Privacy Policy
CardioVa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use the CardioVa application ("the App").
1. Information We Collect
Health Data: Blood pressure readings, glucose readings, pulse, HbA1c, cholesterol, weight, medications, meal logs, and related context tags (e.g., "fasting," "post-meal") that you voluntarily enter into the App.
Account Information: Name, date of birth, gender, height, weight, email address, and phone number provided during registration.
Device Information: Device type, operating system, browser type, and app version for troubleshooting and optimization.
Usage Data: Feature usage patterns, screen views, and interaction data to improve the App experience. This data is anonymized and cannot identify you personally.
2. How We Use Your Information
- To provide core App functionality: logging, tracking, trends, and insights
- To generate personalized health insights and Health Score calculations
- To create health reports for sharing with your healthcare provider
- To send medication reminders and health alerts you have enabled
- To improve and optimize the App experience
- To provide customer support
3. Data Storage and Security
Your health data is stored securely using industry-standard encryption. Data at rest is encrypted using AES-256, and all data in transit uses TLS 1.2 or higher.
When using the App offline, data is stored locally on your device and synced to our secure servers when connectivity is restored.
We use Supabase (built on PostgreSQL) with Row-Level Security (RLS) policies, ensuring that only you can access your own health data.
4. Data Sharing
We do not sell your health data. We will never sell, rent, or trade your personal health information to third parties for marketing or advertising purposes.
We may share data only in these limited circumstances:
- With your consent: When you explicitly share a health report with your doctor or caregiver
- Caregiver access: If you grant a family member or caregiver access through the Caregiver feature
- Legal requirements: If required by law, court order, or government regulation
- Service providers: With trusted third-party services that help us operate the App (e.g., cloud hosting, analytics), under strict data processing agreements
5. Your Rights
You have the right to:
- Access: View all personal data we hold about you
- Export: Download your health data in CSV or PDF format at any time
- Correction: Update or correct any inaccurate personal information
- Deletion: Delete your account and all associated data permanently through Settings > Data & Account > Delete Account
- Portability: Receive your data in a structured, commonly used format
- Withdraw consent: Disable optional data processing (e.g., usage analytics) at any time
6. Cookies and Tracking
The CardioVa web app uses minimal local storage for essential functionality (authentication tokens, user preferences, language settings). We do not use third-party advertising cookies or trackers.
7. Children's Privacy
CardioVa is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at support@cardiova.app.
8. International Data Transfers
CardioVa operates globally. Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws, including GDPR.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. The "Last updated" date at the top of this page indicates when this Policy was last revised.
10. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Email: support@cardiova.app