logo

Privacy Policy

Application: Opora

Operated by: Limited Liability Company "Hope Ukraine"

Effective Date: May 15, 2025

Last Updated: May 15, 2025

Limited Liability Company "Hope Ukraine" ("we", "us", or "our") operates the Opora mobile application ("App"). This Privacy Policy explains what personal data we collect, how we use, maintain, and protect it, the conditions under which we may disclose it to others, and the rights available to you. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Law of Ukraine "On Personal Data Protection".

1. Data Controller

The data controller responsible for your personal data is Limited Liability Company "Hope Ukraine", registered at: 79016, Ukraine, Lviv region, Lviv city, Yaroslava Mudroho Street, 10a. Contact: hello@oporarecovery.com

2. Personal Data We Collect

In the course of providing the App's services, we may collect the following categories of personal data:

Information you provide directly:

  1. Account information: full name, email address, date of birth

  2. Health and medical information: injury type, affected body part, pain levels, mobility levels, medication groups, rehabilitation history

  3. Workout and activity data: exercises completed, session duration, perceived difficulty, progress metrics

  4. Daily tracking data: pain logs, mood logs, activity levels

  5. Community content: messages or posts submitted in peer support features

Information collected automatically:

  1. Device information: device type, operating system version, unique device identifiers

  2. Usage data: features used, session duration, crash reports, error logs

  3. Technical data: app version, language settings

Sensitive health data: The App collects health and medical data, which is classified as sensitive personal data. We process this data only with your explicit consent, obtained at the time of account registration, and solely for the purpose of providing rehabilitation services.

Personal data we do not intentionally collect: We do not process data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, or data concerning sexual orientation. We do not knowingly collect personal data from children under 18. If you are under 18, do not use the App or provide any information about yourself.

3. How We Collect Personal Data

We receive personal data directly from you when you:

  1. Register and create an account in the App

  2. Complete the onboarding questionnaire regarding your injury and health status

  3. Use the App's health tracking and exercise features

  4. Participate in community or peer support features

  5. Contact us for support or other inquiries

In general, you are not obliged to provide your personal data. However, certain features of the App will not be available if you choose not to provide the required information.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  1. To create and manage your account and authenticate your identity

  2. To provide personalized home rehabilitation programs based on your injury profile and health status

  3. To track your recovery progress and adapt exercise recommendations accordingly

  4. To send push notifications and reminders related to your rehabilitation schedule

  5. To provide state benefits navigation assistance relevant to your injury type

  6. To operate community and peer support features

  7. To improve and develop new features of the App

  8. To ensure the safety of exercise recommendations through our safety logic system

  9. To provide customer support and respond to your inquiries

  10. To comply with applicable legal obligations

  11. To conduct anonymized, aggregate research to improve rehabilitation outcomes

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  1. Your explicit consent — for sensitive health and medical data, and for marketing communications. You may withdraw your consent at any time by contacting us, which will not affect the lawfulness of processing prior to withdrawal

  2. Performance of a contract — to provide the App's rehabilitation services you have requested

  3. Legitimate interests — to improve the App, ensure its security, and grow our business, provided such interests do not override your rights and freedoms

  4. Legal obligation — to comply with applicable Ukrainian and international law

If you have questions about the legal basis for processing your personal data, please contact us at legal@opora.app.

6. Sharing and Transferring Personal Data

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data in the following circumstances:

Service providers:

We engage trusted third-party service providers to assist in operating the App. These providers are authorized to use your personal data only as necessary to provide services on our behalf and are contractually bound to protect it. Current service providers include:

  1. Google Firebase — authentication and push notification services

  2. Amazon Web Services (AWS) — video content hosting and delivery

  3. Sentry — error monitoring and crash reporting (anonymized data)

Healthcare partners:

With your explicit consent, we may share relevant health data with rehabilitation centers or healthcare professionals listed in the App to facilitate your care.

Legal requirements:

We may disclose your personal data where required by law, court order, or other legitimate requests of authorized bodies, or to protect the rights, property, and safety of our company and others.

Business transfers:

In the event of a merger, acquisition, or transfer of our business assets, your personal data may be transferred to the relevant third parties. You will be notified of such an event and provided the opportunity to opt out where legally permissible.

International transfers: Your personal data may be processed outside Ukraine, including in EU member states and the United States, in connection with our service providers. We ensure that adequate safeguards are in place for such transfers, including standard contractual clauses where required.

7. How Long We Keep Your Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to assert or defend against legal claims. When determining the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorized use, and applicable legal requirements.

Specifically:

  1. Account and health data: retained for the duration of your account and deleted within 30 days of account deletion

  2. Legal and financial records: retained for the period required by applicable Ukrainian law

  3. Anonymized research data: may be retained indefinitely as it cannot be used to identify you

We review our data retention periods regularly. Contact us at legal@opora.app for questions about how long we retain specific data.

8. Personal Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  1. Encryption of data in transit using TLS/SSL protocols

  2. Encryption of sensitive health data at rest using AES-256

  3. Secure token storage using iOS Keychain and Android Keystore

  4. Access controls limiting data access to authorized personnel only

  5. Regular security assessments and vulnerability monitoring

Although we use industry-standard precautions, the transmission of data over the internet is never completely secure. We strive to protect your personal data but cannot guarantee absolute security.

9. Your Rights With Respect to Personal Data

As a data subject under GDPR and Ukrainian data protection law, you have the following rights:

  1. Right of access — request confirmation of whether we process your personal data and obtain a copy of it

  2. Right to rectification — request correction of inaccurate or completion of incomplete personal data

  3. Right to erasure — request deletion of your personal data in certain circumstances

  4. Right to data portability — receive your personal data in a structured, machine-readable format

  5. Right to restrict processing — request that we limit how we use your data in certain circumstances

  6. Right to object — object to processing based on our legitimate interests or for direct marketing purposes

  7. Right to withdraw consent — at any time for consent-based processing, without affecting prior lawful processing

  8. Rights related to automated decision-making — not to be subject to decisions based solely on automated processing that significantly affect you

  9. Right to lodge a complaint — with the Ukrainian Personal Data Protection Authority or your local supervisory authority

To exercise any of these rights, contact us at legal@opora.app. We will respond within 30 days and may require proof of your identity to protect your data. Please note that these rights are not absolute and may be subject to conditions under applicable law.

10. Push Notifications

We may send push notifications to remind you of rehabilitation sessions, alert you to updates, or share progress milestones. You can disable notifications at any time in your device's settings. Disabling notifications does not affect your use of the App's other features.

11. Links to Other Websites

The App may contain links to third-party websites or services. This Privacy Policy applies only to our App. We have no responsibility for the privacy policies or practices of third-party websites and encourage you to review their policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email, and we will update the Effective Date at the top of this document. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. Your continued use of the App after any changes constitutes your acceptance of the updated Policy.

13. Complaints

If you believe that your personal data is being processed in a manner inconsistent with applicable law, you have the right to file a complaint with the relevant personal data protection authority. For users in the EU/EEA, the contacts of national data protection authorities are available at the European Data Protection Board website.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Limited Liability Company "Hope Ukraine"

Address: 79016, Ukraine, Lviv region, Lviv city, Yaroslava Mudroho Street, 10a

Email: hello@oporarecovery.com

Website: oporarecovery.com