Privacy Policy
Legal Information
Last modified: April 2023
Heartify LLC, a company registered and acting under the laws of the United States with registration number 001466554, having its registered office at 50 Milk St, 18th Floor, Boston, MA, United States (“Heartify”, “Company”, ”we, “us”, or “our”), takes your privacy seriously. This Privacy Policy (the “Policy”) explains our data protection commitment and practices and describes the types of information we may process when you use our Websites and/or install and use the Heartify Heart Rate Monitor software application for mobile devices (”the App”, “our App”).
When we refer to personal data (or personal information), we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data or to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status (“Personal Data”).
Our Privacy Policy applies to all users and others who access the App (”Users”), as well as other persons who access this website and other Company’s websites and landing pages (the “Website(s)”) and/or persons whose Personal Data we may process as a result of our business activities. We also refer to such persons by “you” used in the text.
For the purposes of the General Data Protection Regulation (EU) 2016/679 and applicable national legislation implementing the GDPR and, if applicable, the UK Data Protection Act 2018 and the UK GDPR (hereinafter collectively the “GDPR”), we are the data controller, unless otherwise stated. Our service providers and/or other business partners may process your Personal Data as data processors on our behalf and according to our instructions to assist us in meeting business operations needs and to perform certain services and functions, such as engineering, sales, and marketing.
PLEASE READ THE FOLLOWING PRIVACY POLICY FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL INFORMATION MAY BE PROCESSED CAREFULLY. WHEN YOU USE THE APP AND/OR THE WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE READ THE NOTICE IN SECTION 7 OF THIS POLICY.
When we refer to personal data (or personal information), we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data or to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status (“Personal Data”).
Our Privacy Policy applies to all users and others who access the App (”Users”), as well as other persons who access this website and other Company’s websites and landing pages (the “Website(s)”) and/or persons whose Personal Data we may process as a result of our business activities. We also refer to such persons by “you” used in the text.
For the purposes of the General Data Protection Regulation (EU) 2016/679 and applicable national legislation implementing the GDPR and, if applicable, the UK Data Protection Act 2018 and the UK GDPR (hereinafter collectively the “GDPR”), we are the data controller, unless otherwise stated. Our service providers and/or other business partners may process your Personal Data as data processors on our behalf and according to our instructions to assist us in meeting business operations needs and to perform certain services and functions, such as engineering, sales, and marketing.
PLEASE READ THE FOLLOWING PRIVACY POLICY FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL INFORMATION MAY BE PROCESSED CAREFULLY. WHEN YOU USE THE APP AND/OR THE WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS.
IF YOU ARE A CALIFORNIA RESIDENT, PLEASE READ THE NOTICE IN SECTION 7 OF THIS POLICY.
This Privacy Policy applies to the information that we obtain through your use of our Website, App, or when you otherwise interact with us.
The Company’s Website may contain links to other websites. We are not responsible for the information practices or the content of such other websites. Our Website may also include social media features, such as Facebook, Twitter, Google+, LinkedIn, Xing buttons. These features may collect your IP address and which page you visit on our site and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy statements of the company providing them. You should always review the policies of third-party products and services to make sure you are comfortable with how they collect and use your information.
The Company’s Website may contain links to other websites. We are not responsible for the information practices or the content of such other websites. Our Website may also include social media features, such as Facebook, Twitter, Google+, LinkedIn, Xing buttons. These features may collect your IP address and which page you visit on our site and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy statements of the company providing them. You should always review the policies of third-party products and services to make sure you are comfortable with how they collect and use your information.
There are several categories of information that can be processed. In most cases, we obtain anonymized and/or pseudonymized (de-identified) data, which does not allow us to identify you directly for analytics and marketing purposes from corresponding analytics software tools (third-party services providers). Your privacy is our high priority, so we prefer, to the maximum possible extent, using instruments that disable the collection of clearly identifiable information and provide us with information in aggregated, encrypted, anonymized, and/or pseudonymized (non-identifiable) form. However, we understand that some categories of such information may be deemed Personal Data, in particular, for the purposes of GDPR. With regard to such Personal Data, the rules set out in this Privacy Policy are always strictly followed.
