Privacy Policy 

Last Updated: May 25, 2018.

Cardiio, Inc. is a company based in the United States. This Privacy Policy describes how Cardiio, Inc. (“Cardiio”, “we”, “us”, or “our”) may gather and process your information when you use the cardiio.com website (the “Site”), or download and interact with the “Cardiio: Heart Rate Monitor” mobile application (the “App”), collectively the “Services”.

Topics covered:

What information do we process and why?

Personal information, or personally identifiable user information, is information that can directly or indirectly identify you. The Services avoid processing personal information like your name, phone number, and email address by not offering any form of registration or account creation.

To protect your privacy when you use the App, all information is processed locally on your iOS device and not on a remote server. When you use the App, your data is stored locally and not transmitted elsewhere unless you explicitly choose to export or share it. We process the following categories of information:

  • Information generated from your use of the App. When you initiate a heart rate measurement, the App necessarily uses the camera on your iOS device as a light sensor in order to estimate your heart rate. During a measurement, images from the camera feed are processed locally on your device and deleted immediately afterwards. We do not retain or transmit any images obtained from the camera feed. We will ask for your express consent to grant the App access to the camera. You can revoke permission at any time by disallowing access through the iOS Privacy Settings.

When you perform a heart rate measurement using the App, it may estimate a variety of metrics such as your heart rate, pulse waveform, endurance score, calories burned. This App-generated information does not personally identify you. We do not access, collect or disclose your geolocation (GPS) data. If you choose to save your measurement, we will store the App-generated information locally on your iOS device. We also save the timestamp of the measurement in order to help you keep a record. You can always decline to save a measurement, or delete a previously saved measurement through the App.

  • Information you enter in the App. We process the demographic information (age, gender, weight) you may enter into the App to estimate statistics and provide you with comparisons in your age range and gender group. For example, to estimate the number of calories burned, information such as age, gender, weight, and heart rate is needed. To further protect your privacy, we do not ask for your exact age if you are 90 years or older, but instead process all ages above 89 years as a single group (’90 or older’). This demographic information is stored locally on your iOS device.

You may choose to add your body state (e.g. “rest” or “active”), duration of activity, and a note associated with a heart rate measurement and save it locally on your device. To protect your privacy, we urge you to refrain from including any personal information or sensitive information in the notes.

  • Website usage. Our website is hosted by Squarespace, Inc. (see Squarespace’s privacy policy) and provides us with information on usage of the Site such as number of visits, page views, device type, browser type, and operating system. This information is processed in a way that does not identify anyone. We do not keep a log of your IP address or use Squarespace analytics cookies (see more in “Cookies”). You can read more on how Squarespace ensures site users’ privacy is protected under EU Data Protection laws here: Squarespace and GDPR.
  • Information you provide when you contact us. If you contact us for support or send us feedback via email, we will receive the contents of your message or any attachments you may send to us. We may use the email address you provide to answer your question or help resolve your problem.

To the extent that information we process is personal information concerning health, we rely on your consent as a lawful basis for processing. You can withdraw your consent at any time (see “Your rights and choices”), in which case we will not be able to provide certain services to you.

How do we use the information?

We may process your information, including personal information, for the following purposes: 

  • Provide and maintain the Services. To provide you with the features we offer in the App such as estimating your heart rate and other metrics. The lawful basis for this processing is performance of a contract.
  • Communicate with you. To respond to your inquiries, provide troubleshooting, and for other customer service purposes. The lawful basis for this processing is our legitimate interest in providing quality product support.
  • Improve and develop the Services. To perform data analysis, conduct research and develop new products and features. The lawful basis for this processing is our legitimate interest in developing our business and improving our Services.
  • Prevent misuse. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy. The lawful basis for this processing is our legitimate interest in ensuring that our Services are safe and secure.
  • Comply with law. To comply with applicable governmental regulations, a court order, or binding law enforcement request. The lawful basis for this processing is our legal obligation.

How is the information shared?

Cardiio deems personally identifiable information confidential and will not disclose such information without securing your express informed consent. We will not release personal information to any person or organization not specifically authorized by you. We may share personal information in the circumstances described below.

  • When you agree or direct us to share. You may direct us to share your information to other third party applications like the Apple Health app, RunKeeper, or other social networking tools (e.g. Facebook, Twitter etc.). The lawful basis for this processing is your consent. If you choose to do this, your interactions with these third parties are governed by the privacy policy of the company providing them, not this one. Please note that your personal health information collected and stored by Cardiio, and subsequently shared by you via the App, may not be protected under the Health Insurance Portability and Accountability Act (HIPAA). You can withdraw your consent at any time (see “Your rights and choices”).
  • Service providers. We may need to employ third-party service providers to help us provide and maintain our services and business, such as providers of hosting, email communication, and other similar services. These third-party service providers may have limited access to your information to perform services on our behalf or to comply with legal requirements, and are contractually obligated to safeguard any information received from us.
  • Business transfers. If Cardiio, or substantially all of our assets, were acquired, or in the event that we go out of business or enters bankruptcy, user information may be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Cardiio may continue to use your information as set forth in this Privacy Policy.
  • Legally required. We may disclose personally identifiable user information in response to lawful requests from federal, state, local, or foreign law and civil enforcement agencies.

