Last Updated: May 25, 2018.
What information do we process and why?
Personal information, or personally identifiable user information, is information that can directly or indirectly identify you. The Services avoid processing personal information like your name, phone number, and email address by not offering any form of registration or account creation.
To protect your privacy when you use the App, all information is processed locally on your iOS device and not on a remote server. When you use the App, your data is stored locally and not transmitted elsewhere unless you explicitly choose to export or share it. We process the following categories of information:
- Information generated from your use of the App. When you initiate a heart rate measurement, the App necessarily uses the camera on your iOS device as a light sensor in order to estimate your heart rate. During a measurement, images from the camera feed are processed locally on your device and deleted immediately afterwards. We do not retain or transmit any images obtained from the camera feed. We will ask for your express consent to grant the App access to the camera. You can revoke permission at any time by disallowing access through the iOS Privacy Settings.
When you perform a heart rate measurement using the App, it may estimate a variety of metrics such as your heart rate, pulse waveform, endurance score, calories burned. This App-generated information does not personally identify you. We do not access, collect or disclose your geolocation (GPS) data. If you choose to save your measurement, we will store the App-generated information locally on your iOS device. We also save the timestamp of the measurement in order to help you keep a record. You can always decline to save a measurement, or delete a previously saved measurement through the App.
- Information you enter in the App. We process the demographic information (age, gender, weight) you may enter into the App to estimate statistics and provide you with comparisons in your age range and gender group. For example, to estimate the number of calories burned, information such as age, gender, weight, and heart rate is needed. To further protect your privacy, we do not ask for your exact age if you are 90 years or older, but instead process all ages above 89 years as a single group (’90 or older’). This demographic information is stored locally on your iOS device.
You may choose to add your body state (e.g. “rest” or “active”), duration of activity, and a note associated with a heart rate measurement and save it locally on your device. To protect your privacy, we urge you to refrain from including any personal information or sensitive information in the notes.
- Information you provide when you contact us. If you contact us for support or send us feedback via email, we will receive the contents of your message or any attachments you may send to us. We may use the email address you provide to answer your question or help resolve your problem.
To the extent that information we process is personal information concerning health, we rely on your consent as a lawful basis for processing. You can withdraw your consent at any time (see “Your rights and choices”), in which case we will not be able to provide certain services to you.
How do we use the information?
We may process your information, including personal information, for the following purposes:
- Provide and maintain the Services. To provide you with the features we offer in the App such as estimating your heart rate and other metrics. The lawful basis for this processing is performance of a contract.
- Communicate with you. To respond to your inquiries, provide troubleshooting, and for other customer service purposes. The lawful basis for this processing is our legitimate interest in providing quality product support.
- Improve and develop the Services. To perform data analysis, conduct research and develop new products and features. The lawful basis for this processing is our legitimate interest in developing our business and improving our Services.
- Comply with law. To comply with applicable governmental regulations, a court order, or binding law enforcement request. The lawful basis for this processing is our legal obligation.
How is the information shared?
Cardiio deems personally identifiable information confidential and will not disclose such information without securing your express informed consent. We will not release personal information to any person or organization not specifically authorized by you. We may share personal information in the circumstances described below.
- Service providers. We may need to employ third-party service providers to help us provide and maintain our services and business, such as providers of hosting, email communication, and other similar services. These third-party service providers may have limited access to your information to perform services on our behalf or to comply with legal requirements, and are contractually obligated to safeguard any information received from us.
- Legally required. We may disclose personally identifiable user information in response to lawful requests from federal, state, local, or foreign law and civil enforcement agencies.
We may share with our affiliates, agents and business partners non-personal information (for example, anonymized or aggregated information compiled from the information collected from users) for research, marketing, analytics or similar purposes. Although this information does not identify you personally, there is a risk that third parties who receive such information from us may re-identify specific users. Before sharing any de-identified data with third parties, we will secure in writing the express written agreement of such third parties that they will not attempt to re-identify the information to any particular individual.
How long is the information retained?
Your information processed by the App is stored locally on your iOS device and we do not retain a copy of it. You may delete previously saved information from measurements in the “History” section of the App at any time. The App automatically deletes previously saved information from measurements older than 30 days.
How is the information protected?
We have implemented reasonable precautions to protect against the unauthorized access, use, alteration or destruction of your information. Information stored locally on your iOS device is encrypted. However, no system can be 100% secure, and, therefore, despite our best efforts, there could be unauthorized access to this data. By using the Site or the App, you accept this risk. You should take steps to protect against unauthorized access to your iOS device by, among other things, choosing a robust passcode that nobody else knows or can easily guess, and keeping your passcode private.
Your rights and choices
We provide you tools in the App to control your information as described below. If you live in the European Economic Area (EEA), you have a number of legal rights with respect to your personal information, which these tools allow you to exercise.
- Accessing and exporting personal information. By accessing the App, you can see your information saved locally on your iOS device. The “History” section of the App also allows you to export your data.
- Editing and deleting personal information. You may edit information like gender, weight, duration of activity, and note associated with a heart rate measurement in the App. You can also delete data on previously saved measurements in the “History” section of the App. If you choose to delete previously saved measurements, we cannot recover it for you because the data is only saved locally on your iOS device and we do not retain a copy of it. To delete all your information in the App, you can choose the “Delete all my data” option in the “Settings” section of the App.
- Restricting, objecting to processing of personal information. You can withdraw your consent to processing of your personal information at any time, including by stopping use of a feature, deleting your data, or deleting the App. You may also decline to submit information through the Services. Should you withdraw consent, we will not be able to provide certain services to you. You may revoke access to the camera on your device by disallowing access through the iOS Privacy Settings, in which case the App will not be able to measure your heart rate. You can also revoke the access of third-party applications like the Apple Health app and Runkeeper through the “Settings” section of the App.
If you believe we have personal information about you that you do not want us to have or would like to request a copy of your personal information collected, please contact us as described below (see “How to contact us”) and we will remove the data as you request or send you a copy as soon as is reasonably practicable. If you live in the EEA, you also have a right to lodge a complaint with your local data protection authority.
The Services are not for use by children under the age of 16. We do not knowingly collect personal information from children under the age of 16 and do not target the Site or the App to children under 16. If you are under 16, you should not provide any information to us. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us (firstname.lastname@example.org), and we will endeavor to remove that information.
Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to “Do Not Track” signals, our website does not currently respond to such signals.
How to contact us