3.1. Information that you submit
You may provide personal information directly if it is needed for your use of our App. This information is necessary for the adequate performance of the contract between you and us. Without such information, it is impossible to provide the complete functionality of the App and perform the requested services. Depending on the App's functionality, the following information can be processed:
All information you submit is stored locally on your device and may be transferred to our server storage and/or service providers as necessary to provide services to you. This information is never disclosed to third parties (except our authorized service providers) unless you share it by yourself. You can remove or alter your personal information at any time. Once you uninstall App, your personal information (including Personal Data) will be stored and used in a non-identifiable form for a period of time needed to achieve the purposes set out in Section 4 of this Policy.
Also, we may collect other data that you submit to our Websites or App as you participate in any interactive features of them, participate in a survey, contest, promotion, sweepstakes, activity, or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us.
If you are our current, formal or prospective employee or individual subcontractor, we also ask you to provide consent for collecting education-, career-related, and other background information (“Employment information”), which we process according to this Policy and/or our notice related to processing recruitment data that is provided in your contract or as a separate document by our HR-specialists.
If you are providing information (including personal data) about someone else, you must have the authority to act for them and to consent to the collection and use of their personal data as described in this Privacy Policy.
3.2. Information received from third parties
We may also obtain information from third parties, such as:
3.3. Information collected automatically
When you use the App, some information about your device and your user behavior may be collected and processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information based on our legitimate interest in improving our App and giving our users the best experience. If we do not access such data, we may not be able to provide you with all the features of the App.
Device Details. When you use a mobile device (tablet/phone/smartwatch) to access our App, some of the details about your device are reported, including device identifiers and other metadata. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, uniquely identifying your mobile device (but not your personality). Device identifier enables generalized reporting, analytics, and/or personalized content and ads by third parties. In this regard, the following information may be collected and processed:
Information provided automatically to third-party advertising or analytics tools does not generally come under our control; therefore, we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility. For example, in a case when your user ID is linked to your Facebook account, Facebook may use your device information in association with categorized data that were already recorded in its databases (e.g. your age, gender or other demographic indication). We do not control, supervise or stand surety for how the third parties process your personal data that might be collected by their own means (not through our App). Any information request regarding the disclosure of your personal information should be directed to such third parties.
Payment Information. Our e-commerce provider (Apple) is responsible for billing, processing, and charging for in-app purchases, handles your personal information, and keeps it absolutely safe and secure. We cannot access or use your credit or debit card information. You may access the applicable in-app purchase rules and policies directly from the app stores.
Information collected through the Websites. When you access and use our Websites, we may process the following data:
3.1. Information that you submit
You may provide personal information directly if it is needed for your use of our App. This information is necessary for the adequate performance of the contract between you and us. Without such information, it is impossible to provide the complete functionality of the App and perform the requested services. Depending on the App's functionality, the following information can be processed:
- Personal Information (gender, date of birth or age, weight records, heart rate, duration of activity, body state activity, rest, percentage of fat, height, etc.), which you may fill in when you choose to track physical parameters for your convenience, and/or share by connecting the other app to our App.
- Contact Information (name, e-mail address, and any other Personal Data you voluntarily share with us) which you may fill in by yourself in contact forms on our Websites when you contact us via email. We use such information to respond effectively to your inquiry, fulfill your requests, and send you marketing and system communications respond to your requests and perform the requested services.
- Activity Information directly related to your use of the App. We may have technical access to your camera roll required as a light sensor to estimate your heart rate. During a measurement, images from the camera feed are processed locally on your device and deleted immediately afterward. However, we cannot collect, store or use the data contained in your camera roll.
- Your heart rate measurement using the App may estimate various metrics such as your heart rate, pulse waveform, endurance score, etc. If you choose to save your measurement, this information will be stored locally on your device. The App also saves the timestamp of the measurement to help you keep a record. You can always decline to save a measurement or delete a previously saved measurement through the App.
All information you submit is stored locally on your device and may be transferred to our server storage and/or service providers as necessary to provide services to you. This information is never disclosed to third parties (except our authorized service providers) unless you share it by yourself. You can remove or alter your personal information at any time. Once you uninstall App, your personal information (including Personal Data) will be stored and used in a non-identifiable form for a period of time needed to achieve the purposes set out in Section 4 of this Policy.
Also, we may collect other data that you submit to our Websites or App as you participate in any interactive features of them, participate in a survey, contest, promotion, sweepstakes, activity, or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us.
If you are our current, formal or prospective employee or individual subcontractor, we also ask you to provide consent for collecting education-, career-related, and other background information (“Employment information”), which we process according to this Policy and/or our notice related to processing recruitment data that is provided in your contract or as a separate document by our HR-specialists.
If you are providing information (including personal data) about someone else, you must have the authority to act for them and to consent to the collection and use of their personal data as described in this Privacy Policy.
3.2. Information received from third parties
We may also obtain information from third parties, such as:
- Our authorized resellers, distributors, and partners if there is a lawful basis to do so. For example, if you purchase access to the App through one of these partners.
- Other third parties, such as email campaigns, marketing partners, and publicly available sources. We may use this information to enhance the information that we already maintain about you and to improve the accuracy of our records, in addition to other purposes described in this Privacy Policy.
- Social media and authentication services. We may have access to certain information from a third-party social media or authentication service if you log into our App through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third-party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third-party service makes available to us, and to use and disclose it under this Privacy Policy. You should check your privacy settings on these third-party services to understand and change the information sent to us through these services.
3.3. Information collected automatically
When you use the App, some information about your device and your user behavior may be collected and processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information based on our legitimate interest in improving our App and giving our users the best experience. If we do not access such data, we may not be able to provide you with all the features of the App.
Device Details. When you use a mobile device (tablet/phone/smartwatch) to access our App, some of the details about your device are reported, including device identifiers and other metadata. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, uniquely identifying your mobile device (but not your personality). Device identifier enables generalized reporting, analytics, and/or personalized content and ads by third parties. In this regard, the following information may be collected and processed:
- Information about the device itself: type of your device, type of operating system, and its version, model, and manufacturer.
- Information about the internet connection: mobile carrier, IP address, timestamp, and duration of sessions.
- Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, and time zone.
- Device identifiers and technical identifiers.
- Information about the applications: name, API key (identifier for application), version, and App properties can be reported for automated processing and analysis.
- Cookies and similar technologies. When you use the App, cookies and similar technologies may be used (pixels, web beacons, scripts). A cookie is a text file containing small amounts of information that are downloaded to your device when you access the App. The text file is then sent back to the server each time you use the App. This enables us to operate the App more effectively. For example, we will know how many users access specific areas or features within our App and which links or ads they clicked on. We use this aggregated information to understand and optimize how our App is used, improve our marketing efforts, and provide content and features that interest you. We may ask advertisers or other partners to serve ads or services to the App, which may use cookies or similar technologies.
- Log file information. Log file information is automatically reported each time you request to access the App. It can also be provided when the App is installed on your device. When you use our App, analytics tools automatically record certain log file information, including the time and date when you start and stop using the App and how you interact with the App.
- In-app events. When you use our App, analytics tools automatically record in-app information (tutorial steps, leveling up, payments, in-app purchases, custom events, progression events, etc.).
Information provided automatically to third-party advertising or analytics tools does not generally come under our control; therefore, we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility. For example, in a case when your user ID is linked to your Facebook account, Facebook may use your device information in association with categorized data that were already recorded in its databases (e.g. your age, gender or other demographic indication). We do not control, supervise or stand surety for how the third parties process your personal data that might be collected by their own means (not through our App). Any information request regarding the disclosure of your personal information should be directed to such third parties.
Payment Information. Our e-commerce provider (Apple) is responsible for billing, processing, and charging for in-app purchases, handles your personal information, and keeps it absolutely safe and secure. We cannot access or use your credit or debit card information. You may access the applicable in-app purchase rules and policies directly from the app stores.
Information collected through the Websites. When you access and use our Websites, we may process the following data:
- Web Logs. As is true with most websites and services delivered over the Internet, we may gather certain information and store it in log files when you interact with our Websites. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, the information you search for, locale and language preferences, identification numbers associated with your device, your mobile carrier, and system configuration information.
- Analytics information from Websites. We collect anonymized and aggregated analytics information when you use our Websites to help us improve our products and services.
- Google Analytics. Our Services use Google Analytics, a web analytics service of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). The use includes the "Universal Analytics" operating mode. This facilitates the assignment of data, sessions, and interactions across several devices to a pseudonymous user ID and, thus, the analysis of a user's activities across devices.
Our mission is to improve our App and provide you with new experiences constantly. As part of this mission, we may use your Personal Data for the following purposes:
Where required by law, we will only send you marketing information if you consent to us doing so at the time you provide us with your personal data or if we obtain your consent to receive marketing information separately. You may opt out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings (where applicable). In addition, if at any time you wish not to receive future communications, or you wish to have your name deleted from our mailing lists, please contact us at privacy@heartify.io. We will continue to contact you via email regarding the provision of our services and to respond to your requests.
