DiploraBack to home

Privacy Policy

Last updated: 4 July 2026

Diplora B.V. develops health technology. This Privacy Policy explains how we handle personal data across our services: the diplora.com website, the Selb app, and the Diplora platform. Each service has its own section below, because what we collect and why differs per service.

Who we are

Unless stated otherwise in a specific section below, Diplora B.V. is the controller responsible for the personal data described in this policy:

  • Diplora B.V.
  • Geestbrugweg 105, 2281 CJ Rijswijk, The Netherlands
  • Chamber of Commerce (KvK): 92154506
  • VAT: NL857687128B01
  • Email: info@diplora.nl
  • Phone: +31 6 19674344

Which section applies to you

  • You visit diplora.com or contact us through it → “The website”.
  • You use the Selb app as a participant in a pharmacist care program → “The Selb app”.
  • You are a patient or clinician using the Diplora platform → “The Diplora platform”.

The sections on service providers, security, international transfers, and your rights apply to all services.

The website (diplora.com)

On the website we only collect personal data that you provide to us or that is strictly necessary to operate the site:

  • Contact and demo requests: your name and email address, and — if you choose to share them — your company name, phone number and the content of your message. We use these to respond to your request (Article 6(1)(b) and (f) GDPR).
  • Technical data: an approximate country, derived from your IP address by our hosting provider, used to show the site in a suitable language. We do not store your full IP address for our own analytics.
  • One strictly functional cookie (“diplora-lang”) that remembers your language choice. We use no advertising, profiling or third-party tracking cookies on the website.

We keep contact-request data for as long as needed to handle your request and any follow-up, and delete it thereafter unless a legal obligation requires longer retention.

The Selb app

Selb is a mobile app (iOS and Android) for participants in a pharmacist-led care program. With the app you connect your personal Fitbit account and view your own heart-rate and step data. Diplora B.V. provides the app and the data platform behind it and is your point of contact for privacy matters relating to the app. Your participation in the care program itself is additionally governed by the consent documents you accept in the app.

You can only use the app after you have explicitly accepted the in-app consent documents (end-user licence agreement, terms of service, written consent for data collection, and — separately — voluntary participation in research). We record which version of these documents you accepted and when. You can withdraw your consent at any time (see “Disconnecting and deleting your data”).

Selb: what data we collect

Account data you provide when registering:

  • Email address (required, used to sign in).
  • Optionally: first and last name, date of birth, gender, and language preference.

Health and activity data from your Fitbit account, via Google's Health API, after you explicitly connect your Fitbit and grant access. Depending on the permissions you grant, this covers:

  • Heart rate and other health measurements (such as oxygen saturation, respiratory rate, skin temperature and heart-rate variability).
  • ECG readings taken with your Fitbit and irregular heart rhythm notifications, if your device supports them.
  • Activity and fitness data, such as step count.
  • Sleep data, such as sleep duration and sleep stages.
  • Your Fitbit profile information (such as age, height and weight) and technical details of your Fitbit device (such as model and battery level).

The app shows you your heart rate and steps. The other data types are processed within the care program and — only if you separately consented to it — for research.

What we deliberately do NOT collect through the Selb app:

  • No location data (we never request the location permission or Fitbit location scope).
  • No contacts, photos, camera, microphone, or files.
  • No advertising identifiers and no advertising or analytics trackers — the app contains no advertising, analytics or tracking SDKs.
  • No data from other apps on your phone.

Selb: how the Fitbit connection works

  • You connect your Fitbit by signing in to your own Google account in your phone's browser — never inside a WebView we control. We never see your Google password.
  • Google shows you exactly which data types you are granting access to, and you can decline individual permissions.
  • The access tokens we receive are stored encrypted on our servers (in a secrets vault) and are never stored on your phone or shared with anyone. Your health data is retrieved server-to-server from Google and stored in our databases.
  • You can disconnect your Fitbit at any time in the app; this revokes our access at Google.

Selb's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the app's user-facing features and the care program you enrolled in; we do not use it for advertising, and we do not sell it or transfer it to third parties except as needed to provide these features, with your consent, or where required by law.

Selb: purposes and legal basis

  • To let you view your own heart-rate and step data in the app, and to operate your account — based on your consent and the agreement you accept in the app (Article 6(1)(a) and (b) GDPR; Article 9(2)(a) GDPR for health data).
  • To support the pharmacist care program you are enrolled in, so your care team can follow your measurements — based on your explicit consent (Article 9(2)(a) GDPR).
  • For scientific research — only if you separately and voluntarily consented to research participation in the app (Article 6(1)(a) and 9(2)(a) GDPR). Declining research participation does not affect your use of the app.
  • To send you service emails (such as password resets) — necessary to operate your account.

We do not use your data for advertising or marketing, we do not sell it, and we do not use it to determine eligibility for insurance, employment, or credit.

Selb: who can see your data

  • You: your heart-rate and step data, your account details, and your Fitbit connection status in the app.
  • Your care team: the pharmacist team running your care program can see your measurements and whether your Fitbit connection is working.
  • Researchers: only if you consented to research participation, authorised researchers within the program can use your data for the research described in the consent documents.
  • Our service providers (processors) listed under “Service providers we use”, who host and support the platform under our instructions.

