Privacy Policy
Your Privacy Matters: HeartLab is designed with privacy at its core. Your health data stays on your device and is never uploaded to our servers without your explicit consent.
1. Introduction
HeartLab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how HeartLab ("the App") collects, uses, and protects your personal information.
By using HeartLab, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.
2. Data Controller
The data controller responsible for your personal data is:
- Company: HeartLab
- Email: hello@heartlab.it
- Website: heartlab.it
3. Information We Collect
3.1 Health Data (Special Category Data)
HeartLab accesses and processes the following health data from Apple HealthKit:
- ECG Recordings: Electrocardiographic data from your Apple Watch
- Heart Rate Data: Heart rate measurements and variability
- Rhythm Classification: Apple's ECG classification results
Important: This data is processed locally on your device. We do not upload, store, or have access to your raw ECG data on our servers.
3.2 Health Profile Information
If you choose to create a health profile, you may provide:
- Age and biological sex
- Height and weight
- Pre-existing medical conditions (optional)
- Current medications (optional)
- Family medical history (optional)
- Sports activity level (optional)
3.3 Account Information
If you create an account, we collect:
- Email address
- Authentication credentials (securely hashed)
- Sign in with Apple identifier (if used)
3.4 Usage Data
We may collect anonymized usage data to improve the App, including:
- App feature usage patterns
- Crash reports and error logs
- Device type and iOS version
4. How We Use Your Information
We use your information for the following purposes:
- ECG Analysis: To provide detailed analysis of your ECG recordings locally on your device
- AI Assistant: When you use the AI feature, selected ECG data is sent to OpenAI for analysis (only with your explicit action)
- Personalization: To customize insights based on your health profile
- App Improvement: To fix bugs and improve app performance
- Support: To respond to your inquiries and provide customer support
5. Data Storage and Security
5.1 On-Device Storage
The majority of your data is stored locally on your device:
- ECG recordings remain in Apple HealthKit
- Analysis results are cached locally
- Journal entries are stored on-device
5.2 Cloud Storage
Limited data may be stored in our secure cloud infrastructure (Supabase):
- User account information
- Subscription status
- App preferences and settings
5.3 Security Measures
We implement industry-standard security measures:
- End-to-end encryption for data in transit
- Secure authentication with Apple Sign In support
- Face ID / Touch ID integration for app access
- Regular security audits
6. Third-Party Services
HeartLab uses the following third-party services:
6.1 Apple HealthKit
We access your ECG data through Apple HealthKit. Apple's privacy policy applies to data stored in HealthKit.
6.2 OpenAI (AI Assistant)
When you use the AI assistant feature, your ECG data and questions are processed by OpenAI. This data transmission occurs only when you explicitly request AI analysis. OpenAI's data processing is governed by their privacy policy.
6.3 RevenueCat (Subscriptions)
We use RevenueCat to manage subscriptions. They process payment information through Apple's App Store. We do not have access to your payment card details.
6.4 Supabase (Authentication & Storage)
User accounts and preferences are managed through Supabase, which provides secure, GDPR-compliant data storage.
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Receive your data in a portable format
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at hello@heartlab.it.
8. Data Retention
We retain your data according to the following policies:
- Account Data: Until you delete your account
- Health Data: Stored locally until you delete the app or clear data
- Usage Analytics: Anonymized and retained for up to 24 months
You can delete your account and all associated data at any time through the app settings.
9. Children's Privacy
HeartLab is not intended for use by children under 17 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Services certified under recognized data protection frameworks
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
- Posting the new policy in the App
- Updating the "Last updated" date
- Sending an email notification for material changes
12. Data Protection Authority
If you have concerns about our data processing, you have the right to lodge a complaint with a supervisory authority. For EU residents:
Italian Data Protection Authority (Garante)
Piazza Venezia 11
00187 Rome, Italy
www.garanteprivacy.it
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: hello@heartlab.it
- Support: hello@heartlab.it
- Website: heartlab.it
Remember: HeartLab is NOT a medical device and does not provide medical diagnoses. Always consult a qualified healthcare professional for medical advice.