- To make our service available. We use functional information and information that is processed automatically to provide you with all requested services.
- To improve, test, and monitor the effectiveness of our App. We use information that is processed automatically to understand user behavior and trends better, detect potential outages and technical issues, to operate, protect, improve, and optimize our App.
- To provide you with interest-based content. We may provide personalized content and information to you.
- To communicate with you. We use the contact information we have to communicate with you, including through newsletters, to send you marketing emails, receive your feedback about our App experience, and let you know about our policies and terms. We also use your information to respond to you when you contact us and to provide you with user support.
- Send transactional messages, including responding to your comments, questions, and requests related to your use or intention to use our App.
- Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, and events and sending updates about our App, providing other news or information about our selected partners and us that may be interesting to you, including by email, push notification or otherwise, as permitted by law.
- To conduct HR activities with regard to your Employment information, ensure and perform our rights and obligations as an employer or a customer if you act as an individual contractor.
- For other internal business purposes, such as data analysis, benchmarking, audits, conducting research, analysis, studies or surveys, and identifying usage trends.
- To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) enforce Terms of Use; (d) protect our operations; (e) protect our rights, privacy, the safety of property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
- If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing.
- If any new purposes for processing your personal data arise, we will let you know we start to process the information for that other purpose by introducing the corresponding changes to this Privacy Policy.
Where required by law, we will only send you marketing information if you consent to us doing so at the time you provide us with your personal data or if we obtain your consent to receive marketing information separately. You may opt out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings (where applicable). In addition, if at any time you wish not to receive future communications, or you wish to have your name deleted from our mailing lists, please contact us at privacy@heartify.io. We will continue to contact you via email regarding the provision of our services and to respond to your requests.
We will share your information with third parties only in the ways that are described in this Privacy Policy. We share your Personal Data only with our employees and contractors, agents, and auditors who need to know or otherwise access Personal Data under this Privacy Policy and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Data in accordance with this Privacy Policy.
Please note that while integrating external services, we choose third parties that can assure they apply all necessary technical and organizational measures to protect users` personal data. However, we cannot guarantee the security of any information transmitted from us to any such third party. Provided that we followed all demands of applicable personal data protection legislation, we are not responsible for any accidental loss or unauthorized access to your personal data through the fault of third parties.
We will not rent or sell your personal data to any third parties, but we may share your information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that provide automatic and other data processing technologies for the App.
5.1. Disclosures made by you
When you use our App, the result of measurements and other functions will be displayed back to you. Certain features of our App allow you to make some of your measurements public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you share at your discretion.
5.2. Service providers and subcontractors
We may engage the following third-party service providers in order to provide us with the necessary infrastructure for the delivery and improvement of our services, as well as for marketing purposes:
Amazon Web Services EMEA SARL
Cloud storage services
EU, USA
Privacy Statement | Data Processing Addendum
Appsflyer Ltd.
Analytics services
USA
Services Privacy Policy | Data Processing Addendum
Facebook (Meta)
Analytics / ad management services
USA
Privacy Policy | Data Processing Addendum
Firebase (Google LLC)
Hosting and management services
USA
Privacy Policy | Cloud Data Processing Addendum | Firebase Data Processing and Security Terms
Amplitude, Inc.
Analytics tool
USA
Privacy Notice | Data Processing Addendum
App Store (Appe Inc.)
Technical, payment processing and analytics services
USA
App Store & Privacy | App Analytics & Privacy
RevenueCat (RevenueCat, Inc.)
Technical and transactional analytics services
USA
Privacy Policy | Data Processing Addendum
Heroku (Salesforce Inc.)
Analytics and storage services
USA
Privacy information | Data Processing Addendum
DigitalOcean (DigitalOcean, LLC)
Analytics and storage services
USA, EU
Privacy Policy | Data Processing Agreement
OneSignal, Inc.
Push notifications and analytics service
USA, EU
Privacy Policy | Data Processing Addendum - to be provided on data subject`s demand, if applicable
Mars Media Group
Marketing services
USA, EU
Privacy Policy | Data Processing Agreement
Send Grid (Twilio Inc.)
Emailing and marketing services
USA, EU
Privacy Policy | Data Processing Agreement
This list may be amended or modified from time to time according to our business needs, on our sole discretion and without giving notice to you. However, you may execute rights as provided herein and we may be be obliged to disclose details of our processing practices under applicable law.
