Last Updated: October 2, 2017.
What We Collect
Personal Data is data that can be used to identify or contact you. Cardiio is strongly committed to protecting the privacy of its user community. The App requires access to the camera on your device in order to measure your heart rate. Images from the camera feed are processed locally on your device and cleared immediately afterwards. We do not collect any images obtained from the camera feed. We do not require or offer any form of registration, allowing you to access the Site and use the App without providing any Personal Data.
Communications with us. When you send us emails such as customer support inquiries, we may maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.
Anonymous Data refers to data that by itself does not permit the identification of a specific individual. We collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with the App or the Site. We may collect the following types of Anonymous Data when you use the App or the Site.
Data you enter in the App. We may collect the age, gender, weight, health conditions, note, state of measurement, and duration of activity that you enter in the App. You can always refuse to supply user data, with the caveat that it may prevent you from engaging in certain App-related content.
Measurement data produced by the App. We may collect the app version, device hardware model, device operating system (OS) version, language and region settings, timestamp, measurement mode (finger/face), heart rate, and waveforms related to your heart signal obtained from the processing of the camera input.
Geolocation information. We may collect the geolocation (e.g. GPS) of your mobile device at the time of a saved measurement only with your permission. We do not access or track your geolocation information in the background.
How We Use Your Data
If you contact us by email, we may use the email address you provide to answer your question or resolve your problem. Cardiio also may use that email address to tell you about new features, solicit your feedback, or just keep you up-to-date with Cardiio and our products. You can always opt out of email marketing by clicking on the “Unsubscribe” link appended to the end of a promotional email from us.
Cardiio deems Personal Data confidential and does not disclose such information without the express informed consent of the user. User consent shall be secured through an express action by the user such as clicking a check-box, providing an electronic signature, or other substantially similar method, after clear and conspicuous disclosure immediately above such check-box or electronic signature indicating that the user is agreeing to the disclosure of his or her information by Cardiio. A pre-checked box will not be considered evidence of consent. Cardiio will not release Personal Data to any person or organization not specifically authorized by the individual user, unless such disclosure is required pursuant to a lawful request from a federal, state, local, or foreign law and civil enforcement agencies. If Cardiio discloses Personal Data pursuant to such a request, it shall notify users. We will not rent or sell Personal Data to anyone.
The Anonymous Data you provide allows us to perform analysis and generate the appropriate statistics relevant to you. We use the Anonymous Data to better understand our users as well as to improve the content and functionality of the App. For example, to estimate the number of calories burned, information such as age, gender, weight, and heart rate is necessary. Collecting the waveforms related to the heart signal allows us to perform research and development, improve the App, and develop new features or services. If we do collect information regarding your GPS location with your permission, we will not share such information without your express consent.
We may conduct research on our end user's demographics, interests, and behavior based on the Anonymous Data. This research may be compiled and analyzed on an aggregated basis. Cardiio may share with its affiliates, agents, and business partners this “aggregated” data compiled from the information that it collects from users. These aggregate data do not identify you personally. We may also disclose aggregated data in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes. Although these aggregated data do not identify users personally, there is a risk that third parties who receive such data from Cardiio may reidentify specific users. Prior to sharing any Anonymous Data with third parties, Cardiio, Inc. will secure in writing the express written agreement of such third parties that they will not attempt to re-identify the information to any particular individual.
Security Policy/Procedures and Standard of Care
Access to Personal and Anonymous data is limited to authorized employees or Contractors that (i) need to know that information in order to process it on our behalf or to provide services available in the App, or (ii) that have agreed not to disclose it to others.
We take all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of Personal and Anonymous data. However, no system can be 100% secure, and, therefore, despite our best efforts, there could be unauthorized access to this data. By using the Site or the App, you accept this risk.
We will retain de-identified Anonymous Data for an indefinite amount of time for research and development purposes. If you contacted us via email, your email will be retained for communication purposes for a reasonable time thereafter. If you believe we have Personal Data about you that you do not want us to have or would like to request a copy of your Personal Data collected, please contact us as described below (see "Contact Us") and we will remove the data as you request or send you a copy as soon as is reasonably practicable.
We do not knowingly collect Personal Data from children under the age of 13 and do not target the Site or the App to children under 13. If you are under 13, you should not provide any data to us. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us (firstname.lastname@example.org), and we will endeavor to delete that information from our databases.
Google Analytics cookies. Google Analytics uses first-party cookies to track visitor interactions and collect information about how visitors use the Site. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. We then use the information to compile reports and to help us improve our site. You can opt out of Google Analytics – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.
How We Respond to “Do Not Track” Signals
We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "do not track" instructions. However, we do not collect Personal Data from visitors to our Site.