Access is technically restricted per person: our databases enforce row-level access rules so that your data is only accessible to you, your care team, and authorised platform operations. Access to sensitive operations is logged.

Selb: how long we keep your data

We keep your account and health data for as long as you have an account and participate in the care program. If research consent applies, research data is kept for the period described in the research consent documents. When your account is deleted, we delete your personal data — including your health measurements and the encrypted Fitbit tokens — from our systems, except where we are legally required to retain specific records.

Selb: disconnecting, withdrawing consent, and deleting your account and data

  • Disconnect Fitbit: in the app you can disconnect your Fitbit at any time. This revokes our access to your Fitbit data at Google; no new data is collected after that.
  • Withdraw consent: you can withdraw your consent (including research consent) at any time by contacting us or your care team; this does not affect the lawfulness of processing before withdrawal.
  • Delete your account and data: request deletion from the app's Settings screen or by emailing info@diplora.nl from your registered email address. We will delete your account and the personal data associated with it — including your health measurements — and confirm when done.

You can also revoke Selb's access to your Google/Fitbit data yourself at any time via your Google account's security settings (myaccount.google.com/permissions).

The Diplora platform

The Diplora platform collects, stores and analyses health measurements for healthcare organisations. Through a patient app and applications for healthcare professionals, it connects measurement sources such as Diplora's own wearable ECG/motion sensor and other wearables and devices, and processes a broad range of time-series health data — for example heart signals (ECG), motion, heart rate, activity, and sleep. Automated analysis (for example, indicators for possible heart-rhythm irregularities) supports — and never replaces — the judgement of a healthcare professional.

When the platform is used in a healthcare or research setting, the healthcare organisation or research sponsor is the controller for your patient data, and Diplora B.V. processes that data on their behalf under a data processing agreement. The information letter and consent form you received from your healthcare provider or the study team are the primary source of information about that processing. Data processed on the platform includes:

  • Identity and enrolment data: name, email, date of birth, gender, height and weight, patient or study number, and your care organisation.
  • Measurement data: time-series measurements from connected sensors, wearables and devices — such as ECG signals, motion (accelerometer/gyroscope) data, heart rate and other health observations — and the recording sessions derived from them.
  • Analysis results: automatically generated indicators (such as heart rate, heart-rate variability, and possible rhythm irregularities) that are reviewed by healthcare professionals.
  • Account and audit data: sign-in details, app activity timestamps, and access logs recording who accessed which patient data.

The platform is multi-tenant: each healthcare organisation's data is strictly separated, and our data model follows the international HL7 FHIR standard for health information. Access is restricted to you and the care team of your own healthcare organisation, enforced by row-level access rules in our databases, and access to patient data is logged. The patient and clinician apps contain no advertising, analytics or tracking SDKs. To exercise your privacy rights for platform data, contact your healthcare provider or study team; we support them in fulfilling your request, and you can always reach us directly as well.

Service providers we use

We do not sell personal data. We share it only with service providers that host and support our services, acting as processors under our instructions and appropriate data processing agreements:

  • Supabase — databases, authentication, and secure (encrypted) storage of access tokens; hosted in the European Union.
  • TigerData (TimescaleDB) — dedicated time-series databases storing measurement data (such as ECG, motion, and other health observations).
  • Google — only for the Selb app's Fitbit connection: Google provides the sign-in and the Health API from which we retrieve your Fitbit data after your consent. Your relationship with Google is also governed by Google's own privacy policy.
  • Modal / Render — compute platforms on which our analysis software runs when an analysis is requested; they process measurement windows for the duration of the analysis.
  • Resend — delivery of service emails (such as contact-form messages and password resets).
  • Cloudflare — hosting of the website and secure routing of app connections.

International transfers

We store personal data primarily within the European Union. Where a service provider processes personal data outside the European Economic Area, we rely on appropriate safeguards under the GDPR, such as the European Commission's Standard Contractual Clauses. We may also disclose data where required by law.

How we protect your data

We take technical and organisational measures appropriate to the sensitivity of health data, including:

  • Encryption of all data in transit (TLS) and at rest.
  • Access tokens for third-party connections stored in an encrypted secrets vault, never on your device and never exposed to apps.
  • Row-level access rules in our databases, so users can only reach the data they are entitled to see.
  • Logging of data changes and of access to patient data.
  • Role-based access for our own staff, limited to what is needed to operate and support the service.

Your rights

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — have your data deleted in the circumstances provided by law.
  • Restriction and objection — limit or object to certain processing.
  • Data portability — receive your data in a structured, commonly used, machine-readable format.
  • Withdraw consent — at any time, where processing is based on consent, without affecting processing that already took place.

To exercise any of these rights, contact us at info@diplora.nl. For data processed on behalf of your healthcare organisation, we may refer your request to them as controller. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

Children

Our services are intended for adults. The Selb app is intended for adult participants in a pharmacist care program, and the Diplora platform is intended for use in the care of adult patients (18 years and older). We do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy from time to time, for example when our services change. We will revise the “Last updated” date at the top of this page and, for significant changes affecting the Selb app or the platform, inform you in the app or through your care organisation.

Contact

If you have any questions about this Privacy Policy or how we handle your personal data, contact us at info@diplora.nl or Geestbrugweg 105, 2281 CJ Rijswijk, The Netherlands.

Diplora

© 2026 Diplora. All rights reserved.