We do not share identifiable health data with these third parties for marketing and other purposes not related to providing you with access to our Services.
5.3. Third-party websites and social media widgets
Our App may contain links to third-party websites/services, or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them. Our Services may also contain social media features, such as the Twitter “tweet” button. These features may collect your IP address and which page you visit on our Websites and App, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.
5.4. Business transfers, legal requirements, and protection of our rights
We may disclose your personal information if it is needed for objective reasons, due to the public interest, or in other unforeseen circumstances:
5.5. Aggregated or anonymized data
We may share aggregated or anonymized information that does not directly identify you with the third parties described above.
Please note that while integrating external services, we choose third parties that can assure they apply all necessary technical and organizational measures to protect users` personal data. However, we cannot guarantee the security of any information transmitted from us to any such third party. Provided that we followed all demands of applicable personal data protection legislation, we are not responsible for any accidental loss or unauthorized access to your personal data through the fault of third parties.
We will not rent or sell your personal data to any third parties, but we may share your information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that provide automatic and other data processing technologies for the App.
5.1. Disclosures made by you
When you use our App, the result of measurements and other functions will be displayed back to you. Certain features of our App allow you to make some of your measurements public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you share at your discretion.
5.2. Service providers and subcontractors
We may engage the following third-party service providers in order to provide us with the necessary infrastructure for the delivery and improvement of our services, as well as for marketing purposes:
Amazon Web Services EMEA SARL
Cloud storage services
EU, USA
Privacy Statement | Data Processing Addendum
Appsflyer Ltd.
Analytics services
USA
Services Privacy Policy | Data Processing Addendum
Facebook (Meta)
Analytics / ad management services
USA
Privacy Policy | Data Processing Addendum
Firebase (Google LLC)
Hosting and management services
USA
Privacy Policy | Cloud Data Processing Addendum | Firebase Data Processing and Security Terms
Amplitude, Inc.
Analytics tool
USA
Privacy Notice | Data Processing Addendum
App Store (Appe Inc.)
Technical, payment processing and analytics services
USA
App Store & Privacy | App Analytics & Privacy
RevenueCat (RevenueCat, Inc.)
Technical and transactional analytics services
USA
Privacy Policy | Data Processing Addendum
Heroku (Salesforce Inc.)
Analytics and storage services
USA
Privacy information | Data Processing Addendum
DigitalOcean (DigitalOcean, LLC)
Analytics and storage services
USA, EU
Privacy Policy | Data Processing Agreement
OneSignal, Inc.
Push notifications and analytics service
USA, EU
Privacy Policy | Data Processing Addendum - to be provided on data subject`s demand, if applicable
Mars Media Group
Marketing services
USA, EU
Privacy Policy | Data Processing Agreement
Send Grid (Twilio Inc.)
Emailing and marketing services
USA, EU
Privacy Policy | Data Processing Agreement
This list may be amended or modified from time to time according to our business needs, on our sole discretion and without giving notice to you. However, you may execute rights as provided herein and we may be be obliged to disclose details of our processing practices under applicable law.
We do not share identifiable health data with these third parties for marketing and other purposes not related to providing you with access to our Services.
5.3. Third-party websites and social media widgets
Our App may contain links to third-party websites/services, or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them. Our Services may also contain social media features, such as the Twitter “tweet” button. These features may collect your IP address and which page you visit on our Websites and App, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.
5.4. Business transfers, legal requirements, and protection of our rights
We may disclose your personal information if it is needed for objective reasons, due to the public interest, or in other unforeseen circumstances:
- as required by law;
- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request or to enforce our agreements, policies, and terms of service;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via prominent notice in our App of any change in ownership or your personal information usage, as well as any choices you may have regarding your personal information.
5.5. Aggregated or anonymized data
We may share aggregated or anonymized information that does not directly identify you with the third parties described above.
We do not share Personal Data about you with third parties for their marketing purposes (including direct marketing purposes) without your permission. We will share your Personal Data with third parties only in the ways that are described in this Privacy Policy. We do not sell your Personal Data to third parties.
The California Consumer Privacy Act of 2018 (CCPA) is currently not applicable to our business, as far as Heartify LLC does not fall into established criteria of applicability. But, if at the moment of obtaining the relating request from a California resident CCPA becomes applicable, the following rules shall apply.
