Privacy Policy

SUPPORT: Contact information with any questions: veerchopra28@gmail.com

# PRIVACY POLICY - HEARIFY

**Last Updated: February 19, 2026**

## 1. INTRODUCTION

This Privacy Policy explains how Hearify, Inc. ("we," "us," or "our") collects, uses, discloses, and protects your information when you use Hearify mobile applications, including HearifyV1 (patient app) and HearifyPro (clinician app) (collectively, the "Services").

**Your privacy is critically important to us.** We are committed to protecting your personal information and being transparent about our data practices.

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

## 2. INFORMATION WE COLLECT

### 2.1 Information You Provide Directly

#### Account Information (HearifyV1 & HearifyPro)

- Email address

- Password (encrypted, never stored in plain text)

- Full name

- Account creation date

- Professional credentials (HearifyPro only: AuD, PhD, SLP-CCC)

- Clinic name and contact information (HearifyPro only)

#### Profile Information (HearifyV1)

- Patient name (optional)

- Enrollment date

- Clinician linkage code (if linking to HearifyPro)

- Baseline assessment scores

- Practice preferences and settings

#### Practice Data (HearifyV1)

- Voice recordings during speech practice sessions

- Practice session history (dates, times, duration)

- Exercise types completed

- Accuracy scores and performance metrics

- Word lists and custom practice materials

- Phoneme-specific performance data

- Background noise settings and preferences

- Playback speed preferences

- Volume settings

#### Gamification Data (HearifyV1)

- Current and longest practice streaks

- Level and experience points (XP)

- Total points earned

- Badges and achievements unlocked

- Daily goal progress

- Word/sentence/conversation completion counts

- Perfect score counts

#### Custom Content (HearifyV1)

- Custom word lists you create

- Practice lists and repetition settings

- Uploaded custom words or sentences

- Notes or preferences

### 2.2 Information Automatically Collected

#### Usage Data

- App features accessed and frequency

- Session duration and timestamps

- Screen views and navigation patterns

- Button clicks and user interactions

- Error logs and crash reports

- Performance metrics (load times, rendering)

#### Device Information

- Device model and manufacturer

- Operating system version (iOS)

- Device unique identifiers (IDFV)

- Screen resolution and size

- Device language and region settings

- App version and build number

- Network connection type (WiFi, cellular)

#### Analytics Data

- Aggregated usage statistics

- Feature adoption rates

- Session analytics

- Cohort analysis (anonymized groups)

- A/B test participation (if applicable)

### 2.3 Information from Third-Party Services

#### Firebase (Google Cloud Platform)

- Authentication data

- Cloud Firestore database storage

- Cloud Storage for files (PDFs, reports)

- Analytics and crash reporting

- See Google's Privacy Policy: https://policies.google.com/privacy

#### CloudKit (Apple iCloud)

- Synchronized practice data

- Backup and restore data

- See Apple's Privacy Policy: https://www.apple.com/legal/privacy/

#### Apple Speech Recognition

- Voice audio for transcription (processed on-device when possible)

- Speech recognition results

- See Apple's Privacy Policy for Speech Recognition

### 2.4 Sensitive Health Information

**We may collect health-related information that could be protected under HIPAA:**

- Hearing assessment data

- Speech recognition accuracy (may indicate hearing loss severity)

- Auditory discrimination abilities

- Phoneme confusion patterns

- Progress over time (may indicate treatment effectiveness)

- Baseline and current performance metrics

**Important:** If you are a healthcare provider subject to HIPAA, you may need a Business Associate Agreement (BAA) before using HearifyPro. Contact us at veerchopra28@gmail.com.

### 2.5 State-Specific Health Data Disclosures

#### Washington State (My Health My Data Act)

If you are a Washington resident, you have specific rights regarding your health data:

- **Right to access:** You can request access to your health data

- **Right to delete:** You can request deletion of your health data

- **Right to withdraw consent:** You can withdraw consent for data collection at any time

- **No sale of health data:** We do not sell health data to third parties

#### Nevada Health Data Privacy

Nevada residents: We do not sell your health-related data as defined under Nevada law. You have the right to opt out of any future sales of health data, though we do not engage in such sales.

