Get Started

Privacy Policy

Last updated: June 15, 2025

1. Introduction

CardioGuard ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Name and email address (account registration)
  • Date of birth and gender (health profile)
  • Device identifiers and IP address
  • Usage analytics and app interaction data

2.2 Health Data

CardioGuard collects sensitive health data to provide its core monitoring services:

  • ECG waveform recordings and heart rate measurements
  • AI analysis results and anomaly classifications
  • Health event history and alert records
  • Device connection and sensor metadata

Health data is classified as Protected Health Information (PHI) under HIPAA and Special Category Data under GDPR. We apply the highest level of protection to this data.

3. How We Use Your Information

  • Provide, maintain, and improve the CardioGuard service
  • Perform AI-based ECG analysis via the MedGemma model
  • Send health alerts and notifications
  • Generate clinical reports and health trends
  • Ensure service security and prevent fraud
  • Comply with legal and regulatory obligations
  • Conduct anonymized, aggregated research to improve detection accuracy (with your consent)

4. Data Storage & Security

4.1 Local Storage

CardioGuard uses an offline-first architecture. Your ECG data is stored locally on your device using encrypted SQLite databases with WAL journal mode. This ensures data availability even without internet connectivity.

4.2 Cloud Synchronization

When you enable cloud sync, data is transmitted using TLS 1.3 encryption and stored in encrypted form on our servers. Synchronization uses a background queue with automatic retry logic — no data is lost during connectivity interruptions.

4.3 Security Measures

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Regular security audits and penetration testing
  • SOC 2 Type II certification (in progress)
  • Role-based access controls for staff

5. HIPAA Compliance

CardioGuard is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect PHI. For enterprise customers, we offer Business Associate Agreements (BAAs) upon request.

6. GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right of Access — Request copies of your personal data
  • Right to Rectification — Request correction of inaccurate data
  • Right to Erasure — Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing — Request limitation of data processing
  • Right to Data Portability — Request transfer of your data in a machine-readable format
  • Right to Object — Object to processing based on legitimate interests

To exercise any of these rights, please contact us at privacy@cardioguard.ai. We will respond within 30 days.

7. Data Retention

We retain your personal and health data for as long as your account is active or as needed to provide services. Local data retention is configurable in the app settings. Upon account deletion, all cloud-stored data is permanently erased within 30 days.

8. Third-Party Services

We may share limited data with the following third parties:

  • Google (MedGemma AI) — ECG data is sent to Google's MedGemma model for clinical analysis. Data is processed in real-time and not retained by Google.
  • Cloud Infrastructure — Encrypted data is stored on industry-standard cloud providers.
  • Analytics — Anonymized usage data for service improvement. No health data is shared with analytics providers.

9. Children's Privacy

CardioGuard is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact our Data Protection Officer: