PhenoVox

Privacy Policy

Last updated: 1 June 2026

Draft notice. This document is a draft prepared for the PhenoVox research app. It must be reviewed and approved by qualified legal and data protection counsel before publication or use with participants.

1. Introduction

PhenoVox is a smartphone application used in medical and scientific research on respiratory health. The app collects questionnaire answers and voice/audio recordings from participants so that researchers can study voice and breathing characteristics.

This Privacy Policy explains what information we collect through PhenoVox, why we collect it, how it is protected, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

2. Who this policy applies to

This policy applies to anyone who installs and uses the PhenoVox app and takes part in the associated research activities, including participants who provide questionnaire responses or audio recordings.

It does not cover third-party websites, services, or apps that are not part of PhenoVox, even if they are linked from within the app.

3. What data we collect

When you use PhenoVox, we may collect the following information:

  • Account / participant identifier: an identifier used to link your data within the study.
  • Questionnaire answers: your responses to study questionnaires.
  • Onboarding and profile information: such as preferred language, postal code, consent status, current medications, and other health-related responses you provide.
  • Audio recordings: voice or breathing recordings you make through the app.
  • Recording metadata: technical information about each recording, such as duration, recording type, device and platform, sample rate, and quality metrics.
  • Technical logs: information needed to operate the app reliably and securely, for example error reports and authentication events.

We try to limit the data we collect to what is necessary for the research and for safe operation of the app.

4. Why we collect your data

We use your data for the following purposes:

  • App functionality: to let you sign in, complete questionnaires, make recordings, and submit them to the study.
  • Medical and scientific research: to analyze questionnaire answers and audio recordings as part of respiratory health research.
  • Quality control of recordings: to check whether recordings meet technical standards and can be used for analysis.
  • Security, troubleshooting, and compliance: to detect and prevent misuse, fix problems, and meet legal and regulatory obligations.

6. How your data is transmitted and stored

Data is sent from your phone to our backend over the public internet using HTTPS with TLS 1.2 or TLS 1.3 encryption. This means the connection between the app and the backend is encrypted in transit.

The backend is hosted on Microsoft Azure:

  • Audio recordings are stored in a private Azure Blob Storage container that is not publicly accessible.
  • Questionnaire responses and recording metadata are stored in Azure Cosmos DB.
  • Data at rest is encrypted by Azure using server-side encryption.

Authentication uses secure tokens. On your device, refresh tokens are stored using the platform's secure storage where available (iOS Keychain or Android Keystore).

7. What happens when your phone is offline

Submitting questionnaires and recordings requires an active internet connection. If your phone is offline when you try to submit, the upload will not succeed at that moment.

The app may allow you to retry failed uploads or submissions later when connectivity is restored. PhenoVox does not silently upload data without an internet connection.

8. Data sharing and access

Your data is used only for the medical and scientific purposes described in this policy and in the study information you received when giving consent.

  • We do not sell your personal data.
  • Access to your data is limited to authorized project, research, and technical personnel who need it for their role.
  • Microsoft Azure acts as our cloud infrastructure provider and processes data on our behalf under appropriate contractual and technical safeguards.

9. How long we keep your data

We keep your personal data only for as long as needed for the purposes described in this policy and to comply with legal, regulatory, and scientific obligations. Specific retention periods will be stated in the study information provided to you at enrolment.

10. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access to your data
  • Right to correction of inaccurate data
  • Right to deletion (the "right to be forgotten")
  • Right to restriction of processing
  • Right to object to certain processing
  • Right to data portability
  • Right to withdraw your consent at any time

Withdrawing your consent does not affect the lawfulness of any processing that took place before the withdrawal. To exercise any of these rights, please contact us using the details below.

11. Contact and supervisory authority

If you have questions about this policy or want to exercise your rights, contact details for the study team will be provided in the study information given to you at enrolment.

You also have the right to lodge a complaint with the supervisory authority in your country of residence if you believe your data has not been handled in accordance with the GDPR.