## 3. HOW WE USE YOUR INFORMATION

### 3.1 Primary Purposes

#### To Provide and Improve Services

- Create and manage your account

- Deliver practice exercises and feedback

- Calculate scores, streaks, and progress

- Synchronize data across devices

- Generate progress reports and analytics

- Personalize practice recommendations

- Improve speech recognition accuracy

- Develop new features and exercises

#### To Enable Patient-Clinician Connection

- Generate linking codes for patient-clinician pairing

- Share patient practice data with linked clinicians

- Allow clinicians to monitor patient progress

- Enable report generation and export

- Facilitate clinical oversight and guidance

#### To Communicate with You

- Send account notifications

- Provide customer support

- Send practice reminders (if enabled)

- Notify about app updates

- Respond to inquiries and requests

- Send important service announcements

### 3.2 Research and Development

We may use anonymized, aggregated data to:

- Conduct research on auditory rehabilitation

- Improve speech recognition algorithms

- Develop new training methodologies

- Publish academic research (no personal identifiers)

- Share insights with the medical community

**We do not sell your personal data for monetary consideration.**

### 3.3 Legal and Safety Purposes

We may use or disclose information when:

- Required by law or legal process

- Necessary to enforce our Terms of Service

- To protect rights, property, or safety

- To prevent fraud or security threats

- In connection with business transfers (merger, acquisition)

## 4. HOW WE SHARE YOUR INFORMATION

### 4.1 With Your Consent

#### Linked Clinicians (HearifyV1 → HearifyPro)

When you link your HearifyV1 account to a clinician's HearifyPro account:

- **What they see:** Practice sessions, accuracy scores, progress metrics, gamification data, custom word lists, session history

- **What they can do:** View reports, export data, monitor progress

- **What they cannot do:** Modify your data, access your password, access other apps on your device

- **You control:** You can unlink at any time through account settings

#### Data Export

You can export your data via:

- Email (to yourself or clinician)

- Messages

- Files app

- PDF reports

- You control who receives exported data

### 4.2 Service Providers

We share data with third-party service providers who help us operate:

#### Cloud Infrastructure

- **Firebase/Google Cloud:** Data storage, authentication, analytics

- **Apple CloudKit:** iCloud synchronization and backup

- **Purpose:** Reliable cloud storage and synchronization

- **Protections:** Data Processing Agreements, encryption in transit and at rest

**IMPORTANT - HIPAA Compliance:**

Hearify has executed a **Business Associate Agreement (BAA)** with Google/Firebase for all cloud services that may handle Protected Health Information (PHI). This BAA ensures that Firebase complies with HIPAA requirements for safeguarding your health data, including:

- Encryption of data in transit and at rest

- Access controls and audit logging

- Breach notification procedures

- Data retention and deletion obligations

- Compliance with HIPAA Security and Privacy Rules

This means your health information is protected by HIPAA-compliant infrastructure when stored in Firebase/Google Cloud.

#### Analytics and Performance

- **Firebase Analytics:** Usage patterns, crash reports

- **Apple Analytics:** App Store performance metrics

- **Purpose:** Improve app quality and user experience

- **Protections:** Anonymized when possible

### 4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets:

- User data may be transferred as part of the transaction

- We will notify you before your data is transferred

- The new entity must honor this Privacy Policy

- You will have the option to delete your account

### 4.4 Legal Requirements

We may disclose information if required:

- By court order, subpoena, or legal process

- To comply with applicable laws and regulations

- To protect our legal rights

- To investigate fraud or security issues

- To protect user safety

### 4.5 Aggregated and Anonymized Data

We may share anonymized, aggregated data that cannot identify you:

- Academic research publications

- Industry reports and whitepapers

- Public presentations at conferences

- Partner organizations for research purposes

## 5. DATA SECURITY

### 5.1 Security Measures

We implement industry-standard security measures:

#### Encryption

- **In Transit:** Industry-standard TLS encryption for all network communication

- **At Rest:** Strong encryption for stored data

- **Passwords:** Secure hashing with salt (never stored in plain text)

#### Access Controls

- Role-based access control (RBAC)

- Multi-factor authentication (where available)

- Minimum necessary access principle

- Regular access audits

#### Infrastructure Security

- Secure cloud hosting (Firebase, CloudKit)

- Regular security updates and patches

- Intrusion detection and monitoring

- DDoS protection

- Regular security audits

#### Application Security

- Secure coding practices

- Input validation and sanitization

- Protection against common vulnerabilities (OWASP Top 10)

- Regular code reviews

- Penetration testing (periodic)

### 5.2 Limitations

**No security is 100% foolproof.** While we implement reasonable security measures:

- We cannot guarantee absolute security

- You are responsible for keeping your password secure

- You should not share your account credentials

- Report any security concerns immediately

### 5.3 Data Breach Response

If a data breach occurs:

- We will investigate promptly

- Affected users will be notified as required by applicable law

- We will take steps to mitigate harm

- We will report to authorities as required by law

## 6. YOUR PRIVACY RIGHTS

You have the following rights regarding your personal data:

### 6.1 Access and Export

- View your practice history, scores, and analytics within the app

- Export your data using in-app export features (PDF format)

- Request a copy of your data by emailing veerchopra28@gmail.com

### 6.2 Update and Correct

- Update your account information through app settings

- Request corrections by emailing veerchopra28@gmail.com

### 6.3 Delete Your Data

**How to delete your account:**

1. Go to Settings → Account → Delete Account, or

2. Email veerchopra28@gmail.com with a deletion request

**Important:** Deletion is permanent and cannot be undone. Some anonymized data may be retained for legal compliance.

### 6.4 Control Data Sharing

- Unlink from clinicians at any time through app settings

- Disable analytics in Settings → Privacy (where available)

- Manage notifications through device settings

**Note:** Depending on your location, you may have additional privacy rights under applicable state or federal laws. Contact us at veerchopra28@gmail.com for questions about your specific rights.

## 7. CHILDREN'S PRIVACY (COPPA)

### 7.1 Age Requirements

Hearify is **NOT intended for children under 13** without parental consent.

### 7.2 Parental Consent

If under 18:

- Parent or guardian must provide consent

- Parent can review and delete child's data

- Parent can refuse further collection

### 7.3 Children's Data

We do not knowingly collect data from children under 13 without parental consent.

- If we discover unauthorized collection, we will delete it promptly

- Parents can contact us at veerchopra28@gmail.com

## 8. DATA RETENTION

### 8.1 How Long We Keep Data

| Data Type | Retention Period |

|-----------|-----------------|

| Account information | Until account deletion + 90 days |

| Practice session data | Until account deletion + 90 days |

| Voice recordings | Deleted after processing (unless saved) |

| Crash logs | 90 days |

| Anonymized analytics | Indefinitely |

| Backup data | 90 days |

| Legal/compliance data | As required by law (typically 7 years) |

### 8.2 Reasons for Retention

We retain data to:

- Provide ongoing Services

- Comply with legal obligations

- Resolve disputes

- Enforce agreements

- Improve Services

### 8.3 After Deletion

When you delete your account:

- Active data deleted within 30 days

- Backups deleted within 90 days

- Anonymized data may be retained

- Legal compliance data retained as required

## 9. COOKIES AND TRACKING

### 9.1 Cookies (Web Version, if applicable)

We may use cookies for:

- Session management

- User authentication

- Analytics

- Preferences

### 9.2 Mobile Tracking

Our mobile apps may use:

- **Device Identifiers:** IDFV (not IDFA by default)

- **Analytics SDKs:** Firebase Analytics

- **Crash Reporting:** Firebase Crashlytics

### 9.3 Your Choices

You can:

- Disable analytics in app settings

- Use iOS "Limit Ad Tracking" setting

- Reset device identifiers

## 10. CHANGES TO THIS PRIVACY POLICY

### 10.1 Updates

We may update this Privacy Policy:

- As Services evolve

- To comply with new laws

- To improve transparency

### 10.2 Notice of Changes

We will notify you of material changes:

- In-app notification

- Email notification (if provided)

- Updated "Last Updated" date

### 10.3 Continued Use

Continued use after changes constitutes acceptance of the updated Privacy Policy.

## 11. CONTACT US

### 11.1 Privacy Inquiries

For questions about this Privacy Policy or your privacy rights:

**Email:** veerchopra28@gmail.com

**Data Deletion Requests:** veerchopra28@gmail.com

**Security Concerns:** veerchopra28@gmail.com

### 11.2 Company Information

**Company Name:** Hearify, Inc.

**Address:** [To Be Determined]

**Phone:** Contact via email

**Website:** https://sites.google.com/view/hearifyinformation/home

## 12. ACKNOWLEDGMENT

By using Hearify, you acknowledge that:

- You have read and understood this Privacy Policy

- You consent to the collection and use of information as described

- You understand your privacy rights

- You know how to exercise your rights

---

**Copyright © 2025-2026 Hearify, Inc. All Rights Reserved.**

**Hearify™, HearifyV1™, and HearifyPro™ are trademarks of Hearify, Inc.**

Version 2.0 - February 19, 2026

**Last Reviewed:** February 19, 2026