Privacy Policy

Last Updated: January 6, 2026

This Privacy Policy explains how Heart AI (“the App”, “we”, “us”, “our”) collects, uses, stores, and protects information when you use the App. This policy is intended for users in North America and the European Economic Area / United Kingdom (EEA/UK) and is designed to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR).

By using Heart AI, you confirm that you have read and understood this Privacy Policy.

1. Overview

• Heart rate measurements and health records are stored locally on your device by default. We do not upload your health data to our servers unless explicitly stated in the App and initiated by you.

• Heart AI does not sell personal data.

• Heart AI does not integrate any third-party analytics, advertising, attribution, or tracking SDKs at this time.

• Limited device and usage data may be processed internally to ensure app stability and performance.

• You may contact us regarding privacy matters at: heart_ai@yeah.net

2. Data Controller

For purposes of the GDPR and other applicable data protection laws, Heart AI acts as the data controller for the personal data processed as described in this Privacy Policy.

3. Information We Process

3.1 Information You Provide Voluntarily

You may choose to provide the following information while using the App:

• Profile and preference information, such as age range, gender, height, weight, lifestyle habits, and similar wellness-related inputs.

• Notes or labels attached to measurements. Please do not enter personally identifiable or sensitive information (e.g., your name, address, phone number, or medical record numbers).

• Support communications, including your email address and the content of messages you send when contacting us.

3.2 Health and Measurement Data

When you use Heart AI to measure or log data, the App may process:

• Heart rate values and timestamps

• Additional wellness metrics supported by the App that you choose to record, such as stress or energy estimates, HRV-related values, blood pressure logs, or blood oxygen logs (if available in your version)

Storage method: All health and measurement data is stored locally on your device.

Sharing: We do not access, collect, or share this data remotely unless:

• you actively export or share it using device-level tools, or

• a specific feature clearly informs you that data transmission is required and you choose to use it.

3.3 Camera Access (If Used for Measurement)

Heart AI may request access to your device’s camera to enable camera-based heart rate measurement.

• Camera access is used solely for measurement functionality.

• The App does not access or store photos or videos from your camera roll.

• You may revoke camera permission at any time in your device settings. Measurement features may not function without this permission.

3.4 Device and Usage Information

To maintain functionality, security, and performance, Heart AI may process limited technical information, including:

• Device model and operating system version

• App version and basic feature interaction data

• Session timestamps and crash or error diagnostics

• IP address (used only for approximate location, security, and operational purposes)

This information is used to detect errors, improve stability, and enhance the user experience. It is not used for advertising or cross-app tracking.

3.5 Subscription and Purchase Information

Heart AI offers paid subscription features.

• Payments are processed by the app store provider (e.g., Apple). We do not receive or store your full payment card details.

• We may process limited subscription-related information necessary to provide paid features, such as:

  • subscription status (active/expired),

  • product identifiers,

  • purchase or renewal timestamps,

  • store-provided transaction identifiers.

This information is used solely to manage access to paid features, prevent fraud, and respond to support requests.

4. Purposes of Processing

We process information for the following purposes:

1. To provide core App functionality

2. To maintain and improve performance, reliability, and security

3. To respond to user inquiries and support requests

4. To manage subscriptions and paid feature access

5. To comply with applicable legal obligations

5. Legal Bases for Processing (EEA/UK)

Where the GDPR applies, we rely on the following legal bases:

• Contract performance: to deliver the App features and subscription services you request.

• Legitimate interests: to ensure security, prevent misuse, and improve the App, without overriding your rights.

• Consent: where required by law (for example, if optional features require it).

• Legal obligation: where processing is required by applicable laws or regulations.

6. Data Sharing

Heart AI does not sell or rent personal data. We do not share personal data with third parties for advertising, analytics, or marketing purposes. Information may be disclosed only in the following limited circumstances:

• Legal requirements: if required by law, court order, or lawful government request.

• Safety and rights protection: to protect users, the App, and our legal rights.

• Business transfers: in the event of a merger, acquisition, or asset sale, subject to applicable legal safeguards.

7. International Data Transfers

We may process information in jurisdictions outside your country of residence. Where required, we apply appropriate safeguards to ensure data protection consistent with applicable laws, including the GDPR.

8. Data Retention

• Health and measurement data remain on your device until you delete them or uninstall the App.

• Support communications are retained only as long as necessary to address your request and maintain reasonable records.

• Technical diagnostic data is retained only for operational and security purposes and for no longer than necessary.

9. Your Rights

9.1 EEA / UK Users

You may have the right to:

• access your personal data

• correct inaccurate data

• request deletion or restriction of processing

• object to certain processing

• request data portability (where applicable)

• withdraw consent at any time where processing is based on consent

• lodge a complaint with a data protection authority

9.2 United States Users

Depending on your state of residence, you may have rights to:

• request access to certain personal information

• request correction or deletion (subject to legal exceptions)

• opt out of certain data uses where applicable

• receive equal service regardless of exercising privacy rights

Heart AI does not sell personal information.

9.3 How to Exercise Rights

To submit a privacy request, please email: heart_ai@yeah.net

Please include sufficient information to allow us to verify your request. Note that if certain data exists only on your device, you can delete it directly within the App or by uninstalling it.

10. Security

We use reasonable technical and organizational measures to protect personal data. However, no electronic transmission or storage method is completely secure, and we cannot guarantee absolute security.

11. Children’s Privacy

Heart AI is not intended for children under 16 years of age (or the minimum age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact heart_ai@yeah.net.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the “Last Updated” date above. Continued use of the App after changes become effective constitutes acceptance of the updated policy to the extent permitted by law.

13. Contact

For questions or concerns regarding this Privacy Policy, please contact:
heart_ai@yeah.net