This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and legal protections.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
The words capitalized in this document have meanings defined under the following conditions. These definitions will apply whether the terms are singular or plural.
For the purposes of this Privacy Policy:
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Application refers to CardioCore-AI Vital, the software program provided by the Company.
Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of processing Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of processing consumers' personal information, conducting business in California.
CCPA and/or CPRA refers to the California Consumer Privacy Act (the "CCPA") as amended by the California Privacy Rights Act of 2020 (the "CPRA").
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to VitalZcan AI. For the purpose of the GDPR, the Company is the Data Controller.
Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Service such as a smartphone, tablet or computer.
GDPR refers to EU General Data Protection Regulation.
Personal Data is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, identification number, location data, online identifier or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity. For the purposes of the CCPA/CPRA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
Service refers to the Application.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You can be referred to as the Data Subject or as the User as you are the individual using the Service.
Personal Data
During Your use of Our Service, We may request that You furnish certain personally identifiable information which can be used to communicate with or recognize You. This personally identifiable information may encompass, but is not confined to:
Email address
First name and last name
Phone number
Usage Data
Usage Data is automatically collected during the use of the Service. This data may encompass details such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the specific pages of our Service that You visit, the date and time of Your visit, the duration spent on those pages, unique device identifiers, and other diagnostic data.
If You access the Service through a mobile device, certain information may be gathered automatically, including, but not limited to, the mobile device type You utilize, Your mobile device's unique ID, Your mobile device's IP address, Your mobile operating system, the variety of mobile Internet browser You employ, unique device identifiers, and other diagnostic data.
Information Collected while Using the Application
While using Our Application and aiming to offer specific features, We may gather the following information with Your explicit consent:
Heart rate measurements collected through your device's camera
Photos and videos from your Device's camera and photo library (for heart rate analysis)
Health data from Health (if authorized)
Location data (to provide context for heart rate readings)
Device motion and orientation data (for measurement accuracy)
We utilize this data to deliver features within Our Service and enhance and tailor Our Service according to user preferences. The information may either be uploaded to the Company's servers and/or a Service Provider's server, or it might be stored solely on Your device.
You have the option to activate or deactivate access to this information at any time through Your Device settings.
The Company may utilize Personal Data for the following objectives:
To provide and maintain our Service, including monitoring usage of the Service
To manage Your requests: To attend and manage Your requests to Us
To contact You: To contact You by email, phone, or other equivalent forms of electronic communication regarding updates or informative communications related to the functionalities, products or contracted services
To provide You with news, special offers and general information about other goods, services and events similar to those you've already purchased or inquired about, unless you've chosen not to receive such information
To process Your health data for heart rate monitoring and analysis
To improve the accuracy of heart rate measurements through AI algorithms
To generate health reports and insights based on Your heart rate data
To detect potential health anomalies and provide alerts (if enabled)
For business transfers: To evaluate or conduct a merger, divestiture, restructuring, or other transfer of assets
The Company will uphold Your Personal Data solely for the duration necessary to fulfill the objectives outlined in this Privacy Policy. We will maintain and utilize Your Personal Data to the extent obligatory to adhere to legal requirements, resolve disputes, and enforce our legal agreements and policies.
Additionally, the Company will preserve Usage Data for internal analytical purposes. Usage Data is typically retained for a shorter duration, except when this data contributes to enhancing security or improving the functionality of Our Service.
Your information, including Personal Data, is processed at the operational offices of the Company and in any other locations where the parties involved in processing are situated. This implies that the information may be transmitted to and maintained on computers situated outside of Your state, province, country, or any other governmental jurisdiction.
Your consent to this Privacy Policy, followed by Your provision of such information, signifies Your agreement to this transfer.
The Company will take all reasonably necessary measures to ensure that Your data is handled securely and in accordance with this Privacy Policy.
You possess the right to request the deletion of the Personal Data collected about You or seek assistance from Us in this process.
Our Service may offer You the option to delete specific information pertaining to You directly within the Service.
At any time, You have the ability to update, modify, or delete Your information by visiting the settings section. Additionally, You can reach out to Us to request access to, correct, or erase any personal information that You have shared with Us.
It's important to note, however, that in instances where we are legally obligated or have a lawful basis to do so, we may need to retain certain information.
Business Transactions
In the event of the Company's engagement in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will notify You before Your Personal Data is transferred and becomes subject to a distinct Privacy Policy.
Law enforcement
In specific situations, the Company might necessitate disclosing Your Personal Data as mandated by law or in response to valid requests from public authorities.
Other legal requirements
The Company may reveal Your Personal Data with a genuine belief that such action is indispensable to:
Abide by a legal obligation
Safeguard and uphold the rights or property of the Company
Prevent or probe potential misconduct associated with the Service
Ensure the personal safety of Service Users or the public
Mitigate legal liability
The safeguarding of Your Personal Data is a priority for Us. However, it's important to note that no method of transmission over the Internet or electronic storage can be guaranteed to be 100% secure. Although We make every effort to utilize commercially acceptable means to secure Your Personal Data, We cannot assure its absolute security.
Data Processing Agreement for Health Information
As a provider of health-related services, we maintain strict data processing agreements with all third-party service providers to ensure appropriate handling of health information.
Legal Basis for Processing Personal Data under GDPR
We may handle Personal Data based on the following circumstances:
Consent: You have provided Your consent for the processing of Personal Data for specific purposes.
Performance of a Contract: The disclosure of Personal Data is essential for the performance of an agreement with You.
Legal Obligations: Processing Personal Data is imperative to comply with legal obligations.
Vital Interests: Processing Personal Data is essential to safeguard Your vital interests.
Legitimate Interests: Processing Personal Data is necessary for the legitimate interests pursued by the Company.
Your Rights under the GDPR
The Company is committed to upholding the confidentiality of Your Personal Data and ensuring that You can exercise Your rights.
As per this Privacy Policy, and in compliance with EU law, You have the following rights:
Request access to Your Personal Data: The right to access, update or delete the information We have on You.
Request correction of the Personal Data: You have the right to have any incomplete or inaccurate information corrected.
Object to processing of Your Personal Data: This right exists where We are relying on legitimate interest as the legal basis for processing.
Exercising of Your GDPR Data Protection Rights
To assert Your rights of access, rectification, erasure, and objection, feel free to reach out to Us. Please be aware that we may request verification of Your identity before addressing such requests.
This section applies exclusively to California residents.
Categories of Personal Information Collected
We gather information that can be linked to a specific Consumer or Device:
Category A: Identifiers: Real name, email address, device identifiers. Collected: Yes.
Category B: Customer Records: Name, phone number. Collected: Yes.
Category D: Commercial Information: Service usage data. Collected: Yes.
Category E: Network Activity: Interaction with our Service. Collected: Yes.
Category K: Sensitive Personal Information: Health data (heart rate measurements). Collected: Yes.
Sources of Personal Information
We acquire personal information from:
Directly from You (forms, preferences, purchases)
Indirectly from You (observing activity)
Automatically from You (cookies, device data)
From Service Providers (third-party vendors)
Your Rights under the CCPA/CPRA
The CCPA/CPRA provides California residents with specific rights:
Right to notice: Be informed about collected data categories and purposes
Right to know/access: Request disclosure about collection and use of personal information
Right to opt-out: Direct Us to not sell Your personal information
Right to correct: Correct inaccurate personal information
Right to limit sensitive data: Request limitation on sensitive personal information use
Right to delete: Request deletion of Your Personal Data
Right to non-discrimination: Not be discriminated against for exercising rights
Do Not Sell My Personal Information
As per the CCPA/CPRA, "sell" includes sharing consumer information for valuable consideration.
We do not sell health data. However, we permit Service Providers to utilize your information for business purposes described in Our Privacy Policy. These activities may be considered a sale under CCPA/CPRA.
You have the right to opt-out of the sale of Your personal information. To exercise this right, please contact us.
Our Service is not intended for individuals under the age of 13. We do not intentionally gather personally identifiable information from anyone under the age of 13.
Our Service may include links to websites operated by third parties. We do not have control over, and take no responsibility for the content, privacy policies, or practices of any third-party sites or services.
We may periodically update Our Privacy Policy. We will inform You of any changes by posting the revised Privacy Policy on this page.
If you have any questions about this Privacy Policy, You can contact us:
By email: help.aiheart@outlook.com