We may share with our affiliates, agents and business partners non-personal information (for example, anonymized or aggregated information compiled from the information collected from users) for research, marketing, analytics or similar purposes. Although this information does not identify you personally, there is a risk that third parties who receive such information from us may re-identify specific users. Before sharing any de-identified data with third parties, we will secure in writing the express written agreement of such third parties that they will not attempt to re-identify the information to any particular individual.

How long is the information retained?

Your information processed by the App is stored locally on your iOS device and we do not retain a copy of it. You may delete previously saved information from measurements in the “History” section of the App at any time. The App automatically deletes previously saved information from measurements older than 30 days.

If you contact us via email, we may retain your information for as long as necessary to achieve the purposes described in this Privacy Policy, for example to resolve an inquiry, or to protect us in the event of a dispute. 

How is the information protected?

We have implemented reasonable precautions to protect against the unauthorized access, use, alteration or destruction of your information. Information stored locally on your iOS device is encrypted. However, no system can be 100% secure, and, therefore, despite our best efforts, there could be unauthorized access to this data. By using the Site or the App, you accept this risk. You should take steps to protect against unauthorized access to your iOS device by, among other things, choosing a robust passcode that nobody else knows or can easily guess, and keeping your passcode private. 

Your rights and choices

We provide you tools in the App to control your information as described below. If you live in the European Economic Area (EEA), you have a number of legal rights with respect to your personal information, which these tools allow you to exercise.

  • Accessing and exporting personal information. By accessing the App, you can see your information saved locally on your iOS device. The “History” section of the App also allows you to export your data.
  • Editing and deleting personal information. You may edit information like gender, weight, duration of activity, and note associated with a heart rate measurement in the App. You can also delete data on previously saved measurements in the “History” section of the App. If you choose to delete previously saved measurements, we cannot recover it for you because the data is only saved locally on your iOS device and we do not retain a copy of it. To delete all your information in the App, you can choose the “Delete all my data” option in the “Settings” section of the App.
  • Restricting, objecting to processing of personal information. You can withdraw your consent to processing of your personal information at any time, including by stopping use of a feature, deleting your data, or deleting the App. You may also decline to submit information through the Services. Should you withdraw consent, we will not be able to provide certain services to you. You may revoke access to the camera on your device by disallowing access through the iOS Privacy Settings, in which case the App will not be able to measure your heart rate. You can also revoke the access of third-party applications like the Apple Health app and Runkeeper through the “Settings” section of the App.

If you believe we have personal information about you that you do not want us to have or would like to request a copy of your personal information collected, please contact us as described below (see “How to contact us”) and we will remove the data as you request or send you a copy as soon as is reasonably practicable. If you live in the EEA, you also have a right to lodge a complaint with your local data protection authority.

Children's Privacy

The Services are not for use by children under the age of 16. We do not knowingly collect personal information from children under the age of 16 and do not target the Site or the App to children under 16. If you are under 16, you should not provide any information to us. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us (info@cardiio.com), and we will endeavor to remove that information.

Cookies

Cookies are small text files that websites store on your device to help you navigate their websites efficiently and perform certain functions. We use a session cookie ('crumb')  that prevents cross site forgery and is erased when you exit your web browser. Our cookies do not read personal information off your device. If you do not wish to have cookies placed on your device, you should set your browsers to refuse cookies before using the Site, with the drawback that certain features of the Site may not function properly without the aid of cookies. For more information visit www.aboutcookies.org or www.allaboutcookies.org.

Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to “Do Not Track” signals, our website does not currently respond to such signals.

Our Services may contain links to third-party websites that are outside of our control and not covered by this Privacy Policy. If you access and use such websites, we encourage you to review their own privacy policies.

Changes to our privacy policy

We may change this Privacy Policy from time to time. If we make material changes, we will present the revised Privacy Policy when you launch the App and will secure your express consent that requires you to physically scroll through the entire policy and, before using the App, click on a button that states: “I have read and agree to the Privacy Policy for the App.” For visitors to the Site, your continued use of the Site after any change in this Privacy Policy will constitute your acceptance of such change. We recommend that you revisit this policy from time to time to ensure you are aware of any changes.

How to contact us

If you have any questions or concerns about this Privacy Policy, please email us at info@cardiio.com.