Please mind that according to CCPA personal information does not include de-identified or aggregated consumer information.
To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Data (“Personal Information”) we collect:
To submit a verifiable consumer request for access, portability, or deletion of Personal Data, please contact us at privacy@heartify.io. In most cases, there is no way to maintain the App's further operation without functional data, therefore you will be advised to remove the App from your device.
When submitting a verifiable request, you should be ready to:
We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third-party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.
We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor's identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.
Nothing in the way we deal with your request shall be interpreted as discrimination, which means that we will not set up different pricing or products, or different level or quality of services for you, if you choose to exercise your rights. However, in some circumstances, we may not be able to provide services if you choose to delete your personal information from our records.
If you don't want us to share device identifiers and geolocation data with service providers, please check your device settings to opt-out as described herein.
Without limiting our ability to disclose information as described in the section of our Privacy Policy entitled “Business transfers”, for purposes of the California Consumer Privacy Act we do not and will not sell your Personal Data.
Please mind that according to CCPA personal information does not include de-identified or aggregated consumer information.
To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Data (“Personal Information”) we collect:
- The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
- The right to request deletion of your Personal Information;
- The right to be free from discrimination relating to the exercise of any of your privacy rights.
To submit a verifiable consumer request for access, portability, or deletion of Personal Data, please contact us at privacy@heartify.io. In most cases, there is no way to maintain the App's further operation without functional data, therefore you will be advised to remove the App from your device.
When submitting a verifiable request, you should be ready to:
- Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, zip code, and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney signed by you.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third-party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.
We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor's identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.
Nothing in the way we deal with your request shall be interpreted as discrimination, which means that we will not set up different pricing or products, or different level or quality of services for you, if you choose to exercise your rights. However, in some circumstances, we may not be able to provide services if you choose to delete your personal information from our records.
If you don't want us to share device identifiers and geolocation data with service providers, please check your device settings to opt-out as described herein.
Without limiting our ability to disclose information as described in the section of our Privacy Policy entitled “Business transfers”, for purposes of the California Consumer Privacy Act we do not and will not sell your Personal Data.
This section applies to individuals in the EEA, the UK and/or Switzerland.
8.1. Legal basis for processing
Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of our Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices. For more information, please refer to Section 4 above.
8.2. Your rights
As the data subject, you have:
You may contact us at privacy@heartify.io to exercise your rights. Heartify LLC will be responsible for responding to your requests under the GDPR.
8.3. International transfers of Personal Data
We work in the cross-border area and provide our App to our Users around the world.
We and third-party organizations that provide data processing technologies for the App or our third-party advertising partners may transfer the processed information across borders and from your country or jurisdiction to other countries or jurisdictions worldwide.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction. This means that your personal information can be transferred to a third country, a territory, or one or more specified sectors within that third country or to an international organization where data protection and confidentiality regulations may not provide the same level of personal data protection as your country does.
We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By agreeing with this Policy, you agree that we may transfer your personal data to any third country, a territory, or one or more specified sectors within that third country or to the international organization.
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check. If applicable, we are party to data transfer agreements/data processing addendums or equivalent legal instruments with each of our service providers, and we will (i) keep each document up to date with current law and (ii) only engage in personally identifiable information transfers from safeguards area to outside safeguards area in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. Where we transfer your Personal Data as described above, we will take steps to ensure that your Personal Data receive adequate security protection where it is processed, and your rights continue to be protected pursuant to the applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission.
8.1. Legal basis for processing
Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of our Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices. For more information, please refer to Section 4 above.
8.2. Your rights
As the data subject, you have:
- the right of access (Art 15 GDPR). If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of the personal data along with certain other details.
- the right to rectification (Art 16 GDPR). If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible.
- the right to erasure (Art 17 GDPR). You may ask us to erase your Personal Data in some circumstances, such as when we no longer need it, or you withdraw your consent. If we shared your Personal Data with others, we will alert them to the need for erasure where possible.
- the right to restriction of processing (Art 18 GDPR). You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restrictions on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible.
- the right to data portability (Art 20 GDPR). You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that we processed with automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- the right to object (Art 21 GDPR). You may ask us at any time to stop processing your Personal Data, and we will do so:
- if we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing or your Personal Data is needed to establish, exercise, or defend legal claims; or
- in certain circumstances, if we are processing your Personal Data for direct marketing.
