Privacy Policy

1. Introduction

Heartitly (“we,” “us,” or “our”) operates the Heartitly mobile application (the “App”). This Privacy Policy explains how we collect, use, store, and protect your information when you use our App.

By using Heartitly, you agree to the practices described in this policy. If you do not agree with this policy, please do not use the App.

Important: Heartitly is a blood pressure recording tool. It does NOT measure blood pressure using your device's sensors and is NOT a medical device. See Section 10 for our full medical disclaimer.

2. Information We Collect

Information You Provide

• Blood pressure readings (systolic and diastolic values, pulse)
• Measurement context (which arm, body position, before or after medication)
• Notes attached to individual readings
• Account information (name and email address) when you create an account
• Language preference

Information Collected Automatically

• Timestamps of when readings are recorded
• Basic app usage analytics and crash reports to help us improve reliability
• Subscription status (managed by RevenueCat on our behalf)

Information We Do NOT Collect

• Location data
• Contacts or call logs
• Advertising identifiers
• Biometric data — the App records blood pressure values that you enter manually; it does not measure blood pressure using your device's sensors

3. How We Use Your Information

We use your information to:

• Provide and maintain the App's core functionality — storing and displaying your blood pressure readings
• Generate statistics and trend visualizations from your readings
• Enable family sharing when you choose to share your data with others
• Sync your readings with Apple Health (HealthKit) or Google Health Connect when you grant permission
• Generate PDF export reports of your readings
• Authenticate your account and keep your data secure
• Improve the App and fix bugs

We do NOT use your health data for advertising, marketing, or any purpose other than providing the App's features to you.

4. Data Storage and Security

• Account data is stored in a PostgreSQL database hosted by Supabase, our infrastructure provider
• All data in transit is encrypted using TLS (Transport Layer Security)
• Data at rest is encrypted by our infrastructure provider
• Authentication tokens are stored on your device using the platform's application storage
• The App may temporarily cache recent readings on your device for faster loading. This cache is cleared when you sign out or delete your account.
• If you use the App offline, pending readings are stored locally on your device and synced to the server when connectivity is restored.

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Apple HealthKit and Google Health Connect

The App can read and write blood pressure data to Apple HealthKit (iOS) and Google Health Connect (Android) only with your explicit permission.

• HealthKit and Health Connect data is used solely to sync your blood pressure readings between Heartitly and your device's health ecosystem
• We do NOT store HealthKit or Health Connect data in iCloud or any cloud storage beyond our standard data infrastructure
• We do NOT use HealthKit or Health Connect data for advertising or marketing purposes
• We do NOT sell HealthKit or Health Connect data to third parties
• You can revoke HealthKit or Health Connect permissions at any time through your device's Settings

6. Family Sharing

• You can choose to share your blood pressure data with family members by generating an invite code within the App
• Shared data is read-only — family members can view your readings but cannot modify or delete them
• You control who has access and can revoke sharing at any time

7. Feedback

When you submit feedback through the App, we receive your message along with your email address, app version, and device platform. This data is sent directly to our inbox and is used solely to improve the App and respond to your inquiry.

8. Third-Party Services

We use the following third-party services:

• Supabase — Our infrastructure provider for database hosting and user authentication
• RevenueCat — Subscription management. RevenueCat processes your subscription status but does not access your health data.
• Apple HealthKit / Google Health Connect — Platform health data APIs, used only with your explicit permission
• Google Sign-In / Apple Sign-In — Authentication providers for account creation and login

We do NOT sell, rent, or share your personal or health data with third-party advertisers, data brokers, or any other commercial entities.

9. Your Rights and Controls

• Access: View all your blood pressure data at any time within the App
• Export: Generate PDF reports of your readings to share with your healthcare provider
• Edit & Delete: Edit any reading's values, context, or notes. Delete individual readings at any time.
• Account Deletion: Delete your entire account and all associated data from Profile settings. Account deletion is permanent and irreversible.
• Sharing Control: Add or remove family members from your sharing list at any time
• Health Permissions: Grant or revoke HealthKit / Health Connect access through your device's Settings at any time

10. Medical Disclaimer

• Heartitly is NOT a medical device
• The App does NOT measure blood pressure. It only records blood pressure values that you enter manually or that sync from Apple Health / Google Health Connect.
• Blood pressure categories displayed in the App are based on general medical guidelines (AHA/ESH) and are for informational purposes only
• The App does NOT provide medical advice, diagnosis, or treatment recommendations
• Always consult a qualified healthcare professional for medical advice
• In case of a medical emergency, contact your local emergency services immediately

11. Children's Privacy

Heartitly is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by updating the “Last updated” date at the top of this page.