonymized statistical processing described in Section 4.4 (4.4a Post-Market Surveillance and 4.4b Scientific research), which is based on § 27 BDSG in conjunction with Art. 9(2)(j) GDPR.
Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).

To assert your rights, please contact us directly using the contact details provided in section 1.

8. Right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR (Art. 77 GDPR).

9. Data security

We take extensive technical and organisational security measures (e.g. encryption, access controls) to protect your data from unauthorised access, misuse and loss.

10. Amendment of this privacy policy

We reserve the right to amend this privacy policy in the event of changes to our services or new legal requirements. The current version at the time of your use applies.