- the right to withdraw consent (Art 7 (3) GDPR). If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- the right to make a complaint with the data protection authority. If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may contact us at privacy@heartify.io to exercise your rights. Heartify LLC will be responsible for responding to your requests under the GDPR.
8.3. International transfers of Personal Data
We work in the cross-border area and provide our App to our Users around the world.
We and third-party organizations that provide data processing technologies for the App or our third-party advertising partners may transfer the processed information across borders and from your country or jurisdiction to other countries or jurisdictions worldwide.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction. This means that your personal information can be transferred to a third country, a territory, or one or more specified sectors within that third country or to an international organization where data protection and confidentiality regulations may not provide the same level of personal data protection as your country does.
We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By agreeing with this Policy, you agree that we may transfer your personal data to any third country, a territory, or one or more specified sectors within that third country or to the international organization.
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check. If applicable, we are party to data transfer agreements/data processing addendums or equivalent legal instruments with each of our service providers, and we will (i) keep each document up to date with current law and (ii) only engage in personally identifiable information transfers from safeguards area to outside safeguards area in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. Where we transfer your Personal Data as described above, we will take steps to ensure that your Personal Data receive adequate security protection where it is processed, and your rights continue to be protected pursuant to the applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission.
In addition to the rights described in Section 8 of this Policy, we recognize the following options in relation to the personal information of Users and other data subjects located outside the GDPR-applicability areas:
Data Access and Portability. You can request copies of your personal information.
Change or Correct Data. Where you cannot update data by yourself through your account, you have the right to ask to correct, change, update or rectify your data.
Data Retention and Deletion. The user data is generally retained for as long as your user profile is in existence or as it is needed to provide the relevant services. However, specific retention times can vary based on the context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
Restriction of Processing. Under certain circumstances, you may have the right to limit how your personal information is used.
To exercise any of the rights described above, you can contact us via email. Please bear in mind that we ensure the above-mentioned rights only with respect to the information that we physically access and store or if we have a technical opportunity to ensure your rights.
Data Access and Portability. You can request copies of your personal information.
Change or Correct Data. Where you cannot update data by yourself through your account, you have the right to ask to correct, change, update or rectify your data.
Data Retention and Deletion. The user data is generally retained for as long as your user profile is in existence or as it is needed to provide the relevant services. However, specific retention times can vary based on the context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
Restriction of Processing. Under certain circumstances, you may have the right to limit how your personal information is used.
To exercise any of the rights described above, you can contact us via email. Please bear in mind that we ensure the above-mentioned rights only with respect to the information that we physically access and store or if we have a technical opportunity to ensure your rights.
We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information and close your account.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
The security of your personal information is highly important to us. Services we use to maintain the App follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.
Unfortunately, no method of transmission over the Internet or method of electronic storage is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.
Unfortunately, no method of transmission over the Internet or method of electronic storage is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
Our App is not intended for children under the age of 18. Therefore, we do not knowingly collect or solicit any personal information from children under 18. No one under age 18 may provide any personal information to the App. If you are under 18, do not use or provide any information on this App or through any of its features. Do not provide any information about yourself, including your email address. If we learn that we have collected personal information from a child under age 18 without verification of parental consent, we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us.
If you don't want third-party service providers to use to personalize ads on the basis of your interests, please follow the instructions below:
1. Open the Settings app on your phone
2. Go to Privacy & Security
3. Tap Tracking
4. Tap Allow Apps to Request to Track to turn it off.
You can also disable Tracking for Heartify App in the Settings app on your phone.
Please mind when you opt out of certain interest-based advertising, you may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products you are using.
Our App does not track your precise location data.
1. Open the Settings app on your phone
2. Go to Privacy & Security
3. Tap Tracking
4. Tap Allow Apps to Request to Track to turn it off.
You can also disable Tracking for Heartify App in the Settings app on your phone.
Please mind when you opt out of certain interest-based advertising, you may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products you are using.
Our App does not track your precise location data.
This Privacy Policy is updated regularly.
Whenever we change this Privacy Policy, we will post those changes to this Privacy Policy and other places that we consider appropriate. Additional forms of notice of modifications or updates as appropriate under the circumstances may be provided to you.
Whenever we change this Privacy Policy, we will post those changes to this Privacy Policy and other places that we consider appropriate. Additional forms of notice of modifications or updates as appropriate under the circumstances may be provided to you.
If you have any questions about this Privacy Policy, please feel free to contact us via email privacy@heartify.io.
